I'm stumped. Have three boxes and a windows 2k AD, the newest one doesn't work and I receive:
kerb_authenticate_user entered with user (NULL) and auth_type Kerberos Acquiring creds for HTTP/fc6@xxxxxxxxxxx Verifying client data using KRB5 GSS-API Verification returned code 851968gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)
From the apache error logs. first two boxes are: FC 4 Apache 2.0.54 mod_auth_kerb v5.3 kerb libs: pam_krb5-2.1.7-3 krb5-libs-1.4.1-5 krb5-workstation-1.4.1-5 krb5-devel-1.4.1-5 The troublesome one is: FC6 Apache 2.2.4 mod_auth_kerb v5.3 pam_krb5-2.2.11-1 krb5-libs-1.5-21 krb5-devel-1.5-21 krb5-workstation-1.5-21 krb5-auth-dialog-0.7-1Here is the .htaccess file that works fine on the first two boxes, not on the newer:
AuthType Kerberos AuthName "Kerberos Login" KrbAuthRealms FOO.BAR KrbServiceName HTTP KrbVerifyKDC off KrbMethodNegotiate on KrbMethodK5Passwd on Krb5Keytab /etc/httpd/conf/local.keytabAll the boxes have plenty of CPU, memory, semaphores and shared memory available. The only real difference I see is apache 2.0 vs. 2.2. The keytabs all check out and I can check out kerberos tickets just fine on all three servers. They all have identical configurations. Attached at the bottom of this email is a snippet of a stacktrace, if I can offer more information I'd be happy to comply.
R ---SNIP---open("/var/www/html/rich_test/index.html/.htaccess", O_RDONLY| O_LARGEFILE) = -1 ENOTDIR (Not a directory)
gettimeofday({1182803367, 203469}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 156) = 156
writev(16, [{"HTTP/1.1 401 Authorization Requi"..., 269}, {"<!DOCTYPE
HTML PUBLIC \"-//IETF//"..., 471}], 2) = 740
write(12, "172.25.201.26 - - [25/Jun/2007:1"..., 186) = 186
shutdown(16, 1 /* send */) = 0
poll([{fd=16, events=POLLIN, revents=POLLIN|POLLHUP}], 1, 2000) = 1
read(16, "", 512) = 0
close(16) = 0
read(8, 0xbfd69d03, 1) = -1 EAGAIN (Resource
temporarily unavailable)
semop(7602192, 0x89770c, 1) = 0epoll_wait(15, {{EPOLLIN, {u32=2181919520, u64=13823409058185311008}}}, 2, -1) = 1 accept(4, {sa_family=AF_INET6, sin6_port=htons(50536), inet_pton (AF_INET6, "::ffff:172.25.201.26", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 16
semop(7602192, 0x897712, 1) = 0getsockname(16, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton (AF_INET6, "::ffff:172.25.7.35", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
fcntl64(16, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(16, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(16, "GET /rich_test/index.html HTTP/1"..., 8000) = 1260
gettimeofday({1182803367, 221493}, NULL) = 0
poll([{fd=16, events=POLLIN, revents=POLLIN}], 1, 120000) = 1
read(16, "plsTPW68dcuO8RotO+GbJz2qAT2rv+D3"..., 8000) = 1162
stat64("/var/www/html/rich_test/index.html", {st_mode=S_IFREG|0644,
st_size=5, ...}) = 0
open("/var/www/html/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No
such file or directory)
open("/var/www/html/rich_test/.htaccess", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFREG|0644, st_size=392, ...}) = 0
read(17, "DirectoryIndex home.php index.ph"..., 4096) = 392
read(17, "", 4096) = 0
close(17) = 0
open("/var/www/html/rich_test/index.html/.htaccess", O_RDONLY|
O_LARGEFILE) = -1 ENOTDIR (Not a directory)
gettimeofday({1182803367, 222194}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 156) = 156
gettimeofday({1182803367, 222303}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 148) = 148
futex(0x8fbc3c, FUTEX_WAKE, 2147483647) = 0
futex(0x8fbb60, FUTEX_WAKE, 2147483647) = 0
futex(0xf659e4, FUTEX_WAKE, 2147483647) = 0
futex(0x222b44, FUTEX_WAKE, 2147483647) = 0
