Bug 975 - Kerberos authentication timing can leak information about account validity
Summary: Kerberos authentication timing can leak information about account validity
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Kerberos support (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL: http://marc.theaimsgroup.com/?l=opens...
Keywords:
Depends on:
Blocks: V_4_4
  Show dependency treegraph
 
Reported: 2005-01-20 20:45 AEDT by Darren Tucker
Modified: 2006-09-28 19:25 AEST (History)
0 users

See Also:

Attachments
Patch for Kerberos timing difference for Valid and Invalid user (341 bytes, patch)
2005-01-20 22:20 AEDT, senthilkumar 		no flags Details | Diff
check authctxt->valid on return too (669 bytes, patch)
2005-01-27 18:24 AEDT, Darren Tucker 		no flags Details | Diff
pass real username through to kerberos (560 bytes, patch)
2005-11-21 20:48 AEDT, Darren Tucker 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darren Tucker 2005-01-20 20:45:14 AEDT 
There is apparently a difference in behaviour in the Kerberos code for existing
vs nonexistent users.  See the thread in the URL.

To summarise the thread:

Senthil Kumar said:
> I tested [with the patch in bug #971 - dt] OpenSSH-3.9p1 with the following
> options in sshd configuration
> 
> ChallengeResponseAuthentication `no`
> KerberosAuthentication `yes`
> passwordauthentication `yes`
> 
> but it shows difference in time for the appearance of password prompts for 
> both valid and invalid users. The code shows PAM-password Authentication is 
> not attempted when KerberosAuthentication is enabled. So by disabling 
> kerberosAuthentication there is no difference in time for the appearance of 
> password prompts for both valid and invalid users (ie.both cases have 
> considerable amount of delay).

Later testing showed that the early return in auth-krb5.c when !authctxt->valid
is the cause of the difference.
Comment 1 senthilkumar 2005-01-20 22:20:20 AEDT 
Created attachment 778 [details]
Patch for Kerberos timing difference for Valid and Invalid user

For PAM-Passwd Authentication with KerberosAuthentication being set to yes,
there exists a time difference for valid user and invalid user. The attached
patch fixes that. I am asked to move the authctxt->valid check to out block in
auth-krb5.c in the mailing lists but I think it is not necessary.
Comment 2 Darren Tucker 2005-01-27 18:24:23 AEDT 
Created attachment 790 [details]
check authctxt->valid on return too

I think it's safer to check authctxt->valid anyway in case, eg in case the user
is listed in DenyUsers.
Comment 3 Simon Wilkinson 2005-07-07 01:14:07 AEST 
I can't see any problem with dtucker's second patch.
Comment 4 Darren Tucker 2005-11-21 20:48:47 AEDT 
Created attachment 1029 [details]
pass real username through to kerberos

patch #790 applied, thanks to all.

djm also pointed out that we should probably pass the real name through to kerberos too, like so (untested).
Comment 5 Darren Tucker 2006-02-13 22:55:34 AEDT 
For the record, the main part of this bug was fixed and is in 4.3x.

The only remaining part is patch #1029 which I'm not in a position to judge the merit of.  Maybe we should close this bug?
Comment 6 Darren Tucker 2006-02-26 12:40:26 AEDT 
I asked Simon and David Leonard about patch #1029 and they're undecided on it.

Since the main part of this bug is fixed I'm closing this bug.  If it becomes obvious what to do with the NOUSER thing then we can address it separately.
Comment 7 Darren Tucker 2006-09-28 19:25:30 AEST 
With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .