Bug 1567223 - Downgrade mod_auth_gssapi missing auth headers from ERROR to INFO
Summary: Downgrade mod_auth_gssapi missing auth headers from ERROR to INFO
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: mod_auth_gssapi
Version: 7.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: anuja
URL:
Whiteboard:
Depends On:
Blocks: 1788833
TreeView+ depends on / blocked
 
Reported: 2018-04-13 15:21 UTC by David Mulford
Modified: 2020-09-29 20:09 UTC (History)
8 users (show)

Fixed In Version: mod_auth_gssapi-1.5.1-7.el7
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-29 20:09:26 UTC
Target Upstream Version:
akrawczy: needinfo+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4196241 0 Troubleshoot None mod_auth_gssapi error logging is too verbose 2019-06-04 13:23:06 UTC
Red Hat Product Errata RHBA-2020:3962 0 None None None 2020-09-29 20:09:30 UTC

Description David Mulford 2018-04-13 15:21:16 UTC 
mod_auth_gssapi reports the following log message as an error.

[auth_gssapi:error]  NO AUTH DATA Client did not send any authentication headers

Upstream has downgraded this to an INFO message.

GitHub Issue: https://github.com/modauthgssapi/mod_auth_gssapi/issues/155
Commit: https://github.com/modauthgssapi/mod_auth_gssapi/commit/07b0d3c568b8086fcf1558e9b1745df99bb15081

This is causing the error log to become flooded with these log messages making it difficult to find any actual errors that may be happening.


Version-Release number of selected component (if applicable):
- httpd-2.4.6-67.el7_4.6.x86_64
- mod_auth_gssapi

How reproducible:
Always


Steps to Reproduce:
1. Install httpd and mod_auth_gssapi packages
2. Configure auth_gssapi for Kerberos auth
3. View the httpd error logs

Actual results:
Errors logs flooded with the log messages.

Expected results:
Logs should not be flooded with the log messages when LogLevel is set to warn.
Comment 16 anuja 2020-04-28 07:12:07 UTC 
Reproduced using : 
mod_auth_gssapi-1.5.1-2.el7.x86_64
httpd-2.4.6-67.el7_4.6.x86_64

Reproduced wiith steps:
1. Install httpd and mod_auth_gssapi packages
2. Configure auth_gssapi for Kerberos auth
--------------------------------------------------------------------------------------------

[root@client1 ~]#  curl -i --negotiate -u : http://$( hostname )/mywebapp/index.html
HTTP/1.1 401 Unauthorized
Date: Fri, 24 Apr 2020 08:55:25 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_gssapi/1.5.1
WWW-Authenticate: Negotiate
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Fri, 24 Apr 2020 08:55:25 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_gssapi/1.5.1
WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvDRHKm+xN5iAXlvQ3ayqKzPXCYjkT8zoenz6JQAAI/6gSLcvEVi+HRhFbWKhLA5iHc6yhs3KdVAVG6O+ew+MNs4mvDMTiOaPHgSP2/6oWQkKXz3w7dFWZ5fqTZkvjIGDJpVwXT7t/VPKu30jh8cGx
Last-Modified: Fri, 24 Apr 2020 08:52:48 GMT
ETag: "13-5a4057d5b7e41"
Accept-Ranges: bytes
Content-Length: 19
Content-Type: text/html; charset=UTF-8

TEST_MY_WEB_APP7.4
[root@client1 ~]# cat /var/log/httpd/error_log | grep "NO AUTH DATA Client did not send any authentication headers"
[Fri Apr 24 04:55:25.149755 2020] [auth_gssapi:error] [pid 4385] [client x.x.x.x:59528] NO AUTH DATA Client did not send any authentication headers
[root@client1 ~]# date
Fri Apr 24 04:55:50 EDT 2020

-----------------------------------------------------------------------------------------
Verified using latest version : 
mod_auth_gssapi-1.5.1-7.el7.x86_64
httpd-2.4.6-95.el7.x86_64
-----------------------------------------------------------------------------------------
[root@client1 ~]# curl -i --negotiate -u : http://$( hostname )/mywebapp/index.html
HTTP/1.1 401 Unauthorized
Date: Fri, 24 Apr 2020 09:02:10 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_gssapi/1.5.1
WWW-Authenticate: Negotiate
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Fri, 24 Apr 2020 09:02:10 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) mod_auth_gssapi/1.5.1
WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv+NzvEZEtb1nd6ttQBAtni85HT/LdML35yKNNtlHW40HxElByGYO9obEKPd7XJfYxc2Pz71XmFjsG90+HNo5nEHuU5VrQrhWb5Z4Qn2K/UOZyEVdjfcvqJ2P7TeLtHDaEjFt/fUJCNDS0/4XYDIGl
Last-Modified: Fri, 24 Apr 2020 09:00:44 GMT
ETag: "13-5a40599b5fcdd"
Accept-Ranges: bytes
Content-Length: 19
Content-Type: text/html; charset=UTF-8

TEST_MY_WEB_APP7.9
[root@client79 ~]# cat /var/log/httpd/error_log | grep "NO AUTH DATA Client did not send any authentication headers"
[Fri Apr 24 06:41:02.161363 2020] [auth_gssapi:info] [pid 16064] [client x.x.x.x:45534] NO AUTH DATA Client did not send any authentication headers
[Fri Apr 24 06:41:09.317406 2020] [auth_gssapi:info] [pid 16066] [client x.x.x.x:45540] NO AUTH DATA Client did not send any authentication headers
[Fri Apr 24 06:42:47.071353 2020] [auth_gssapi:info] [pid 16106] [client x.x.x.x:45544] NO AUTH DATA Client did not send any authentication headers

As in fixed version the error is reported with loglevel type info.
Based on this marking this as verified.
Comment 18 errata-xmlrpc 2020-09-29 20:09:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (mod_auth_gssapi bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3962
Note You need to log in before you can comment on or make changes to this bug.