Bug 1419491

Summary: [RFE] add option to change effect when entering password
Product: Red Hat Enterprise Linux 7 Reporter: Marek Haicman <mhaicman>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 7.3CC: dpal, pkis
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-26 20:31:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Haicman 2017-02-06 10:40:29 UTC 
Description of problem:
Current implementation of kinit does not echo any character when entering password. From my perspective, this has security implications - by not giving user ANY feedback, it is more prone for leaking password.

Simple exemplary situation - wrong window focused, on different monitor.


Proposal:
Provide user with option to enable echoing asterisks, as usual, or cycle through few characters to show activity, without giving password length in easy way. (for example randomly print one of the characters .oO :) )

Version-Release number of selected component (if applicable):
krb5-workstation-1.14.1-27.el7_3.x86_64
Comment 2 Robbie Harwood 2017-02-06 17:31:03 UTC 
This is how most password tools on unix-likes (e.g., passwd and friends) behave, so there isn't a very large impetus to change this behavior.  Certainly the default will not change.