Is there a fix available for CAN-2003-0190

Sergio Gelato Sergio.Gelato at
Thu Dec 23 23:28:10 EST 2004

* Senthil Kumar [2004-12-23 17:18:58 +0530]:
> Sergio Gelato wrote;
> >I see that the rest of that function has an "if (problem) goto out;" after
> >every krb5 library call. Doesn't that also introduce measurable time
> >differences? Interesting.
> I wrote a test case with expect to measure the time difference for valid 
> and invalid user with the same workaround as said before. It seems to have 
> same amount of delay.

I've been thinking a little more about this, and suspect (but haven't 
actually verified) that this may depend on how your realm is set up.
> Also the `if (problem) goto out;`  loop doesn't introduce a time 
> difference, bcoz the  krb5 library call krb5_get_init_creds_password() 
> fails for both validuser+badpasswd and invaliduser+badpasswd. 

Yes, but in some setups the validuser+badpassword may involve an extra
round-trip to the KDC. I'm thinking of situations in which the principal
is marked "requires-preauth" and the client krb5 library doesn't take the
initiative of sending the PA-DATA in the first request. Arguably this
should be fixed by telling the client libkrb5 to always send PA-DATA,
so it isn't necessarily something OpenSSH should concern itself with.

[Note also that if the attacker knows that Kerberos is involved and can 
talk directly to the KDC, (s)he can find out which principals exist a lot
more easily than through ssh.]

> So I like to know whether the removal of authctxt->valid checking in 
> auth-krb5.c have any other impact.

Well, Darren seems willing to vouch for the fact that authctxt->pw will 
contain safe data, now and in future versions. If that's the case, 
moving the authctxt->valid check to the out: block at the end of the 
function should be OK. I was going to suggest that the fake authctxt->pw
be chosen to imply a valid Kerberos principal, but on second thought it's
probably better to resolve any timing differences at the krb5.conf 
(library configuration) level so that other applications may also benefit.

More information about the openssh-unix-dev mailing list