Hide Forgot
Created attachment 520390 [details] error_log.gz Description of problem: mod_auth_kerb doesn't work properly with worker MPM. There are the following errors in the log (please find whole error_log attached): [Mon Aug 29 08:23:55 2011] [notice] child pid 12884 exit signal Bus error (7) [Mon Aug 29 08:23:57 2011] [notice] child pid 12938 exit signal Segmentation fault (11) [Mon Aug 29 08:24:02 2011] [notice] child pid 12968 exit signal Segmentation fault (11) [Mon Aug 29 08:24:03 2011] [notice] child pid 12970 exit signal Segmentation fault (11) *** glibc detected *** /usr/sbin/httpd.worker: double free or corruption (fasttop): 0x00002aaabc000fe0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x2af75241c45f] /lib64/libc.so.6(cfree+0x4b)[0x2af75241c8bb] /usr/lib64/libkrb5.so.3[0x2af75378a9e8] /etc/httpd/modules/mod_auth_kerb.so[0x2af75ab5520e] /usr/sbin/httpd.worker(ap_run_check_user_id+0x72)[0x2af7504a3652] /usr/sbin/httpd.worker(ap_process_request_internal+0x237)[0x2af7504a4857] /usr/sbin/httpd.worker(ap_process_request+0x198)[0x2af7504b6058] /usr/sbin/httpd.worker[0x2af7504b32a0] /usr/sbin/httpd.worker(ap_run_process_connection+0x72)[0x2af7504af632] /usr/sbin/httpd.worker[0x2af7504baaf7] /lib64/libpthread.so.0[0x2af751f9073d] /lib64/libc.so.6(clone+0x6d)[0x2af75247e4bd] ======= Memory map: ======== Version-Release number of selected component (if applicable): mod_auth_kerb-5.1-3.el5 httpd-2.2.3-53.el5 How reproducible: MPM worker, mod_auth_kerb authentication with "KrbMethodK5Passwd on". ab -n 1000 -c 100 -A username:password http://hostname/ Actual results: Lot of "Failed requests" in the ab's output. Server error_log is full of errors. If user try to open real page (with images, styles etc.) in browser, it looks broken - lot of images are missing etc. Expected results: No failed requests. No errors in the error_log. Additional info: It seems to be fixed in upstream since Oct 2 2008: http://modauthkerb.cvs.sourceforge.net/viewvc/modauthkerb/mod_auth_kerb/src/mod_auth_kerb.c?r1=1.141&r2=1.142
Hi, any progress with this issue? It's a blocker for us. Thanks Vojtech
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The mod_auth_kerb module did not use the Kerberos libraries in a thread-safe way. Therefore, if mod_auth_kerb ran under a multi-threaded Apache HTTP Server, authentication requests could terminate unexpectedly with a segmentation fault. With this update, the thread-safety problem has been fixed, and thread crashes no longer occur under these circumstances.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0078.html