Package: libapache2-mod-auth-kerb Version: 4.996-5.0-rc6-1 Severity: important
krb5 1.4.3 has just been uploaded to experimental and will hopefully be uploaded to unstable soon. In testing it, I found that mod_auth_kerb (at least with Apache 2 -- I haven't tested with Apache 1) doesn't work correctly with 1.4.3 when doing GSSAPI authentication. The attempted web page access hangs from the perspective of the browser, and Apache repeatedly logs the following: [Tue Nov 22 16:04:42 2005] [debug] src/mod_auth_kerb.c(1322): [client 171.64.19. 147] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Tue Nov 22 16:04:42 2005] [debug] src/mod_auth_kerb.c(1023): [client 171.64.19. 147] Acquiring creds for HTTP/[EMAIL PROTECTED] [Tue Nov 22 16:04:42 2005] [debug] src/mod_auth_kerb.c(1152): [client 171.64.19. 147] Verifying client data using KRB5 GSS-API [Tue Nov 22 16:04:42 2005] [debug] src/mod_auth_kerb.c(1168): [client 171.64.19. 147] Verification returned code 851968 [Tue Nov 22 16:04:42 2005] [error] [client 171.64.19.147] gss_accept_sec_context() failed: Miscellaneous failure (Request is a replay) Those log messages repeat until I press stop in the browser. Downgrading the libraries to 1.3 causes the module to start working again. My guess is that mod_auth_kerb is violating some assumption made in the Kerberos libraries, but I've not had a chance to investigate more completely yet. I hope to over the next few days. I'd like to get this fixed before 1.4.3 goes into unstable, for obvious reasons. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Versions of packages libapache2-mod-auth-kerb depends on: ii apache2-common 2.0.54-5 next generation, scalable, extenda ii krb5-config 1.8 Configuration files for Kerberos V ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libcomerr2 1.38-2 common error description library ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries libapache2-mod-auth-kerb recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
