Question on Kerberos (GSSAPI) auth

Douglas E Engert deengert at gmail.com
Wed Jan 18 04:57:41 AEDT 2017



On 1/16/2017 2:09 PM, Ron Frederick wrote:
> I’m working on an implementation of “gssapi-with-mic” authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I’ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462. Specifically, RFC 4462 says the following in section 3.4:
>
>    Since the user authentication process by its nature authenticates
>    only the client, the setting of mutual_req_flag is not needed for
>    this process.  This flag SHOULD be set to "false".

Note it says "SHOULD" not "MUST". Previous versions of SSH clients and mods to OpenSSH
have always set mutual_req_flag.

>
> However, when I try to have my implementation not set this flag and just send a GSSAPI_TOKEN message immediately followed by a GSSAPI_MIC message without waiting for a server token (since the authentication is complete as soon as the client token is sent when mutual auth is disabled), I get a failure from OpenSSH:
>

 From the above comment, you are assuming that there will be no other tokens exchanged.

After the gss_init_sec_context, you need to send any token from gss_init_sec_context
and if the status in not complete (or not an error) wait to receive the next token and call gss_init_sec_context
in a loop.

GSS is not Kerberos specific and some other gss mechanisms will exchange multiple tokens.


> Failed gssapi-with-mic for ronf from 74.93.13.193 port 64645 ssh2
>
> If I turn on mutual authentication in my client context (going against the recommendation in the RFC) and wait for a token to come back from the server before I send the GSSAPI_MIC message, the authentication succeeds.
>
> Looking at the OpenSSH source code, I see that it always unconditionally enables mutual authentication in the client contexts it allocates. In ssh_gssapi_init_ctx, it does the following:
>
>         ctx->major = gss_init_sec_context(&ctx->minor,
>             GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
>             GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
>             0, NULL, recv_tok, NULL, send_tok, flags, NULL);
>
> I don’t see anything in the RFC 4462 errata about this recommendation having changed. Does anyone know why OpenSSH enables this? It makes sense for GSSAPI key exchange (which OpenSSH doesn’t seem to implement), but not for GSSAPI authentication.
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>



More information about the openssh-unix-dev mailing list