Running php
configured with imap inside apache locks the kerberos keytab.
This bug
has beed reported before (redhat 114432) (php 34745)
I have tracked it
down
This
code
long
kerberos_server_valid ()
{
krb5_context ctx;
krb5_keytab kt;
krb5_kt_cursor csr;
long ret = NIL;
/* make a context */
if (!krb5_init_context (&ctx)) {
/* get default keytab */
if (!krb5_kt_default (ctx,&kt)) {
/* can do server if have good keytab */
if (!krb5_kt_start_seq_get (ctx,kt,&csr)) ret = LONGT;
krb5_kt_close (ctx,kt); /* finished with keytab */
}
krb5_free_context (ctx); /* finished with context */
}
return ret;
}
{
krb5_context ctx;
krb5_keytab kt;
krb5_kt_cursor csr;
long ret = NIL;
/* make a context */
if (!krb5_init_context (&ctx)) {
/* get default keytab */
if (!krb5_kt_default (ctx,&kt)) {
/* can do server if have good keytab */
if (!krb5_kt_start_seq_get (ctx,kt,&csr)) ret = LONGT;
krb5_kt_close (ctx,kt); /* finished with keytab */
}
krb5_free_context (ctx); /* finished with context */
}
return ret;
}
Is called at
startup. The problem is that kt_close does not close the keytab - it only frees
buffers.
After calling
kt_start_seq_get you must call kt_end_seq_get to close the
keytab
In many cases this
is not a problme becuse this module is being called one time in a transient
process. In apache however it is called when the webs erver
starts
and the lock lasts
for as long as apache is running (probaly a long time!)
Paul Moore
CTO, Centrify Corporation www.centrify.com
10900 NE 8th Street #900
Bellevue WA, 98004
office: 425 990 4544
cell: 206 251 7008
_______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
