Pam module leaks information
Senthil Kumar
senthilkumar_sen at hotpop.com
Wed Jul 20 02:28:49 EST 2005
Darren wrote:
> That's a bit suspicious, are they checking the PAM service name or
> something? Or is it password -> delay -> close connection?
password,delay and close connection.
> I added a timestamp option (-v) to my PAM test harness, this may help
> show where the delays are ocurring:
> http://www.zip.com.au/~dtucker/patches/#pamtest
When I run the PAM test harness with sshd and telnet I got diff. results and
its given below,
with sshd:
./a.out -u senthil -s sshd
$Id: pam-test-harness.c,v 1.24 2005/07/18 14:10:35 dtucker Exp $
conversation struct {conv=0x4001900, appdata_ptr=0x400006cc}
pam_start(sshd, senthil, &conv, &pamh) = 0 (Success)
pam_set_item(pamh, PAM_TTY, "/dev/pts/ta") = 0 (Success)
pam_set_item(pamh, PAM_RHOST, "pluto") = 0 (Success)
pam_set_item(pamh, PAM_RUSER, "root") = 0 (Success)
pam_authenticate(pamh, 0)
conversation called with 1 messages data 0x400006cc
PROMPT_ECHO_OFF: Password: correct password (No Time delay)
conversation called with 1 messages data 0x400006cc
ERROR_MSG: Your password will expire on Wed Jul 20 17:53:18 GMT 2005
= 0 (Success)
pam_acct_mgmt(pamh, 0) = 7 (Permission denied)
pam_end(pamh, 0) = 0 (Success)
with telnet:
./a.out -u senthil -s telnetd
$Id: pam-test-harness.c,v 1.24 2005/07/18 14:10:35 dtucker Exp $
conversation struct {conv=0x4001900, appdata_ptr=0x400006cc}
pam_start(telnetd, senthil, &conv, &pamh) = 0 (Success)
pam_set_item(pamh, PAM_TTY, "/dev/pts/ta") = 0 (Success)
pam_set_item(pamh, PAM_RHOST, "pluto") = 0 (Success)
pam_set_item(pamh, PAM_RUSER, "root") = 0 (Success)
pam_authenticate(pamh, 0)
conversation called with 1 messages data 0x400006cc
PROMPT_ECHO_OFF: Password: correct password. (Time delay)
= 9 (Authentication failed)
pam_end(pamh, 0) = 0 (Success)
For invalid passwd, both sshd and telnet have delay.
Thanks,
Senthil Kumar.
More information about the openssh-unix-dev
mailing list