Ticket History #1324: kdc logs bogus error for enc timestamp wrong passwd

# Thu Jan 16 00:34:49 2003 Jered Floyd <jered@convivian.com> - Ticket created

To:	krb5-bugs@mit.edu
Subject:	client failures upgrading from 1.2.3 to 1.2.7
From:	Jered Floyd <jered@convivian.com>
Date:	16 Jan 2003 00:34:43 -0500

Download (untitled) / with headers
text/plain 3.4KiB

Somewhere between krb5-1.2.3 and krb5-1.2.7, Cyrus saslauthd using
Kerberos 5 for password verification (yes, I know the reasons that I
shouldn't do this; it's a fallback for SSL users). The kdc logs
the following:

Jan 16 00:25:38 noisybox krb5kdc[16932]: AS_REQ (3 etypes {16 1 3}) 140.239.226.142(88): NEEDED_PREAUTH: jered@CONVIVIAN.COM for krbtgt/CONVIVIAN.COM@CONVIVIAN.COM, Additional pre-authentication required
Jan 16 00:25:38 noisybox krb5kdc[16932]: preauth (timestamp) verify failure: No matching key in entry
Jan 16 00:25:38 noisybox krb5kdc[16932]: AS_REQ (3 etypes {16 1 3}) 140.239.226.142(88): PREAUTH_FAILED: jered@CONVIVIAN.COM for krbtgt/CONVIVIAN.COM@CONVIVIAN.COM, Preauthentication failed
Jan 16 00:25:38 noisybox krb5kdc[16932]: DISPATCH: repeated (retransmitted?) request from 140.239.226.142 port 88, resending previous response
Jan 16 00:25:38 noisybox krb5kdc[16932]: preauth (timestamp) verify failure: No matching key in entry
Jan 16 00:25:38 noisybox krb5kdc[16932]: AS_REQ (3 etypes {16 1 3}) 140.239.226.142(88): PREAUTH_FAILED: jered@CONVIVIAN.COM for krbtgt/CONVIVIAN.COM@CONVIVIAN.COM, Preauthentication failed
Jan 16 00:25:38 noisybox saslauthd[13564]: auth_krb5: krb5_get_init_creds_password

This appears to be identical to newly-occuring problems for Windows client
users (currently unresolved?) as documented at:
http://mailman.mit.edu/pipermail/kerberos/2002-April/000617.html
http://www.mail-archive.com/kerberos@mit.edu/msg02724.html
http://www.mail-archive.com/kerberos@mit.edu/msg02783.html

kinit functions normally. kinit and saslauthd use nearly identical
calls to krb5_get_init_creds_password:

kinit:
code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
0, kinit_prompter, 0,
opts->starttime,
opts->service_name,
&options);

saslauthd:
if (krb5_get_init_creds_password(context, &creds,
auth_user, password, NULL, NULL,
0, NULL, &opts)) {

I see a potential culprit. Between 1.2.3 and 1.2.7, there is a
single change to kdc_preauth.c:
--- krb5-1.2.3/src/kdc/kdc_preauth.c Wed Jan 9 17:27:28 2002
+++ krb5-1.2.7/src/kdc/kdc_preauth.c Mon Aug 12 18:50:02 2002
@@ -533,7 +533,7 @@
while (1) {
retval = krb5_dbe_search_enctype(context, client, &start, -1,
-1, 0, &client_key);
- if (retval == ENOENT)
+ if (retval == KRB5_KDB_NO_MATCHING_KEY)
break;
if (retval)
goto cleanup;

with the ChangeLog:
2002-08-12 Sam Hartman <hartmans@mit.edu>

* kdc_preauth.c (get_etype_info): We get KRB5_KDB_NO_MATCHING_KEY
not ENOENT; per 5.27 of kdb_xdr.c.
[pullup from trunk]

HOWEVER, between the two releases, the only change in kdb_xdr.c is:
--- krb5-1.2.3/src/lib/kdb/kdb_xdr.c Wed Jan 9 17:27:49 2002
+++ krb5-1.2.7/src/lib/kdb/kdb_xdr.c Mon Aug 12 18:48:35 2002
@@ -726,6 +726,7 @@
krb5_key_data *datap;
krb5_error_code ret;

+ ret = 0;
if (kvno == -1 && stype == -1 && ktype == -1)
kvno = 0;

2002-08-12 Sam Hartman <hartmans@mit.edu>

* kdb_xdr.c (krb5_dbe_search_enctype): Initialize ret to 0; thanks
to Lubos Kejzlar <kejzlar@civ.zcu.cz>
[pullup from trunk]

This patch does not seem to correspond to the change in kdc_preauth.c.
I am unable to usefully debug this further. What was the purpose of the
above change to kdc_preauth?

