Bug 243686

Another report, back in Nov 2006:
http://osdir.com/ml/apache.mod-auth-kerb.general/2006-11/msg00069.html

This was also for 2.0.59 on fedora6 as per other report.

I am however using all and only fedora6 rpms, installed via yum.

updated title to be more descriptive
(however needless to say, the problem is not a lack of memory!)

server in both cases for me was windows 2003 sp1

The same problem here in fully updated RHEL5.

Also I found description of the problem and the solution in:
http://sourceforge.net/mailarchive/forum.php?thread_name=2306E39C-CE49-4CC2-
A902-4AE1C40E486E%40neosaint.org&forum_name=modauthkerb-help

This supposedly a bug in the krb5 library, according to the diagnosis on the
modauthkerb list.  I don't have a repro case for this though.

Mindaugas - how do you reproduce the problem?  Is the key the use of the Win2K3 KDC?

Ah, this is known and is tracked as bug 238847 for RHEL5.

  I can test some binary .rpm (64bit) if the problem is fixed. Maybe there 
exists some testing RPMs? In Fastrack?

  And yes - server is Win2003 server with SP1 installed.

Principal was initialized with command:
kinit -k -t /etc/httpd/conf/ssmonkeytab HTTP/ssmon.bite.lt

# cat krb5.conf 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = BITE.LT
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 BITE.LT = {
  kdc = 172.20.0.5
  admin_server = 172.20.0.5
  default_domain = bite.lt
 }

[domain_realm]
 .bite.lt = BITE.LT

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

# cat kerb.conf
<Directory /var/www/fruity>
    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbAuthRealms BITE.LT
    KrbServiceName HTTP
    Krb5Keytab /etc/httpd/conf/ssmonkeytab
    KrbMethodNegotiate on
    KrbMethodK5Passwd off
    require valid-user
</Directory>

Sorry, FC6 went end-of-life before I got a fix out for it.  F7 and later include
1.6 or later, which fixed this.  Going to close this with resolution
current-release.

Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.