Bug 470942

Summary:	www-apache/mod_auth_kerb-5.4-r1 cannot save Credentials when KrbSaveCredentials is set
Product:	Gentoo Linux	Reporter:	Azamat H. Hackimov <azamat.hackimov>
Component:	[OLD] Library	Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status:	RESOLVED FIXED
Severity:	normal	Keywords:	NeedPatch
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	532790

Description Azamat H. Hackimov 2013-05-22 05:49:52 UTC

When I enable in /etc/apache2/modules.d/11_mod_auth_kerb.conf option "KrbSaveCredentials on", apache cannot save credentials:

[Tue May 21 13:12:27 2013] [error] [client 10.128.1.124] mkstemp() failed: No such file or directory

After some digging code I realized that apache tries create temp-file in /var/run/httpd/krbcache which is not exist and not created by module nor ebuild.
In src/mod_auth_kerb.c there is code:

   ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XXXXXX", P_tmpdir);
   fd = mkstemp(ccname + strlen("FILE:"));
   if (fd < 0) {
      log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                 "mkstemp() failed: %s", ccname);
      ret = HTTP_INTERNAL_SERVER_ERROR;
      goto end;
   }
   close(fd);

P_tmpdir in stdio.h defined as /tmp, but somewhere this constant redefined to /var/run/httpd/krbcache

Comment 1 Pacho Ramos gentoo-dev

2015-05-08 18:21:23 UTC

+*mod_auth_kerb-5.4-r2 (08 May 2015)
+
+  08 May 2015; Pacho Ramos <pacho@gentoo.org>
+  +files/mod_auth_kerb-5.4-handle-continue.patch,
+  +files/mod_auth_kerb-5.4-longuser.patch,
+  +files/mod_auth_kerb-5.4-s4u2proxy-r2.patch, +mod_auth_kerb-5.4-r2.ebuild:
+  Apply more Fedora patches with fixes, update s4u2proxy patch to support
+  heimdal (#454816 by Spooky Ghost), tmpfiles.d needed (#470942 by Azamat H.
+  Hackimov)
+