--Jered

# Thu Jan 16 02:41:07 2003 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] client failures upgrading from 1.2.3 to 1.2.7
From:	Tom Yu <tlyu@mit.edu>
Date:	Thu, 16 Jan 2003 02:41:05 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 4.3KiB

Show quoted text

>>>>> "jered" == Jered Floyd via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text

jered> Somewhere between krb5-1.2.3 and krb5-1.2.7, Cyrus saslauthd using
jered> Kerberos 5 for password verification (yes, I know the reasons that I
jered> shouldn't do this; it's a fallback for SSL users). The kdc logs
jered> the following:

Show quoted text

jered> Jan 16 00:25:38 noisybox krb5kdc[16932]: AS_REQ (3 etypes {16 1 3}) 140.239.226.142(88): NEEDED_PREAUTH: jered@CONVIVIAN.COM for krbtgt/CONVIVIAN.COM@CONVIVIAN.COM, Additional pre-authentication required
jered> Jan 16 00:25:38 noisybox krb5kdc[16932]: preauth (timestamp) verify failure: No matching key in entry
jered> Jan 16 00:25:38 noisybox krb5kdc[16932]: AS_REQ (3 etypes {16 1 3}) 140.239.226.142(88): PREAUTH_FAILED: jered@CONVIVIAN.COM for krbtgt/CONVIVIAN.COM@CONVIVIAN.COM, Preauthentication failed

Could you please send the output of "getprinc" from kadmin for the
client principal? Also, a packet capture of the KRB_ERROR message
corresponding to the "additional pre-authentication required" error
might be useful too, as would a packet capture of the AS_REQ following
the KRB_ERROR.

What release are you running on the KDC? What release is kinit from?
What release is saslauthd linked with?

Show quoted text

jered> This appears to be identical to newly-occuring problems for Windows client
jered> users (currently unresolved?) as documented at:
jered> http://mailman.mit.edu/pipermail/kerberos/2002-April/000617.html
jered> http://www.mail-archive.com/kerberos@mit.edu/msg02724.html
jered> http://www.mail-archive.com/kerberos@mit.edu/msg02783.html

Show quoted text

jered> kinit functions normally. kinit and saslauthd use nearly identical
jered> calls to krb5_get_init_creds_password:

kinit:
code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
0, kinit_prompter, 0,
opts->starttime,
opts->service_name,
&options);

saslauthd:
if (krb5_get_init_creds_password(context, &creds,
auth_user, password, NULL, NULL,
0, NULL, &opts)) {

[...]

Is saslauthd linked against the same krb5 library as kinit? Are they
using the same config files?

Show quoted text

jered> I see a potential culprit. Between 1.2.3 and 1.2.7, there is a
jered> single change to kdc_preauth.c:

--- krb5-1.2.3/src/kdc/kdc_preauth.c Wed Jan 9 17:27:28 2002
+++ krb5-1.2.7/src/kdc/kdc_preauth.c Mon Aug 12 18:50:02 2002
@@ -533,7 +533,7 @@
while (1) {
retval = krb5_dbe_search_enctype(context, client, &start, -1,
-1, 0, &client_key);
- if (retval == ENOENT)
+ if (retval == KRB5_KDB_NO_MATCHING_KEY)
break;
if (retval)
goto cleanup;

[...]

I don't think this is relevant; you quoted a change in the
get_etype_info() function. The correct place to look would be in the
verify_enc_timestamp() function, I think.

Show quoted text

jered> HOWEVER, between the two releases, the only change in kdb_xdr.c is:

--- krb5-1.2.3/src/lib/kdb/kdb_xdr.c Wed Jan 9 17:27:49 2002
+++ krb5-1.2.7/src/lib/kdb/kdb_xdr.c Mon Aug 12 18:48:35 2002
@@ -726,6 +726,7 @@
krb5_key_data *datap;
krb5_error_code ret;

+ ret = 0;
if (kvno == -1 && stype == -1 && ktype == -1)
kvno = 0;

Show quoted text

jered> 2002-08-12 Sam Hartman <hartmans@mit.edu>

Show quoted text

jered> * kdb_xdr.c (krb5_dbe_search_enctype): Initialize ret to 0; thanks
jered> to Lubos Kejzlar <kejzlar@civ.zcu.cz>
jered> [pullup from trunk]

Show quoted text

jered> This patch does not seem to correspond to the change in
jered> kdc_preauth.c. I am unable to usefully debug this further.
jered> What was the purpose of the above change to kdc_preauth?

