Security impact of removing timestamp check in rd_rep()
lukeh at padl.com
Sat May 14 08:08:41 GMT 2005
You actually want to check that they are different, to avoid replay
>From: Andrew Bartlett <abartlet at samba.org>
>Subject: Security impact of removing timestamp check in rd_rep()
>To: heimdal-discuss at sics.se
>Cc: samba-technical at samba.org
>Date: Sat, 14 May 2005 16:42:15 +1000
>I've been working on the DCE_STYLE GSSAPI code (mostly by metze) that
>Samba4 needs for the 'Kerberos domain join' problem, and I have solved
>the final piece of the puzzle.
>It appears that the encrypted timestamp in the AP_REP (mutual
>authentication) packet, used in the '3rd leg' of the extended GSSAPI
>negotiation is not consistent with the other two timestamps in the
>exchange. It appears simply to be the real time, on the client now, and
>so varies particularly in the usec field.
>So, what I'm wondering is how to still be secure, while removing the
>need for an exact timestamp match here.
>To be clear about the packets I'm talking about, I have attached the #if
>0 patch I used.
>Andrew Bartlett http://samba.org/~abartlet/
>Authentication Developer, Samba Team http://samba.org
>Student Network Administrator, Hawker College http://hawkerc.net
>[Attachment: a1/krb5-fix-for-dce-style.patch, text/x-patch]
>[Attachment: signature.asc, application/pgp-signature]
More information about the samba-technical