From owner-freebsd-bugs  Thu Feb  8 13:00:15 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id NAA26731
          for bugs-outgoing; Thu, 8 Feb 1996 13:00:15 -0800 (PST)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id NAA26705
          Thu, 8 Feb 1996 13:00:13 -0800 (PST)
Resent-Date: Thu, 8 Feb 1996 13:00:13 -0800 (PST)
Resent-Message-Id: <199602082100.NAA26705@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org,
        wollman@khavrinen.lcs.mit.edu
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.26.0.162])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id MAA26161
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 8 Feb 1996 12:52:18 -0800 (PST)
Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.7.3/8.6.6) id PAA07154; Thu, 8 Feb 1996 15:52:09 -0500 (EST)
Message-Id: <199602082052.PAA07154@khavrinen.lcs.mit.edu>
Date: Thu, 8 Feb 1996 15:52:09 -0500 (EST)
From: "Garrett A. Wollman" <wollman@khavrinen.lcs.mit.edu>
Reply-To: wollman@khavrinen.lcs.mit.edu
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/1006: Kerberized su has poor password interface
Sender: owner-bugs@freebsd.org
Precedence: bulk


>Number:         1006
>Category:       bin
>Synopsis:       Kerberized su has poor password interface
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb  8 13:00:02 PST 1996
>Last-Modified:
>Originator:     Garrett Wollman
>Organization:
MIT Laboratory for Computer Science
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:

	Any version of FreeBSD since 2.0.

>Description:

	The Kerberized su program will only accept a vaild Kerberos su
	password when it prompts for a password.  In order to use UNIX
	or S/Key authentication, it is necessary to error out the
	first password prompt in order to get to one that accepts the
	right password.

>How-To-Repeat:

	$ su

>Fix:
	
	Do a better job of integrating Kerberos into su.  In
	particular, the Kerberized su should not attempt to read its
	own password, but should instead wait for the S/Key and UNIX
	routines to error and then use the same password as was
	previously entered as the Kerberos password.
>Audit-Trail:
>Unformatted:
Garrett A. Wollman