Subject: Re: login leaks information w/ skeys
To: Martin J. Laubach <>
From: Hubert Feyrer <>
List: tech-security
Date: 07/28/2000 02:12:17
  by with SMTP; 28 Jul 2000 00:11:57 -0000
	by (8.10.1/8.10.1) with ESMTP id e6S0BI309860;
	Fri, 28 Jul 2000 02:11:19 +0200 (MET DST)
Date: Fri, 28 Jul 2000 02:12:17 +0200 (MET DST)
From: Hubert Feyrer <>
To: "Martin J. Laubach" <>
Subject: Re: login leaks information w/ skeys
In-Reply-To: <>
Message-ID: <>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On 27 Jul 2000, Martin J. Laubach wrote:
>   Our login process leaks information:

Here's another one:

NetBSD/sparc64 (delphi) (console)

login: -foo
user names may not start with '-'.
NetBSD/sparc64 (delphi) (console)

login: +bar
Jul 27 11:40:01 delphi login: Device not configured when initializing
Kerberos context

This is *not* specific to that machine's port, I've also tried it on
1.5_ALPHA/i386. The reason why '-' is special-cased is probably NIS
handling (I have 'passwd: files' in /etc/nsswitch.conf, not compat). 

 - Hubert

NetBSD - because Unix isn't just #include <linux.h>, i386, ILP32, ELF, ...!