The bug manifests in the error log as:
[Sun Jul 01 06:37:54 2007] [error] [client 1.2.3.4] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (Cannot allocate memory)
MIT has already fixed the bug (about the same time krb5-libs-1.5-21.1.i386.rpm was released), but I don't see a more recent rpm available for FC6.
The bug is in lib/gssapi/krb5/indicate_mechs.c. The if() has the condition negated, which is wrong. The function should be as follows:
OM_uint32
krb5_gss_indicate_mechs(minor_status, mech_set)
OM_uint32 *minor_status;
gss_OID_set *mech_set;
{
*minor_status = 0;
if (gssint_copy_oid_set(minor_status, gss_mech_set_krb5_both, mech_set)) {
*mech_set = GSS_C_NO_OID_SET;
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
return(GSS_S_COMPLETE);
}
"./gssapi/krb5/indicate_mechs.c" line 44 of 44 --100%-- col 1
More here
I fixed it by installing the source RPM krb5-1.5-21.1.src.rpm, editing indicate_mechs.c, rebuilding the RPMs and installing them.
For those no more familiar with doing such things than I was, the following suggestions may help:
rpm -i krb5-1.5-21.1.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bb krb5.spec
Check and confirm that the RPMS were built successfully
cd /usr/src/redhat/BUILD/krb5-1.5/src/lib/gssapi/krb5
vi indicate_mechs.c
Change the if() to read as above (i.e. remove the '!')
cd /usr/src/redhat/SPECS
rpmbuild -bc --short-circuit krb5.spec
cd /usr/src/redhat/RPMS
rpm -U --force krb5*
It would be better to make a patch and change the version number of the RPM, but I don't know enough to do that.
After this change, mod_auth_kerb worked fine!!
No comments:
Post a Comment