It doesn't correspond. The patch to kdb_xdr.c was to fix a different
bug having to do with preauth. The change to kdc_preauth.c was to fix
a bug due to its being out of synch with an earlier, different change
to kdb_xdr.c -- that of no longer returning ENOENT on failure to find
a key.

A likely source of your trouble would be your client sending an
encrypted timestamp preauth encrypted using an enctype that the client
principal does not have a key for. I'm not quite sure why this would
happen with saslauthd and not with kinit.

---Tom

# Sun Jan 19 22:35:12 2003 Jered Floyd <jered@convivian.com> - Comments added

To:	krb5-prs@mit.edu
Subject:	Re: [krbdev.mit.edu #1324] client failures upgrading from 1.2.3 to 1.2.7
From:	Jered Floyd <jered@convivian.com>
Date:	16 Jan 2003 04:13:35 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 2.1KiB

Show quoted text

> Could you please send the output of "getprinc" from kadmin for the
> client principal? Also, a packet capture of the KRB_ERROR message
> corresponding to the "additional pre-authentication required" error
> might be useful too, as would a packet capture of the AS_REQ following
> the KRB_ERROR.

Principal: jered@CONVIVIAN.COM
Expiration date: [never]
Last password change: Thu Mar 28 00:37:12 EST 2002
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Mar 28 00:37:12 EST 2002 (kadmind@CONVIVIAN.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 6
Key: vno 5, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 5, DES cbc mode with CRC-32, no salt
Key: vno 5, DES cbc mode with RSA-MD5, Version 4
Key: vno 5, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 5, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 5, DES cbc mode with RSA-MD5, AFS version 3
Attributes: REQUIRES_PRE_AUTH
Policy: [none]

Both successful and unsuccessful exchanges are attached. They are
in libpcap format as dumped by ethereal on Linux.

Show quoted text

> What release are you running on the KDC?

Whoops; somewhat out of date: 1.2.4 as found in the Debian package
krb5-kdc-1.2.4-5woody3. I've updated to 1.2.7-2; no change.

Show quoted text

> What release is kinit from?

1.2.4 as found in the Debian package krb5-user-1.2.4-5woody3. Now
updated to 1.2.7-2 as well.

Show quoted text

> What release is saslauthd linked with?

It was dynamically linked against 1.2.4 as found in Debian package
libkrb53-1.2.4-5woody3. It is now dynamically linked against 1.2.7 as
well. (It was originally built, I believe, against 1.2.3.) No change.

Show quoted text

> Is saslauthd linked against the same krb5 library as kinit? Are they
> using the same config files?

Yes, to the first question. I believe so on the second; is there a
likely way this might not be the case?

Show quoted text

> A likely source of your trouble would be your client sending an
> encrypted timestamp preauth encrypted using an enctype that the client
> principal does not have a key for. I'm not quite sure why this would
> happen with saslauthd and not with kinit.
>
> ---Tom

Download kinit-exchange
application/octet-stream 4.4KiB

Message body not shown because it is not plain text.

Download saslauthd-exchange
application/octet-stream 2.4KiB

Message body not shown because it is not plain text.

# Tue Jan 21 09:54:25 2003 hartmans (Sam Hartman) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	[krbdev.mit.edu #1324] cannot reproduce
Date:	Tue, 21 Jan 2003 09:54:23 -0500 (EST)
From:	hartmans@mit.edu (Sam Hartman)
RT-Send-Cc:

Download (untitled) / with headers
text/plain 302B

Hi. Using the saslauthd binary you supplied and the Debian kerberos
packages 1.2.7-1, I cannot reproduce the bug.
I created a principal called test@SUCHDAMAGE.ORG, which required preauth.
I ran testsaslauthd -u test@SUCHDAMAGE.ORG -p password
it worked fine.

Suggestsions on where to go from here?

# Tue Jan 21 14:55:00 2003 Jered Floyd <jered@convivian.com> - Comments added

To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] cannot reproduce
From:	Jered Floyd <jered@convivian.com>
Date:	21 Jan 2003 14:54:58 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 281B

"Sam Hartman via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text

> Suggestsions on where to go from here?

I'm going to look at this further later in the week; I'll get
back to you.

Can you tell me what is the meaning of the error the KDC is returning?
That might be helpful.

--Jered

# Tue Jan 21 15:09:33 2003 hartmans (Sam Hartman) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] cannot reproduce
From:	Sam Hartman <hartmans@mit.edu>
Date:	Tue, 21 Jan 2003 15:09:29 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 223B

No matching key in entry means that you included an encrypted
timestamp with an enctype that the KDC couldn't find for the key. Do
principals that work have a different set of encryption types than
principals that fail?

