[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PATCH - one time password/always prompt for password

From: Brian Murphy
Subject: Re: PATCH - one time password/always prompt for password
Date: Thu, 31 Jul 2003 23:15:06 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529

Derek Robert Price wrote:

I still think I like prompting after a failed attempt to use an empty password better. Is there any reason this would be incompatible with PAM? It is only adding functionality - I don't see why anyone would get upset about the change. It simplifies the client side code a bit too, in addition to not requiring a new command-line option.

Well there might be a limit on the attempts allowed, you might get locked out?

You didn't. You set it to "", which has a strlen of 0 and should cause memset to do nothing. Comment the password = "" assignment if you like, if we end up settling on this method.

Right, but now I have changed it to say "D" instead and you don't want to zero that. Cautious programming
rarely hurts.

If we don't settle on trying the empty password, then how about "N", for NULL?

It's a deal.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]