krb5-clients/1075: kpasswd with heimdal kdc and preauthentication
leo@strike.wu-wien.ac.at
leo at strike.wu-wien.ac.at
Thu Mar 21 13:22:46 EST 2002
>Number: 1075
>Category: krb5-clients
>Synopsis: kpasswd fails to decode ticket when using preauthentication and a heimdal kdc
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Mar 21 13:23:00 EST 2002
>Last-Modified:
>Originator: Alexander Bergolth
>Organization:
Vienna University of Economy and Business Administration
>Release: krb5-1.2.2
>Environment:
Linux, heimdal KDC, kadmin/changepw has preauth flag set
System: Linux spare.wu-wien.ac.at 2.4.9-21SGI_XFS_1.0.2 #1 Fri Jan 25 14:53:36 CET 2002 i686 unknown
Architecture: i686
>Description:
When I'm trying to use MIT kpasswd to change a password on a Heimdal server, I'm getting the
following error:
$ /usr/kerberos/bin/kpasswd leo
Password for leo at WU-WIEN.AC.AT:
/usr/kerberos/bin/kpasswd: Password incorrect while getting initial ticket
A packet dump using ethereal shows the following sequence:
(The frame number counts the packets that are sent over the net as
counted by ethereal)
1) Frame 1: kpasswd sends AS-REQ for kadmin/changepw
2) Frame 2: server replies preauth required
3) kpasswd prompts for a password
4) Frame 3: kpasswd sends AS-REQ for kadmin/changepw using
preauthentication
5) Frame 4: server responds with the ticket (type: des3-cbc-sha1)
6) Frame 5: kpasswd sends another AS-REQ for kadmin/changepw, now again
without preauth!
7) Frame 6: server replies preauth required
8) Frame 7: kpasswd sends AS-REQ for kadmin/changepw using
preauthentication
9) server again replies with a ticket
10) kpasswd prints the above error
I've debugged kpasswd and found out that it expects des-cbc-md5 in decrypt_as_reply as
encoding but it gets a des3-cbc-sha1 encoded ticket instead. (In krb5_c_decrypt key->enctype
is 3 (=ENCTYPE_DES_CBC_MD5) and input->enctype is 16 (=ENCTYPE_DES3_CBC_SHA1).)
(krb5_do_preauth returned ENCTYPE_DES_CBC_MD5 as_key and etype)
However, the request contained three encodings: des3-cbc-sha1, des-cbc-md5 and des-cbc-crc
(the default if default_tkt_enctypes is not set). Hence I believe that it is legal to use
des3-cbc-sha1.?
The full dump in pcap-format for reading with ethereal can be found at
http://leo.kloburg.at/krb5/kpasswd-mit.dump
Using heimdal's kpasswd works fine. (It starts to communicate with
kpasswdd after step 5).
MIT kpasswd also works if the preauth flag is cleared from kadmin/changepw.
Additional information:
Principal: leo at WU-WIEN.AC.AT
Principal expires: never
Password expires: never
Last password change: never
Max ticket life: 1 day 1 hour
Max renewable life: unlimited
Kvno: 10
Mkvno: 0
Policy: none
Last successful login: never
Last failed login: never
Failed login count: 0
Last modified: 2002-03-19 17:48:59 UTC
Modifier: leo at WU-WIEN.AC.AT
Attributes:
Keytypes(salttype[(salt-value)]): des-cbc-md5(pw-salt()), des-cbc-md4(pw-salt()),
des-cbc-crc(pw-salt()), des3-cbc-sha1(pw-salt), des-cbc-md5(pw-salt), des-cbc-md4(pw-salt),
des-cbc-crc(pw-salt)
Principal: kadmin/changepw at WU-WIEN.AC.AT
Principal expires: never
Password expires: never
Last password change: never
Max ticket life: 5 minutes
Max renewable life: 5 minutes
Kvno: 1
Mkvno: 0
Policy: none
Last successful login: never
Last failed login: never
Failed login count: 0
Last modified: 2002-03-15 11:27:57 UTC
Modifier: kadmin/admin at WU-WIEN.AC.AT
Attributes: pwchange-service, requires-pre-auth, disallow-proxiable,
disallow-renewable, disallow-tgt-based, disallow-forwardable, disallow-postdated
Keytypes(salttype[(salt-value)]): des-cbc-crc(pw-salt), des-cbc-md4(pw-salt),
des-cbc-md5(pw-salt), des3-cbc-sha1(pw-salt)
KDC log:
Mar 19 18:49:10 spare kdc[4206]: AS-REQ leo at WU-WIEN.AC.AT from IPv4:137.208.89.101 for
kadmin/changepw at WU-WIEN.AC.AT
Mar 19 18:49:10 spare kdc[4206]: No PA-ENC-TIMESTAMP -- leo at WU-WIEN.AC.AT
Mar 19 18:49:10 spare kdc[4206]: sending 270 bytes to IPv4:137.208.89.101
Mar 19 18:49:12 spare kdc[4206]: AS-REQ leo at WU-WIEN.AC.AT from IPv4:137.208.89.101 for
kadmin/changepw at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: Looking for pa-data -- leo at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: Pre-authentication succeded -- leo at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: Using des3-cbc-sha1/des3-cbc-sha1
Mar 19 18:49:12 spare kdc[4206]: sending 578 bytes to IPv4:137.208.89.101
Mar 19 18:49:12 spare kdc[4206]: AS-REQ leo at WU-WIEN.AC.AT from IPv4:137.208.89.101 for
kadmin/changepw at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: No PA-ENC-TIMESTAMP -- leo at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: sending 270 bytes to IPv4:137.208.89.101
Mar 19 18:49:12 spare kdc[4206]: AS-REQ leo at WU-WIEN.AC.AT from IPv4:137.208.89.101 for
kadmin/changepw at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: Looking for pa-data -- leo at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: Pre-authentication succeded -- leo at WU-WIEN.AC.AT
Mar 19 18:49:12 spare kdc[4206]: Using des3-cbc-sha1/des3-cbc-sha1
Mar 19 18:49:12 spare kdc[4206]: sending 578 bytes to IPv4:137.208.89.101
>How-To-Repeat:
Use a Heimdal KDC (maybe it also works with a MIT KDC?), turn on requires-pre-auth
and try to change a password using MIT kpasswd.
>Fix:
A dirty workaround is to turn off preauthentication.
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list