Kai Lanz <l...@stanford.edu> writes: > I get a very similar error:
> # wa_keyring -f /usr/local/apache/conf/webauth/keyring list > wa_keyring: cannot read keyring /usr/local/apache/conf/webauth/ > keyring: invalid argument to function (unsupported key type 0) Okay, what's happening is that one of the keys stored in the keyring appears to be corrupt; it's missing part of the data. The error checking in the new version of WebAuth is somewhat stronger than in the old version of WebAuth, and in this case I'm not sure that's a good thing. If you don't mind invalidating all existing sessions for this server (meaning that authenticated users will be bounced through WebLogin again when they next hit the page), which at this point is probably not a problem if it's been broken for a while, just moving the keyring aside and letting Apache create a new one should fix the problem. For the next release, I'll take a look at making the code somewhat less strict so that it can continue after an error. The next question is whether this problem happens again. I *think* you had a corrupt keyring from the old version of WebAuth, but it's possible that something in the new version is corrupting the keyring somehow, since that code was substantially rewritten. There is a test suite, but.... -- Russ Allbery <ea...@windlord.stanford.edu> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
