On Wed, Dec 22, 2010 at 10:31 AM, <[email protected]> wrote: > ftp://ftp.hurderos.org/pub/Hurdo/Hurdo-0.1.0.tar.gz >
Revisiting this. In my followup idea on having the server initiate the request for the fresh credential, any thoughts on how to present a secure UI to the user so that he knows this is ACTUALLY a local password request and not something being mocked up by a compromised server? With the client-initiated escape sequence, I think it's less of a concern since as long as the client software is not tampered with the user has a guarantee that they are actually entering their password locally. And if the client software IS tampered with, then all bets are off anyway. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
