From wollman@khavrinen.lcs.mit.edu  Thu Feb  8 12:52:25 1996
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.26.0.162])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id MAA26161
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 8 Feb 1996 12:52:18 -0800 (PST)
Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.7.3/8.6.6) id PAA07154; Thu, 8 Feb 1996 15:52:09 -0500 (EST)
Message-Id: <199602082052.PAA07154@khavrinen.lcs.mit.edu>
Date: Thu, 8 Feb 1996 15:52:09 -0500 (EST)
From: "Garrett A. Wollman" <wollman@khavrinen.lcs.mit.edu>
Reply-To: wollman@khavrinen.lcs.mit.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: Kerberized su has poor password interface
X-Send-Pr-Version: 3.2

>Number:         1006
>Category:       bin
>Synopsis:       Kerberized su has poor password interface
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    markm
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb  8 13:00:02 PST 1996
>Closed-Date:    Sat Mar 9 07:16:03 PST 1996
>Last-Modified:  Sat Mar  9 09:05:39 PST 1996
>Originator:     Garrett Wollman
>Release:        FreeBSD 2.2-CURRENT i386
>Organization:
MIT Laboratory for Computer Science
>Environment:

	Any version of FreeBSD since 2.0.

>Description:

	The Kerberized su program will only accept a vaild Kerberos su
	password when it prompts for a password.  In order to use UNIX
	or S/Key authentication, it is necessary to error out the
	first password prompt in order to get to one that accepts the
	right password.

>How-To-Repeat:

	$ su

>Fix:
	
	Do a better job of integrating Kerberos into su.  In
	particular, the Kerberized su should not attempt to read its
	own password, but should instead wait for the S/Key and UNIX
	routines to error and then use the same password as was
	previously entered as the Kerberos password.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->markm 
Responsible-Changed-By: wollman 
Responsible-Changed-When: Thu Feb 8 13:00:52 PST 1996 
Responsible-Changed-Why:  
Kerberos is markm's area. 
State-Changed-From-To: open->analyzed 
State-Changed-By: markm 
State-Changed-When: Mon Feb 12 13:09:28 PST 1996 
State-Changed-Why:  
I can see how to do this, and have started doin the work. Gimme a couple 
of days and I'll have something. 
State-Changed-From-To: analyzed->closed 
State-Changed-By: markm 
State-Changed-When: Sat Mar 9 07:16:03 PST 1996 
State-Changed-Why:  
I have recoded the kerberos interface for this util. It works better now. 
>Unformatted:
Garrett A. Wollman
