mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory - Kerberos

This is a discussion on mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory - Kerberos ; hello, i have big trouble getting mod_auth_kerb working on a fully patched Fedora Core 6 with Apache 2.0.59. the same constellation works on FC3. Error in Apachelog is: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (Cannot ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

  1. mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

    hello,

    i have big trouble getting mod_auth_kerb working on a fully patched
    Fedora Core 6 with Apache 2.0.59.
    the same constellation works on FC3.


    Error in Apachelog is:

    gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
    may provide more information (Cannot allocate memory)


    >./configure --without-krb4

    checking for gcc... gcc
    checking for C compiler default output file name... a.out
    checking whether the C compiler works... yes
    checking whether we are cross compiling... no
    checking for suffix of executables...
    checking for suffix of object files... o
    checking whether we are using the GNU C compiler... yes
    checking whether gcc accepts -g... yes
    checking for gcc option to accept ANSI C... none needed
    checking whether make sets $(MAKE)... yes
    checking for main in -lresolv... yes
    checking how to run the C preprocessor... gcc -E
    checking for egrep... grep -E
    checking for ANSI C header files... yes
    checking for sys/types.h... yes
    checking for sys/stat.h... yes
    checking for stdlib.h... yes
    checking for string.h... yes
    checking for memory.h... yes
    checking for strings.h... yes
    checking for inttypes.h... yes
    checking for stdint.h... yes
    checking for unistd.h... yes
    checking limits.h usability... yes
    checking limits.h presence... yes
    checking for limits.h... yes
    checking netdb.h usability... yes
    checking netdb.h presence... yes
    checking for netdb.h... yes
    checking stddef.h usability... yes
    checking stddef.h presence... yes
    checking for stddef.h... yes
    checking for stdlib.h... (cached) yes
    checking for string.h... (cached) yes
    checking for unistd.h... (cached) yes
    checking for size_t... yes
    checking whether struct tm is in sys/time.h or time.h... time.h
    checking gssapi.h usability... no
    checking gssapi.h presence... no
    checking for gssapi.h... no
    checking gssapi/gssapi.h usability... yes
    checking gssapi/gssapi.h presence... yes
    checking for gssapi/gssapi.h... yes
    checking for krb5_init_context in -lkrb5... yes
    checking whether we are using Heimdal... no
    checking whether the GSSAPI libraries support SPNEGO... yes
    checking for apxs... /anwendung/apache2/current/bin/apxs
    configure: creating ./config.status
    config.status: creating Makefile
    config.status: creating config.h


    could someone please provide me a hint?

    thanks&greets

    jakob


  2. Re: mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

    hello again,

    i still suffering this problems. if i take the mod_auth_kerb.so
    compiled on a FC3 box it works without problems.

    i enabled debug in apache to get some more info:

    [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1485): [client
    10.11.15.27] kerb_authenticate_user entered with user (NULL) and
    auth_type KerberosV5
    [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1172): [client
    10.11.15.27] Acquiring creds for HTTP@lbtest
    [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1316): [client
    10.11.15.27] Verifying client data using KRB5 GSS-API
    [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1332): [client
    10.11.15.27] Verification returned code 851968
    [Fri May 18 14:30:15 2007] [error] [client 10.11.15.27]
    gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
    may provide more information (Cannot allocate memory)


    the kerberos system is working i can do a kinit or

    >kinit -V -k -t /etc/krb5.keytab HTTP/XXXXX.XXXX-XXXX.de@XXXX-XXXXXX.XX

    Authenticated to Kerberos v5

    anybody??

    greets

    jakob



  3. Re: mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

    What is the hostname of your system ? Apache asks for
    gethostbyaddr(gethostbyname(hostname)) and if your hosts file
    has an entry like

    192.168.1.1 lbtest lbtest.domain

    Apache will look for HTTP/lbtest whereas the client will most probably have
    asked for HTTP/lbtest.domain. If you change the order in the hosts file it
    should work. (Not sure why it complains about memory though)

    Regards
    Markus

    "Jakob" wrote in message
    news:1179491844.025642.75970@y80g2000hsf.googlegro ups.com...
    > hello again,
    >
    > i still suffering this problems. if i take the mod_auth_kerb.so
    > compiled on a FC3 box it works without problems.
    >
    > i enabled debug in apache to get some more info:
    >
    > [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1485): [client
    > 10.11.15.27] kerb_authenticate_user entered with user (NULL) and
    > auth_type KerberosV5
    > [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1172): [client
    > 10.11.15.27] Acquiring creds for HTTP@lbtest
    > [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1316): [client
    > 10.11.15.27] Verifying client data using KRB5 GSS-API
    > [Fri May 18 14:30:15 2007] [debug] src/mod_auth_kerb.c(1332): [client
    > 10.11.15.27] Verification returned code 851968
    > [Fri May 18 14:30:15 2007] [error] [client 10.11.15.27]
    > gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
    > may provide more information (Cannot allocate memory)
    >
    >
    > the kerberos system is working i can do a kinit or
    >
    >>kinit -V -k -t /etc/krb5.keytab HTTP/XXXXX.XXXX-XXXX.de@XXXX-XXXXXX.XX