futex(0x222ddc, FUTEX_WAKE, 2147483647) = 0
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "yx\315\27\355q\350\303\361\246%V\212T\345\265\261\247B"...,
20) = 20
close(17) = 0
futex(0x288a44, FUTEX_WAKE, 2147483647) = 0
gettimeofday({1182803367, 223953}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "\244\306\275\205_\362r\275\230\257y\367\202\346\f\212
\30"..., 20) = 20
close(17) = 0
gettimeofday({1182803367, 225672}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
open("/etc/httpd/conf/local.keytab", O_RDONLY|O_LARGEFILE) = 17
fcntl64(17, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET, start=0,
len=0}, 0xbfd68e04) = 0
read(17, "\5\2\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0"..., 8192) = 75 _llseek(17, -73, [2], SEEK_CUR) = 0 read(17, "\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0\25f"..., 8192) = 73 _llseek(17, 0, [0], SEEK_SET) = 0 read(17, "\5\2\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0"..., 8192) = 75 _llseek(17, 0, [0], SEEK_SET) = 0 read(17, "\5\2\0\0\0E\0\2\0\17LAN.THRIFTY.NET\0\4HTTP\0"..., 8192) = 75 read(17, "", 8192) = 0fcntl64(17, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}, 0xbfd68e04) = 0
close(17) = 0 geteuid32() = 48 time(NULL) = 1182803367 time(NULL) = 1182803367stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "u\34\211\271\254\255\375\201I\237\35\202Xs\35-\257\243"...,
20) = 20
close(17) = 0
gettimeofday({1182803367, 228026}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "\205L\377\33q!\343\206\255^w\321\234\337\265\350&V\372"...,
20) = 20
close(17) = 0
gettimeofday({1182803367, 229729}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
gettimeofday({1182803367, 230323}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 126) = 126
gettimeofday({1182803367, 230442}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [debu"..., 119) = 119
gettimeofday({1182803367, 230551}, NULL) = 0
write(10, "[Mon Jun 25 15:29:27 2007] [erro"..., 182) = 182
time(NULL) = 1182803367
stat64("/var/kerberos/krb5kdc/kdc.conf", {st_mode=S_IFREG|0666,
st_size=481, ...}) = 0
open("/var/kerberos/krb5kdc/kdc.conf", O_RDONLY|O_LARGEFILE) = 17
access("/var/kerberos/krb5kdc/kdc.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=481, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[kdcdefaults]\n kdc_ports "..., 4096) = 481
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
time(NULL) = 1182803367
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
open("/etc/krb5.conf", O_RDONLY|O_LARGEFILE) = 17
access("/etc/krb5.conf", W_OK) = 0
fstat64(17, {st_mode=S_IFREG|0666, st_size=868, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c21000
read(17, "[logging]\n kdc = SYSLOG:info:"..., 4096) = 868
read(17, "", 4096) = 0
close(17) = 0
munmap(0xb7c21000, 4096) = 0
access("/etc/krb5.conf", R_OK) = 0
time(NULL) = 1182803367
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 17
fstat64(17, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0
read(17, "\222dh\21)\232\7\353-\247~\20\377\2\2406|L\343\355", 20) = 20
close(17) = 0
gettimeofday({1182803367, 231818}, NULL) = 0
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
time(NULL) = 1182803367
writev(16, [{"HTTP/1.1 401 Authorization Requi"..., 240}, {"<!DOCTYPE
HTML PUBLIC \"-//IETF//"..., 471}], 2) = 711
write(12, "172.25.201.26 - - [25/Jun/2007:1"..., 186) = 186
shutdown(16, 1 /* send */) = 0
poll([{fd=16, events=POLLIN}], 1, 2000) = 0
close(16) = 0
read(8, 0xbfd69d03, 1) = -1 EAGAIN (Resource
temporarily unavailable)
semop(7602192, 0x89770c, 1) = 0epoll_wait(15, 820d72b0, 2, -1) = -1 EINTR (Interrupted system call)
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|