Edit report at https://bugs.php.net/bug.php?id=54716&edit=1
ID: 54716 Updated by: [email protected] Reported by: dominik dot szybowski at bzwbk dot pl Summary: Internal Server Error when php compiled with oci driver -Status: Feedback +Status: No Feedback Type: Bug Package: OCI8 related Operating System: AIX PHP Version: 5.2.17 New Comment: No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. Previous Comments: ------------------------------------------------------------------------ [2012-10-18 21:34:13] debian at linux dot org In our case the PDO Oracle driver break kerberos config. No need to use it, the bug appears when reloading Apache if the PDO Oracle driver is "ON". Just disabled it. ------------------------------------------------------------------------ [2012-08-24 06:44:48] debian at linux dot org My Configuration : - Debian GNU/Linux 6 64-bit - Oracle Instantclient 11.2 - PHP 5.3.14 - mod_auth_kerb 5.4 - Apache 2.2.16 - Kerberos Heimdal This can be reproduced using Apache graceful command. Just after the mod_auth_kerb will fail to read the kerberos conf gss_import_name() failed: Miscellaneous failure (, Can't open/find Kerberos configuration file. it will use the same default kerberos configuration as Oracle Database !!! You can force the path using sqlnet.ora but it will fail after when using gss acquire credential (unknown error 2 or 21). We did not find a fix. ------------------------------------------------------------------------ [2012-01-09 14:01:56] rattlebrain at gmx dot net I have a similar problem. mod_auth_kerb works fine as long as I don't use the PHP OCI8 extension. As soon as I load the OCI8 extension, mod_auth_kerb starts to behave weird. After an Apache (re)start everything is fine, but when I reload Apache I'm getting in a browser "Internal Server Error" and in the error log (just like the topic starter): [Mon Jan 09 14:33:00 2012] [error] [client 10.206.33.199] gss_import_name() failed: Miscellaneous failure (, Can't open/find Kerberos configuration file) After stracing the Apache processes it appeared that /krb5/krb.conf is trying to be opened, but obviously fails on a Linux system. I could prove that Oracle OCI is doing this by setting the SQLNET.KERBEROS5_CONF parameter to a different value in sqlnet.ora. So in some way OCI mixes up the Kerberos stuff that mod_auth_kerb is using, but only when Apache is reloaded. Without everything works perfect, including the PHP OCI8 stuff. I'm using: - Debian GNU/Linux 6 64-bit - Oracle Instantclient Basic 11.2.0.2.0 - PHP 5.3.3 (Debian package rebuild to include OCI8) - mod_auth_kerb 5.4 - Apache 2.2.16 To create the OCI8 stuff I added the following parameters to the standard Debian PHP build parameters: --with-oci8=shared,/usr --with-pdo-oci=shared,/usr This is the complete configure command: CFLAGS="-g -O2 -O2 -Wall -fsigned-char -fno-strict-aliasing -gstabs" PROG_SENDMAIL="/usr/sbin/sendmail" ../configure \ --prefix=/usr --with-apxs2=/usr/bin/apxs2 \ --with-config-file-path=/etc/php5/apache2 \ --with-config-file-scan-dir=/etc/php5/apache2/conf.d \ --build=x86_64-linux-gnu --host=x86_64-linux-gnu --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --disable-debug --with-regex=php --disable-rp ath --disable-static --with-pic --with-layout=GNU --with-pear=/usr/share/php --enable-calendar --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-bcmath --with-bz2 --enable-ctype --with-db4 --with-qdbm=/usr --without-gdbm --with-iconv --enable-exif --enable-ftp --with-gettext --enable-mbstring --with-onig=/usr --with-pcre-regex=/usr -- enable-shmop --enable-sockets --enable-wddx --with-libxml-dir=/usr --with-zlib --with-kerberos=/usr --with-openssl=/usr --enable-soap --enable-zip --with-mhash=yes --with-ex ec-dir=/usr/lib/php5/libexec --with-system-tzdata \ --without-mm \ --with-curl=shared,/usr \ --with-enchant=shared,/usr \ --with-zlib-dir=/usr \ --with-gd=shared,/usr --enable-gd-native-ttf \ --with-gmp=shared,/usr \ --with-jpeg-dir=shared,/usr \ --with-xpm-dir=shared,/usr/X11R6 \ --with-png-dir=shared,/usr \ --with-freetype-dir=shared,/usr \ --with-imap=shared,/usr \ --with-imap-ssl \ --with-interbase=shared,/usr --with-pdo-firebird=shared,/usr \ --enable-intl=shared \ --with-ttf=shared,/usr \ --with-t1lib=shared,/usr \ --with-ldap=shared,/usr \ --with-ldap-sasl=/usr \ --with-mcrypt=shared,/usr \ --with-mysql=shared,/usr \ --with-mysqli=shared,/usr/bin/mysql_config \ --with-pspell=shared,/usr \ --with-unixODBC=shared,/usr \ --with-recode=shared,/usr \ --with-xsl=shared,/usr \ --with-snmp=shared,/usr \ --with-sqlite=shared,/usr \ --with-sqlite3=shared,/usr \ --with-mssql=shared,/usr \ --with-tidy=shared,/usr \ --with-xmlrpc=shared \ --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` \ --with-oci8=shared,/usr \ --enable-pdo=shared \ --without-pdo-dblib \ --with-pdo-mysql=shared,/usr \ --with-pdo-odbc=shared,unixODBC,/usr \ --with-pdo-pgsql=shared,/usr/bin/pg_config \ --with-pdo-oci=shared,/usr \ --with-pdo-sqlite=shared,/usr \ --with-pdo-dblib=shared,/usr The relevant Apache config block: <Location /> AuthName "Restricted Area" AuthType Kerberos AuthzUnixgroup On AuthzUnixgroupAuthoritative On Krb5Keytab /etc/apache2/krb5.keytab KrbAuthoritative On KrbDelegateBasic Off KrbLocalUserMapping On KrbMethodNegotiate On KrbMethodK5Passwd On KrbSaveCredentials Off KrbServiceName HTTP/[email protected] KrbVerifyKDC On Require group admins </Location> The content on the webserver doesn't matter, Apache breaks before the content can be read, so it doesn't help to provide a script. I hope this helps. Do you need anything else? ------------------------------------------------------------------------ [2011-11-07 22:24:58] [email protected] Please provide more details, including the complete build steps and a script that causes the error ------------------------------------------------------------------------ [2011-05-12 10:53:03] dominik dot szybowski at bzwbk dot pl Description: ------------ Apache server throws internal server error during sso kerberos authentication when php is compiled with parameter --with-oci8=instantclient,/usr/local/instantclient_11_1/lib We have currently working apache 2.2.17 server with php 5.2.17 (other versions was also tested) configured with mit kerberos 5.1.6 and mod_auth_kerb5.4 kerberos module. Before we try to add oci connection to oracle everything works fine and users was authenticated by sso. After we recompiled php with oci our apache instance can't load kerberos configuration file and throws internal server error. It can be related to issue with subprocesses http://bugs.php.net/bug.php?id=9013 I already tried oracle support but they didn't like to help with php. Expected result: ---------------- Error log without oci (works fine): [Wed May 11 16:39:54 2011] [debug] src/mod_auth_kerb.c(1628): [client host] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: https://host/altair/views/show_docclasses.php [Wed May 11 16:39:54 2011] [debug] src/mod_auth_kerb.c(1240): [client host] Acquiring creds for HTTP/host@domain, referer: https://10.151.67.126/altair/views/show_docclasses.php [Wed May 11 16:39:54 2011] [debug] src/mod_auth_kerb.c(1385): [client host] Verifying client data using KRB5 GSS-API with our SPNEGO lib, referer: https://host/altair/views/show_docclasses.php [Wed May 11 16:39:54 2011] [debug] src/mod_auth_kerb.c(1401): [client host] Client didn't delegate us their credential, referer: https://10.151.67.126/altair/views/show_docclasses.php [Wed May 11 16:39:54 2011] [debug] src/mod_auth_kerb.c(1420): [client host] GSS-API token of length 161 bytes will be sent back, referer: Actual result: -------------- Error log with oci: [Fri May 06 17:25:38 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.150.203.118] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Fri May 06 17:25:38 2011] [debug] src/mod_auth_kerb.c(1101): [client 10.150.203.118] GSS-API major_status:000d0000, minor_status:96c73a87 [Fri May 06 17:25:38 2011] [error] [client 10.150.203.118] gss_import_name() failed: Miscellaneous failure (, Can't open/find Kerberos configuration file) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=54716&edit=1
