On 3/24/17, 9:29 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner" <pkg-shibboleth-devel-bounces+cantor.2=osu....@lists.alioth.debian.org on behalf of wf...@niif.hu> wrote:
> This looks like a log4shib threading problem, probably inherited from log4cpp. More a "the design of the library just doesn't work for these kinds of process lifecycles" problem, there are issues open on I suspect related issues in the Shibboleth issue tracker, I don't have a specific issue number at hand right this second. I believe there are a number of issues around changes to that code, some other changes in the SP to deal with the Apache permission issues, etc. At this point if you can use syslog you can probably avoid a lot of this mess since native.log doesn't really get used much anyway, and another key is to make sure the logger setting in shibboleth2.xml isn't set and it's not trying to reload logging configuration. This trace also suggests prefork is being used, which should never be used with mod_shib, that's a DOS attack waiting to happen. -- Scott