    > Authenticated to Kerberos v5
    >
    > anybody??
    >
    > greets
    >
    > jakob
    >
    >




  4. Re: mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

    On 18 Mai, 20:41, "Markus Moeller" wrote:
    > What is the hostname of your system ? Apache asks for
    > gethostbyaddr(gethostbyname(hostname)) and if your hosts file
    > has an entry like
    >
    > 192.168.1.1 lbtest lbtest.domain
    >
    > Apache will look for HTTP/lbtest whereas the client will most probably have
    > asked for HTTP/lbtest.domain. If you change the order in the hosts file it
    > should work. (Not sure why it complains about memory though)
    >
    > Regards
    > Markus


    hi Markus,

    i donīt think itīs a DNS misconfiguration, because with the module
    compiled on Fedora Core 3 and the same .htaccess / krb5.conf
    configuration it works perfect.

    i enabled the debug-logging on apache:

    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1485): [client
    10.11.15.27] kerb_authenticate_user entered with user (NULL) and
    auth_type Kerberos
    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1172): [client
    10.11.15.27] Acquiring creds for HTTP/loadbalancer.XXXX-XXXX.de@XXXX-
    XXXX.DE
    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1316): [client
    10.11.15.27] Verifying client data using KRB5 GSS-API
    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1332): [client
    10.11.15.27] Verification returned code 851968
    [Mon May 21 13:33:28 2007] [error] [client 10.11.15.27]
    gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
    may provide more information (Cannot allocate memory)


    if i set KrbMethodNegotiate to off, and authenticate with my username/
    password in the dialog-box it also works with the module compiled on
    Fedora Core 6.

    i have no clue

    thanks&greets

    jakob


  5. Re: mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

    It doesn't seem to be new
    http://arcknowledge.com/apache.mod-a.../msg00000.html,
    but I haven't seen a solution.

    You may need to run apache with a debug kerberos library in gdb or ddd to
    find the error.

    Markus


    "Jakob" wrote in message
    news:1179747758.179931.261490@n15g2000prd.googlegr oups.com...
    On 18 Mai, 20:41, "Markus Moeller" wrote:
    > What is the hostname of your system ? Apache asks for
    > gethostbyaddr(gethostbyname(hostname)) and if your hosts file
    > has an entry like
    >
    > 192.168.1.1 lbtest lbtest.domain
    >
    > Apache will look for HTTP/lbtest whereas the client will most probably
    > have
    > asked for HTTP/lbtest.domain. If you change the order in the hosts file it
    > should work. (Not sure why it complains about memory though)
    >
    > Regards
    > Markus


    hi Markus,

    i donīt think itīs a DNS misconfiguration, because with the module
    compiled on Fedora Core 3 and the same .htaccess / krb5.conf
    configuration it works perfect.

    i enabled the debug-logging on apache:

    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1485): [client
    10.11.15.27] kerb_authenticate_user entered with user (NULL) and
    auth_type Kerberos
    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1172): [client
    10.11.15.27] Acquiring creds for HTTP/loadbalancer.XXXX-XXXX.de@XXXX-
    XXXX.DE
    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1316): [client
    10.11.15.27] Verifying client data using KRB5 GSS-API
    [Mon May 21 13:33:28 2007] [debug] src/mod_auth_kerb.c(1332): [client
    10.11.15.27] Verification returned code 851968
    [Mon May 21 13:33:28 2007] [error] [client 10.11.15.27]
    gss_accept_sec_context() failed: Unspecified GSS failure. Minor code
    may provide more information (Cannot allocate memory)


    if i set KrbMethodNegotiate to off, and authenticate with my username/
    password in the dialog-box it also works with the module compiled on
    Fedora Core 6.

    i have no clue

    thanks&greets

    jakob



  6. Re: mod_auth_kerb gss_accept_sec_context() failed: Cannot allocate memory

    When I saw this error, it was due to the in-memory keytab struct having a NULL in entries[0]. The numEntries count was one greater than the actual number of entries, causing the array to be filled in reverse order. The get_next routine did not handle the NULL entry well, and assumed ENOMEM was the trouble. Since the unload routine did not clear the count, the only way to clear the error was to re-init the in-memory keytab from the krb5.keytab file.

+ Reply to Thread