Date: Wed, 12 Apr 1995 11:50:29 -0700 From: Paul Traina <pst@Shockwave.COM> To: security@FreeBSD.org, wollman@FreeBSD.org Subject: one way of fixing the kerberos/skey interaction Message-ID: <199504121850.LAA24509@precipice.shockwave.com>
index | next in thread | raw e-mail
*** login.c Sat Jan 14 19:14:10 1995
--- /tmp/login.c Wed Apr 12 11:49:45 1995
***************
*** 274,279 ****
--- 274,290 ----
if (pwd) {
#ifdef KERBEROS
+ #ifdef SKEY
+ /*
+ * Do not allow user to type in kerberos password
+ * over the net (actually, this is ok for encrypted
+ * links, but we have no way of determining if the
+ * link is encrypted.
+ */
+ if (!permit_password) {
+ rval = 1; /* failed */
+ } else
+ #endif
rval = klogin(pwd, instance, localhost, p);
if (rval != 0 && rootlogin && pwd->pw_uid != 0)
rootlogin = 0;
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504121850.LAA24509>