From owner-freebsd-current Sun Mar 10 22:44:18 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id WAA07987 for current-outgoing; Sun, 10 Mar 1996 22:44:18 -0800 (PST) Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id WAA07971 for ; Sun, 10 Mar 1996 22:44:08 -0800 (PST) Received: from grumble.grondar.za (mark@localhost [127.0.0.1]) by grumble.grondar.za (8.7.4/8.7.3) with ESMTP id IAA02287; Mon, 11 Mar 1996 08:43:31 +0200 (SAT) Message-Id: <199603110643.IAA02287@grumble.grondar.za> To: Adam David cc: mark@grondar.za (Mark Murray), freebsd-current@freebsd.org Subject: Re: HEADS UP! Please check... Date: Mon, 11 Mar 1996 08:43:29 +0200 From: Mark Murray Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Adam David wrote: > > No. tell it not to use kerberos with `su -K'. > > Yes, I have been doing that. It was just a surprise to see the change in this > behaviour for the case without the -K. I would expect it to ask for a normal > password when kerberos is present but not available (for whatever reason). Or > is this considered a security feature, to require non-kerberos handling to be > explicitly requested?... but in that case why did the previous version ask fo r > the password twice at all? The original Kerberos intgration was done in a bit of a hurry :-). If you have the pre-change code, have a look at it. There is one major call to Kerberos in main(), and it was squeezed in with a minimum of integration effort. If that call fails (for whatever reason), the code drops through to the original logic. This call was "wrapped" around the original logic, and had its own password prompt, resulting in the possibility of two prompts. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key