Results 1 to 4 of 4

Thread: Problem with apache mod_auth_kerb after krb5 patch

Threaded View

  1. #1

    Problem with apache mod_auth_kerb after krb5 patch

    Hi,

    we have a problem with our SLES 11 SP3 server after the last krb5 (Kerberos) update, patch slessp3-krb5-12185 (http://lists.opensuse.org/opensuse-s.../msg00007.html).

    After applying the patch our apache with mod_auth_kerb doesn't work correctly with "KrbMethodNegotiate on" (in apache config. Activates SingleSignOn with IE and other browsers).

    The apache error log shows this:
    Code:
    [Mon Nov 09 15:49:29 2015] [debug] src/mod_auth_kerb.c(1667): [client 172.24.7.101] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
    [Mon Nov 09 15:49:29 2015] [debug] src/mod_auth_kerb.c(1667): [client 172.24.7.101] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
    [Mon Nov 09 15:49:29 2015] [debug] src/mod_auth_kerb.c(1277): [client 172.24.7.101] Acquiring creds for HTTP@server.domain
    [Mon Nov 09 15:49:29 2015] [debug] src/mod_auth_kerb.c(1424): [client 172.24.7.101] Verifying client data using KRB5 GSS-API
    [Mon Nov 09 15:49:29 2015] [debug] src/mod_auth_kerb.c(1440): [client 172.24.7.101] Client didn't delegate us their credential
    [Mon Nov 09 15:49:29 2015] [debug] src/mod_auth_kerb.c(1459): [client 172.24.7.101] GSS-API token of length 185 bytes will be sent back
    [Mon Nov 09 15:49:29 2015] [notice] child pid 16712 exit signal Segmentation fault (11)
    After turning "KrbMethodNegotiate" off, so that the client will be asked for a password (when the setting "KrbMethodK5Passwd on" is set, but this was set even before the update), everything works just fine. In both situations the same keytab-file is used, no changes to the krb5.conf. Only the KrbMethodNegotiate change.

    After downgrading the updated krb5 packages, everything works fine (again).

    Does the mod_auth_kerb apache module need an update to work correctly with the fixed krb5 package?
    Any further advice?
    Any further data, config settings, etc. I can provide?

    It's a SLES 11 SP3 server (VM) with all packages updated

    Thanks in advance.
    Eichhorn
    Last edited by EichhornT; 09-Nov-2015 at 16:09.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •