The auth module will occasionally cause the apache child process to crash, interrupting the connection. The problem is probably caused by a particular hack present in the mod_auth_kerb.c:278 ------------ #if defined(KRB5) && !defined(HEIMDAL) /* Needed to work around problems with replay caches */ #include "mit-internals.h" /* This is our replacement krb5_rc_store function */ static krb5_error_code KRB5_LIB_FUNCTION ---------- The workaround is version specific to mit kerberos v1.3 and may be responsible for the crashes I'm experiencing: *** glibc detected *** /usr/sbin/apache2: double free or corruption (out): 0x0000 7f6028000100 *** ======= Backtrace: ========= /lib/libc.so.6[0x7f604aaa6e0d] /lib/libc.so.6(cfree+0x76)[0x7f604aaa8b06] /usr/lib/libkrb5.so.3[0x7f60444d7000] /usr/lib64/apache2/modules/mod_auth_kerb.so[0x7f604302fcb6] /usr/lib64/apache2/modules/mod_auth_kerb.so[0x7f6043030809] /usr/sbin/apache2(ap_run_check_user_id+0x7a)[0x4345aa] /usr/sbin/apache2(ap_process_request_internal+0x2c4)[0x436564] /usr/sbin/apache2(ap_process_request+0x178)[0x446b88] /usr/sbin/apache2[0x443d80] /usr/sbin/apache2(ap_run_process_connection+0x7a)[0x44018a] /usr/sbin/apache2[0x44bf39] /lib/libpthread.so.0[0x7f604af88097] /lib/libc.so.6(clone+0x6d)[0x7f604aafbbcd] Reproducible: Sometimes Steps to Reproduce: Running apache server in a production environment with mod_auth_kerb authentication enabled.
Please provide emerge --info and emerge -pvq apache.
*** Bug 269784 has been marked as a duplicate of this bug. ***
Created attachment 191301 [details] "emerge --info" of my test machine
Created attachment 191303 [details] "emerge -pvq apache" of my test machine
Created attachment 191305 [details] More elaborate crash dump from the apache with fully annotated backtrace. It seems that disabling the hack in the mod_auth_kerb has no effect on the phenomenon (the crashes continue). Actual backtrace varies on occasion (there's more than one point of failure) but is always associated with kerberos credentials clean-up.
Upstream appears to fix some issues in version 5.4 of the package (I'm currently testing it). May be the ebuild should be version bumped?
I can confirm now that v5.4 is considerably more stable (or outright fixes the bug).
5.4 is in cvs now