Pam module leaks information

Darren Tucker dtucker at zip.com.au
Wed Jul 20 12:10:55 EST 2005 

Senthil Kumar wrote:
> When I run the PAM test harness with sshd and telnet I got diff. results 
> and its given below,
> with sshd:
> ./a.out -u senthil -s sshd
> $Id: pam-test-harness.c,v 1.24 2005/07/18 14:10:35 dtucker Exp $
> conversation struct {conv=0x4001900, appdata_ptr=0x400006cc}
> pam_start(sshd, senthil, &conv, &pamh) = 0 (Success)
> pam_set_item(pamh, PAM_TTY, "/dev/pts/ta") = 0 (Success)
> pam_set_item(pamh, PAM_RHOST, "pluto") = 0 (Success)
> pam_set_item(pamh, PAM_RUSER, "root") = 0 (Success)
> pam_authenticate(pamh, 0)
>    conversation called with 1 messages data 0x400006cc
>        PROMPT_ECHO_OFF: Password: correct password        (No Time delay)
>    conversation called with 1 messages data 0x400006cc
>        ERROR_MSG: Your password will expire on Wed Jul 20 17:53:18 GMT 2005
> = 0 (Success)
> pam_acct_mgmt(pamh, 0) = 7 (Permission denied)
> pam_end(pamh, 0) = 0 (Success)
> 
> with telnet:
> ./a.out -u senthil -s telnetd

I'm not sure about HP-UX but you might need to use the "login" service.

> $Id: pam-test-harness.c,v 1.24 2005/07/18 14:10:35 dtucker Exp $
> conversation struct {conv=0x4001900, appdata_ptr=0x400006cc}
> pam_start(telnetd, senthil, &conv, &pamh) = 0 (Success)
> pam_set_item(pamh, PAM_TTY, "/dev/pts/ta") = 0 (Success)
> pam_set_item(pamh, PAM_RHOST, "pluto") = 0 (Success)
> pam_set_item(pamh, PAM_RUSER, "root") = 0 (Success)
> pam_authenticate(pamh, 0)
>    conversation called with 1 messages data 0x400006cc
>        PROMPT_ECHO_OFF: Password:  correct password.        (Time delay)
> = 9 (Authentication failed)
> pam_end(pamh, 0) = 0 (Success)

PAM is behaving differently in these cases, either because the service 
configuration is different or your PAM module is doing some kind of 
magic.  (note that in the sshd case, the authentication succeeds but the 
account check fails, whereas in the telnetd case the authentication fails).

You said earlier password auth exhibits the delay as expected, can you 
confirm that?

The output from "pam-test-harness -s sshd" is consistent with what 
you're observing in keyboard-interactive, ie there's no delay because 
PAM isn't inserting one.  If password auth isn't behaving the same way 
(remembering that it uses the same PAM service name) then I have no idea 
what's going on...

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list