|
| From: | Brian Murphy |
| Subject: | Re: PATCH - one time password/always prompt for password |
| Date: | Thu, 31 Jul 2003 23:15:06 +0200 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529 |
Derek Robert Price wrote:
I still think I like prompting after a failed attempt to use an empty password better. Is there any reason this would be incompatible with PAM? It is only adding functionality - I don't see why anyone would get upset about the change. It simplifies the client side code a bit too, in addition to not requiring a new command-line option.
Well there might be a limit on the attempts allowed, you might get locked out?
You didn't. You set it to "", which has a strlen of 0 and should cause memset to do nothing. Comment the password = "" assignment if you like, if we end up settling on this method.
Right, but now I have changed it to say "D" instead and you don't want to zero that. Cautious programming
rarely hurts.
If we don't settle on trying the empty password, then how about "N", for NULL?
It's a deal. /Brian
| [Prev in Thread] | Current Thread | [Next in Thread] |