Bug 154781

Summary:	app-crypt/heimdal-0.7.2-r3: kinit echos password
Product:	Gentoo Linux	Reporter:	Martin von Gagern <Martin.vGagern>
Component:	Current packages	Assignee:	Gentoo Kerberos Maintainers <kerberos>
Status:	RESOLVED INVALID
Severity:	normal
Priority:	High
Version:	2006.0
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	emerge --info

Description Martin von Gagern 2006-11-11 03:01:56 UTC

I just installed heimdal on my notebook and found out that the password is printed on my screen as I type.

A detail that might have the same source: there is no space after the colon of the "Password for PRINCIPAL:" prompt, where on systems where kinit does not show the password there is a space between the colon and the cursor when entering the password.

Looking at the sources and grepping for "Password for", I see that heimdal-0.7.2/appl/ftp/ftp/kauth.c uses des_read_pw_string to read the password, which belongs to my dev-libs/openssl-0.9.8d. I also see that all this should be used only fpr KRB4, but the krb4 USE flag is unset on my system. So I don't know where this password prompt does come from.

Comment 1 Martin von Gagern 2006-11-11 03:02:36 UTC

Created attachment 101665 [details]
emerge --info

Comment 2 Martin von Gagern 2006-11-11 06:24:10 UTC

Sorry there. I just found out that I've been using the kinit binary from dev-java/sun-jdk-1.5.0.08 not from app-crypt/heimdal-0.7.2-r3. Reason was a historic ~/.gentoo/java sourced by my .bashrc.

When I explicitely call /usr/bin/kinit, I can enter my password hidden.
Afterwards I get "krb5_get_init_creds: No ENC-TS found", but that looks rather like a configuration problem somewhere, so it probably isn't a bug, and it definitely isn't this "bug" here.