Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m3PLofHW001304; Fri, 25 Apr 2008 17:50:41 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m3PLoaJx007077; Fri, 25 Apr 2008 17:50:36 -0400 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m3PLnO2s006784 for ; Fri, 25 Apr 2008 17:49:24 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id m3PLnNeN019791 for ; Fri, 25 Apr 2008 17:49:23 -0400 (EDT) Received: from horobi.mit.edu (HOROBI.MIT.EDU [18.152.0.132]) (authenticated bits=56) (User authenticated as jmorzins@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id m3PLnMTr012903 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 25 Apr 2008 17:49:23 -0400 (EDT) Received: (from jmorzins@localhost) by horobi.mit.edu (8.12.9.20060308) id m3PLnMgN007025; Fri, 25 Apr 2008 17:49:22 -0400 Message-ID: <200804252149.m3PLnMgN007025@horobi.mit.edu> From: Jacob Morzinski To: kfw-bugs@mit.edu Subject: KfW should not display my password in LRUPrincipals X-Mailer: MH-E 7.82; nmh 1.0; GNU Emacs 21.4.1 Date: Fri, 25 Apr 2008 17:49:22 -0400 X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Fri, 25 Apr 2008 17:50:35 -0400 X-Beenthere: kfw-bugs@mit.edu X-Mailman-Version: 2.1.6 Precedence: list List-ID: public entry point for KfW RT queue List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kfw-bugs-bounces@mit.edu Errors-To: kfw-bugs-bounces@mit.edu X-RT-Original-Encoding: iso-8859-1 Content-Length: 1989 Hello! I think the design of the Net ID Manager has a bug, and am writing in the hope that design can be improved. Summary ======== Please give the Network Identity Manager a way to clear or edit the list of Recently Used Principals. I typo'd my password into the Username field, and was disturbed to see the password saved there forever, with no way to clear it from the list. Context ======== I'm using Kerberos for Windows 3.2.2 NetIDMgr's menu for Help > About says "NetIDMgr 1.3.1.0" I have Windows XP SP2 Details ======== KfW opened the "New credentials" dialog window on my computer. I glanced at it, quickly typed my password and pressed the Enter key. I got a "Decrypt integrity check failed" error. The error probably means that input focus had been in the "username" field and not the password field. Ok, I can retype, no problem... ...wait. Argh. The program keeps a saved list of "usernames", and it saved my password. I can find no way to clear list of saved usernames. My password is immortalized in the list of recently-typed usernames. Great. Digging around the registry, I found the key HKCU\Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters which lets remove my password by editing "LRUPrincipals". I shouldn't need to go registry-diving for this. Can the NetIDMgr be improved to allow me to remove entries from the LRUPrincipals list? One suggestion for the design of this would be to have a UI element visible in the drop-down list itself -- perhaps the list of saved usernames can have a separator at the bottom, and then an entry for "clear this list" or "edit this list". Or perhaps something in the preferences windows would work. I'm not a GUI designer, and perhaps an actual designer would have better suggestions. Thanks for reading, and I hope NetIDMgr can be persuaded to stop saving typo'd passwords. Regards, -Jacob -- Jacob Morzinski Client Support Services Information Services and Technology