# Tue Jan 21 15:14:03 2003 Jered Floyd <jered@convivian.com> - Comments added

To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] cannot reproduce
From:	Jered Floyd <jered@convivian.com>
Date:	21 Jan 2003 15:14:01 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 574B

"Sam Hartman via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text

> No matching key in entry means that you included an encrypted
> timestamp with an enctype that the KDC couldn't find for the key. Do
> principals that work have a different set of encryption types than
> principals that fail?

I don't believe so. Given that my mother hasn't complained about not
being able to check her mail, I'm assuming that hers still works.
"getprinc" shows the same set of keys as with my principal.

When I have a free moment, I will create a new principal and try to
reproduce.

--Jered

# Fri Jan 24 19:51:43 2003 Jered Floyd <jered@convivian.com> - Comments added

To:	rt-comment@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] cannot reproduce
From:	Jered Floyd <jered@convivian.com>
Date:	24 Jan 2003 19:51:35 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 376B

Show quoted text

> Suggestsions on where to go from here?

I am no longer to reproduce the problem as I described it.

Rather, when I type the principal's password correctly, both kinit
and saslauthd succeed. When I give an incorrect password, both
log the error that I reported.

Arguably, the error message is not particularly good at indicating
that the password is incorrect.

--Jered

# Fri Jan 24 21:17:58 2003 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] cannot reproduce
From:	Tom Yu <tlyu@mit.edu>
Date:	Fri, 24 Jan 2003 21:17:57 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1019B

Show quoted text

>>>>> "Jered" == Jered Floyd via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text

Jered> Rather, when I type the principal's password correctly, both kinit
Jered> and saslauthd succeed. When I give an incorrect password, both
Jered> log the error that I reported.

Show quoted text

Jered> Arguably, the error message is not particularly good at indicating
Jered> that the password is incorrect.

I agree. Inspection of the code in verify_enc_timestamp() reveals
that if a key is found that matches the enctype in the encrypted
timestamp preauth, and the decryption fails, the loop continues. This
is presumably because the encrypted timestamp preauth doesn't carry
salt information or any other information that would permit the KDC to
correctly choose between multiple keys having the same enctype but
having different salts.

Probably the correct thing to do is to set a flag when decryption is
attempted, so that if the loop exits with an error of NO_MATCHING_KEY
and the flag is set, the KDC will correctly report a bad password.

---Tom

# Fri Jan 31 18:02:34 2003 tlyu (Taylor Yu) - Correspondence added

To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #1324] cannot reproduce
From:	Tom Yu <tlyu@mit.edu>
Date:	Fri, 31 Jan 2003 18:02:33 -0500
RT-Send-Cc:

Download (untitled) / with headers
text/plain 71B

Ok, please let me know if this patch works (generated against 1.2.7):

Download patch
text/x-patch 1.3KiB

Message body is not shown because sender requested not to inline it.

# Fri Jan 31 18:02:45 2003 tlyu (Taylor Yu) - Given to tlyu (Taylor Yu)

# Wed Mar 26 18:56:38 2003 tlyu (Taylor Yu) - Subject changed from 'client failures upgrading from 1.2.3 to 1.2.7' to 'kdc logs bogus error for enc timestamp wrong passwd'

# Wed Mar 26 18:56:38 2003 tlyu (Taylor Yu) - Status changed from 'new' to 'open'

# Fri Mar 28 17:51:39 2003 tlyu (Taylor Yu) - Tags pullup added

# Fri Mar 28 17:51:39 2003 tlyu (Taylor Yu) - Target_Version 1.3 added

# Fri Mar 28 17:51:40 2003 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 361B

* kdc_preauth.c (verify_enc_timestamp): Save decryption error, in
case we get NO_MATCHING_KEY later. This allows us to log a more
sane error if an incorrect password is used for encrypting the
enc-timestamp preauth.

To generate a diff of this commit:

cvs diff -r5.252 -r5.253 krb5/src/kdc/ChangeLog
cvs diff -r5.35 -r5.36 krb5/src/kdc/kdc_preauth.c

# Fri Mar 28 18:31:01 2003 tlyu (Taylor Yu) - Status changed from 'open' to 'resolved'

# Fri Mar 28 18:31:03 2003 tlyu (Taylor Yu) - Version_Fixed 1.3 added

# Fri Mar 28 18:31:04 2003 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 170B

pullup from trunk

To generate a diff of this commit:

cvs diff -r5.251.2.1 -r5.251.2.2 krb5/src/kdc/ChangeLog
cvs diff -r5.35 -r5.35.2.1 krb5/src/kdc/kdc_preauth.c

# Wed Dec 16 18:02:39 2015 tlyu (Taylor Yu) - CustomField pullup deleted