Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!apple!agate!shelby!zaphod.prime.com!doug
From: doug@zaphod.prime.com (Douglas S. Rand)
Newsgroups: comp.protocols.kerberos
Subject: kinit security
Message-ID: <8908291448.AA01144@zaphod.prime.com>
Date: 29 Aug 89 14:48:39 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 8

If you give kinit a non-existant principal it immediately gives an
error message. Do people think that it should ask for a password anyway
to prevent discrimination of an invalid principal from a bad password? 
I know this is not that interesting on UNIX where the password file
tends to be readable anyway.

Cheers,
Doug Rand <doug@primerd.prime.com>