bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] One time password


From: Derek Robert Price
Subject: Re: [PATCH] One time password
Date: Tue, 19 Aug 2003 15:00:27 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark D. Baushke wrote:
[ . . . ]

|That said, a new feature that ties prompting for a password soley to the
|keyboard seems undesirable to me.
|
|Given that even PGP allows the user to have the passphrase read from a
|socket, I suspect that some kind of non-tty input is desirable to make
|this feature as flexible as may be desired.
|
|For example, gpg has the option:
|
|       --passphrase-fd n
|                 Read the passphrase from file descriptor  n.  If
|                 you  use  0  for  n, the passphrase will be read
|                 from stdin.     This can only be  used  if  only
|                 one  passphrase  is  supplied.   Don't  use this
|                 option if you can avoid it.
|
|I would think that the NULL_PASSWORD mechanism might be able to do
|something similar. Of course, the password prompt would have to be
|to some place that could potentially be read externally, such as
|STDERR.
|
|Having such a hook is not always needed, but having it might make this
|feature more useful. And the possibility of an administrator mandating
|no srambled passwords be saved seems plausable if the transport for the
|passwords between the client and server could ever be encrypted with
|something like a simple Diffie-Helman key exchange or as complex as a
|full TLS credential exchange to verify that the server is not a
|man-in-the-middle.

[ . . . ]

| For my part, I think it might want another paragraph of documentation
|
|discussing why reading from either the /dev/tty or a named pipe or open
|file descriptor is not a good idea for this new feature.
|
|The documentation is also not 100% clear that the server is preparing a
|message for the client that is to be displayed as a part of the password
|prompt...


Brian, are you willing to address Mark's concerns?

|It would be well to know exactly how the new server protocol
|works and interoprates with older clients and servers so that when folks
|run into problems it will be more clear what is wrong.


An older client should report: `unrecognized auth response from
<hostname>: prompt-secret <actual-prompt>'.  From src/client.c:

~    ...
~    else if (strcmp (read_buf, "I LOVE YOU") == 0)
~    {
~        free (read_buf);
~        break;
~    }
~    else
~    {
~        error (1, 0,
~               "unrecognized auth response from %s: %s",
~               root->hostname, read_buf);
~    }
~    free (read_buf);
~    ...

Derek

- --
~                *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
- --
170. If you try to fail, and succeed, which have you done?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/QnPKLD1OTBfyMaQRArStAJ9TeC3XuG/NtUzWS0tCOjxsSWTgAwCg06Aq
FJgj40HA8D/w5IpewzqniJQ=
=opo9
-----END PGP SIGNATURE-----






reply via email to

[Prev in Thread] Current Thread [Next in Thread]