[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] One time password
From: |
Derek Robert Price |
Subject: |
Re: [PATCH] One time password |
Date: |
Tue, 19 Aug 2003 15:00:27 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark D. Baushke wrote:
[ . . . ]
|That said, a new feature that ties prompting for a password soley to the
|keyboard seems undesirable to me.
|
|Given that even PGP allows the user to have the passphrase read from a
|socket, I suspect that some kind of non-tty input is desirable to make
|this feature as flexible as may be desired.
|
|For example, gpg has the option:
|
| --passphrase-fd n
| Read the passphrase from file descriptor n. If
| you use 0 for n, the passphrase will be read
| from stdin. This can only be used if only
| one passphrase is supplied. Don't use this
| option if you can avoid it.
|
|I would think that the NULL_PASSWORD mechanism might be able to do
|something similar. Of course, the password prompt would have to be
|to some place that could potentially be read externally, such as
|STDERR.
|
|Having such a hook is not always needed, but having it might make this
|feature more useful. And the possibility of an administrator mandating
|no srambled passwords be saved seems plausable if the transport for the
|passwords between the client and server could ever be encrypted with
|something like a simple Diffie-Helman key exchange or as complex as a
|full TLS credential exchange to verify that the server is not a
|man-in-the-middle.
[ . . . ]
| For my part, I think it might want another paragraph of documentation
|
|discussing why reading from either the /dev/tty or a named pipe or open
|file descriptor is not a good idea for this new feature.
|
|The documentation is also not 100% clear that the server is preparing a
|message for the client that is to be displayed as a part of the password
|prompt...
Brian, are you willing to address Mark's concerns?
|It would be well to know exactly how the new server protocol
|works and interoprates with older clients and servers so that when folks
|run into problems it will be more clear what is wrong.
An older client should report: `unrecognized auth response from
<hostname>: prompt-secret <actual-prompt>'. From src/client.c:
~ ...
~ else if (strcmp (read_buf, "I LOVE YOU") == 0)
~ {
~ free (read_buf);
~ break;
~ }
~ else
~ {
~ error (1, 0,
~ "unrecognized auth response from %s: %s",
~ root->hostname, read_buf);
~ }
~ free (read_buf);
~ ...
Derek
- --
~ *8^)
Email: derek@ximbiot.com
Get CVS support at <http://ximbiot.com>!
- --
170. If you try to fail, and succeed, which have you done?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
iD8DBQE/QnPKLD1OTBfyMaQRArStAJ9TeC3XuG/NtUzWS0tCOjxsSWTgAwCg06Aq
FJgj40HA8D/w5IpewzqniJQ=
=opo9
-----END PGP SIGNATURE-----
- [PATCH] One time password, Brian Murphy, 2003/08/18
- Re: [PATCH] One time password, Mark D. Baushke, 2003/08/19
- Re: [PATCH] One time password, Derek Robert Price, 2003/08/22
- Re: [PATCH] One time password, Mark D. Baushke, 2003/08/22
- Re: [PATCH] One time password,
Derek Robert Price <=
- Re: [PATCH] One time password, Brian Murphy, 2003/08/20
- Re: [PATCH] One time password, Brian Murphy, 2003/08/21
- Re: [PATCH] One time password, Brian Murphy, 2003/08/22
- Re: [PATCH] One time password, Brian Murphy, 2003/08/22