Hi Russ, On Do 15 Aug 2013 00:05:14 CEST Russ Allbery wrote:
Mike Gabriel <[email protected]> writes:on my server I run Kerberos. For some reasons, I have to SSH to it to simply call kinit and then I can use the server in other contexts.That strikes me as a problem that's worth fixing some other way. It sounds like you have programs there that you're running that need a local ticket cache, and ticket forwarding would generally be a much better solution to your problem.
Guess you are right here.
So what I do then is...ssh -l<user> <server> kinitI am then requested to enter the password for that server's realm. Once I do that, I can see every single character of the password printed to stdout (i.e. to the console) readable for everyone who peers over my shoulder.Like any other enter-password-dialog I would expect that nothing passwordish I type gets printed with the terminal window.If you ssh to run a single command instead of starting an interactive session, I don't believe a full tty is allocated, which means that kinit doesn't have full terminal control. I don't believe there's any way for kinit to disable echo in that situation.
So, do I get it right that we need to tag this as a wontfix or even close this bug?
Greets+Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpp94ImnPalb.pgp
Description: Digitale PGP-Unterschrift
