[Bug 975] Kerberos authentication timing can leak information about account validity
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 20 22:20:21 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=975
------- Additional Comments From senthilkumar_sen at hotpop.com 2005-01-20 22:20 -------
Created an attachment (id=778)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=778&action=view)
Patch for Kerberos timing difference for Valid and Invalid user
For PAM-Passwd Authentication with KerberosAuthentication being set to yes,
there exists a time difference for valid user and invalid user. The attached
patch fixes that. I am asked to move the authctxt->valid check to out block in
auth-krb5.c in the mailing lists but I think it is not necessary.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list