From deuerl@bugsy.indra.de  Thu Aug 13 06:49:10 1998
Received: from bugsy.indra.de (bugsy.indra.de [193.158.1.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA29859
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 13 Aug 1998 06:49:09 -0700 (PDT)
          (envelope-from deuerl@bugsy.indra.de)
Received: (from deuerl@localhost)
	by bugsy.indra.de (8.8.8/8.8.8) id OAA05352;
	Thu, 13 Aug 1998 14:00:19 GMT
	(envelope-from deuerl)
Message-Id: <199808131400.OAA05352@bugsy.indra.de>
Date: Thu, 13 Aug 1998 14:00:19 GMT
From: Robert Deuerling <deuerl@bugsy.indra.de>
Reply-To: deuerl@bugsy.indra.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: typed-in password visible
X-Send-Pr-Version: 3.2

>Number:         7604
>Category:       misc
>Synopsis:       typed-in password visible when to fast
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 13 06:50:00 PDT 1998
>Closed-Date:    Thu Aug 13 23:44:20 PDT 1998
>Last-Modified:  Wed Oct 26 05:45:16 GMT 2005
>Originator:     Robert Deuerling
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
>Environment:

 any Hardware

>Description:

 if you're to fast and type in the password before the
password-prompt is there, your Password will be displayed.
This can occur, if you've enabled kerberos support, but there's no
server in your lan and so there's a small delay during username input and
the password prompt.... 

>How-To-Repeat:

 e.g. setup kerberos support, but  have no server there.
then type-in your username and quickly afterwards your password.
The keys typed in till the password-prompt comes up are beeing
displayed... think this is a bad thing ;)

>Fix:

no idea.. haven't looked at the code yet
	
	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Thu Aug 13 23:44:20 PDT 1998 
State-Changed-Why:  
Don't do that then... 
Seriously: there is no way to guarantee that there will not be a delay 
between you pressing enter and the next scheduling of the program, so this 
problem is unfixable.  While typeahead is convenient, you should never do 
it with passwords 
>Unformatted:
