I know this is the apache list, I'm having problems with
mod_auth_kerberos and that mailing list is a bit silent on this
issue. I'm hoping someone ran across this out there and may have a
solution or feedback! Thanks in advance, everything works fine in
apache 2.0, details below:
I'm stumped. Have three boxes and a windows 2k AD, the newest one
doesn't work and I receive:
kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
Acquiring creds for HTTP/[EMAIL PROTECTED]
Verifying client data using KRB5 GSS-API
Verification returned code 851968
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
may provide more information (Cannot allocate memory)
From the apache error logs.
first two boxes are:
FC 4
Apache 2.0.54
mod_auth_kerb v5.3
kerb libs:
pam_krb5-2.1.7-3
krb5-libs-1.4.1-5
krb5-workstation-1.4.1-5
krb5-devel-1.4.1-5
The troublesome one is:
FC6
Apache 2.2.4
mod_auth_kerb v5.3
pam_krb5-2.2.11-1
krb5-libs-1.5-21
krb5-devel-1.5-21
krb5-workstation-1.5-21
krb5-auth-dialog-0.7-1
Here is the .htaccess file that works fine on the first two boxes,
not on the newer:
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms FOO.BAR
KrbServiceName HTTP
KrbVerifyKDC off
KrbMethodNegotiate on
KrbMethodK5Passwd on
Krb5Keytab /etc/httpd/conf/local.keytab
All the boxes have plenty of CPU, memory, semaphores and shared
memory available. The only real difference I see is apache 2.0 vs.
2.2. The keytabs all check out and I can check out kerberos tickets
just fine on all three servers. They all have identical
configurations. Attached at the bottom of this email is a snippet of
a stacktrace, if I can offer more information I'd be happy to comply.
R
---SNIP---
open("/var/www/html/rich_test/index.html/.htaccess", O_RDONLY|
O_LARGEFILE) = -1 ENOTDIR (Not a directory)
gettimeofday({1182803367, 203469}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 156) = 156
writev(16, [{"HTTP/1.1 401 Authorization Requi"..., 269}, {"<!DOCTYPE
HTML PUBLIC \"-//IETF//"..., 471}], 2) = 740
write(12, "172.25.201.26 - - [25/Jun/2007:1"..., 186) = 186
shutdown(16, 1 /* send */) = 0
poll([{fd=16, events=POLLIN, revents=POLLIN|POLLHUP}], 1, 2000) = 1
read(16, "", 512) = 0
close(16) = 0
read(8, 0xbfd69d03, 1) = -1 EAGAIN (Resource
temporarily unavailable)
semop(7602192, 0x89770c, 1) = 0
epoll_wait(15, {{EPOLLIN, {u32=2181919520,
u64=13823409058185311008}}}, 2, -1) = 1
accept(4, {sa_family=AF_INET6, sin6_port=htons(50536), inet_pton
(AF_INET6, "::ffff:172.25.201.26", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, [28]) = 16
semop(7602192, 0x897712, 1) = 0
getsockname(16, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton
(AF_INET6, "::ffff:172.25.7.35", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, [28]) = 0
fcntl64(16, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(16, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(16, "GET /rich_test/index.html HTTP/1"..., 8000) = 1260
gettimeofday({1182803367, 221493}, NULL) = 0
poll([{fd=16, events=POLLIN, revents=POLLIN}], 1, 120000) = 1
read(16, "plsTPW68dcuO8RotO+GbJz2qAT2rv+D3"..., 8000) = 1162
stat64("/var/www/html/rich_test/index.html", {st_mode=S_IFREG|0644,
st_size=5, ...}) = 0
open("/var/www/html/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No
such file or directory)
open("/var/www/html/rich_test/.htaccess", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFREG|0644, st_size=392, ...}) = 0
read(17, "DirectoryIndex home.php index.ph"..., 4096) = 392
read(17, "", 4096) = 0
close(17) = 0
open("/var/www/html/rich_test/index.html/.htaccess", O_RDONLY|
O_LARGEFILE) = -1 ENOTDIR (Not a directory)
gettimeofday({1182803367, 222194}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 156) = 156
gettimeofday({1182803367, 222303}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 148) = 148
futex(0x8fbc3c, FUTEX_WAKE, 2147483647) = 0
futex(0x8fbb60, FUTEX_WAKE, 2147483647) = 0
futex(0xf659e4, FUTEX_WAKE, 2147483647) = 0
futex(0x222b44, FUTEX_WAKE, 2147483647) = 0
futex(0x222ddc, FUTEX_WAKE, 2147483647) = 0
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "yx\315\27\355q\350\303\361\246%V\212T\345\265\261\247B"...,
20) = 20
close(17) = 0
futex(0x288a44, FUTEX_WAKE, 2147483647) = 0
gettimeofday({1182803367, 223953}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "\244\306\275\205_\362r\275\230\257y\367\202\346\f\212
\30"..., 20) = 20
close(17) = 0
gettimeofday({1182803367, 225672}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
open("/etc/httpd/conf/local.keytab", O_RDONLY|O_LARGEFILE) = 17
fcntl64(17, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=0,
len=0}, 0xbfd68e04) = 0
read(17, "\5\2\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0"..., 8192) = 75
_llseek(17, -73, [2], SEEK_CUR) = 0
read(17, "\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0\25f"..., 8192) = 73
_llseek(17, 0, [0], SEEK_SET) = 0
read(17, "\5\2\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0"..., 8192) = 75
_llseek(17, 0, [0], SEEK_SET) = 0
read(17, "\5\2\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0"..., 8192) = 75
read(17, "", 8192) = 0
fcntl64(17, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=0,
len=0}, 0xbfd68e04) = 0
close(17) = 0
geteuid32() = 48
time(NULL) = 1182803367
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "u\34\211\271\254\255\375\201I\237\35\202Xs\35-\257\243"...,
20) = 20
close(17) = 0
gettimeofday({1182803367, 228026}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "\205L\377\33q!\343\206\255^w\321\234\337\265\350&V\372"...,
20) = 20
close(17) = 0
gettimeofday({1182803367, 229729}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
gettimeofday({1182803367, 230323}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 126) = 126
gettimeofday({1182803367, 230442}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 119) = 119
gettimeofday({1182803367, 230551}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [erro"..., 182) = 182
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "\222dh\21)\232\7\353-\247~\20\377\2\2406|L\343\355", 20) = 20
close(17) = 0
gettimeofday({1182803367, 231818}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
writev(16, [{"HTTP/1.1 401 Authorization Requi"..., 240}, {"<!DOCTYPE
HTML PUBLIC \"-//IETF//"..., 471}], 2) = 711
write(12, "172.25.201.26 - - [25/Jun/2007:1"..., 186) = 186
shutdown(16, 1 /* send */) = 0
poll([{fd=16, events=POLLIN}], 1, 2000) = 0
close(16) = 0
read(8, 0xbfd69d03, 1) = -1 EAGAIN (Resource
temporarily unavailable)
semop(7602192, 0x89770c, 1) = 0
epoll_wait(15, 820d72b0, 2, -1) = -1 EINTR (Interrupted
system call)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
