- Issued:
- 2012-06-20
- Updated:
- 2012-06-20
RHBA-2012:0877 - Bug Fix Advisory
Synopsis
mod_auth_kerb bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated mod_auth_kerb packages that fix a bug and add an enhancement are now
available for Red Hat Enterprise Linux 6.
Description
The mod_auth_kerb package provides a module for the Apache HTTP Server designed
to provide Kerberos authentication over HTTP. The module supports the Negotiate
authentication method, which performs full Kerberos authentication based on
ticket exchanges.
These updated mod_auth_kerb packages fix the following bug:
- Due to a bug in the handling of memory lifetime when the module was configured
to allow delegated credentials, the $KRB5CCNAME variable was lost after the
first request of an authenticated connection, causing web applications which
relied on the presence of delegated credentials to fail. The memory lifetime
handling has been fixed, allowing such web applications to access delegated
credentials. (BZ#688210)
In addition, these updated mod_auth_kerb packages provide the following
enhancement:
- Support for "S4U2Proxy" constrained delegation has been added, which allows
mod_auth_kerb to obtain credentials on behalf of an authenticated user.
(BZ#767741)
Users are advised to upgrade to these updated mod_auth_kerb packages, which fix
this bug and add this enhancement.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x
Fixes
- BZ - 661777 - can't be rebuild in mock
- BZ - 688210 - mod_auth_kerb using krb5passwd and keepalive and credential delegation loses delegation after first request on connection
- BZ - 767741 - Add support for s4u2proxy
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| i386 | |
| mod_auth_kerb-5.4-9.el6.i686.rpm | SHA-256: 80f6a464ba7804bf78afa9efc14a1468bff9c10729f7de9dba1f4ff163285088 |
| mod_auth_kerb-debuginfo-5.4-9.el6.i686.rpm | SHA-256: c55680e5913d9681199796fd93d0c722734d9264337f12cb031b0e49dd46b756 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| i386 | |
| mod_auth_kerb-5.4-9.el6.i686.rpm | SHA-256: 80f6a464ba7804bf78afa9efc14a1468bff9c10729f7de9dba1f4ff163285088 |
| mod_auth_kerb-debuginfo-5.4-9.el6.i686.rpm | SHA-256: c55680e5913d9681199796fd93d0c722734d9264337f12cb031b0e49dd46b756 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| i386 | |
| mod_auth_kerb-5.4-9.el6.i686.rpm | SHA-256: 80f6a464ba7804bf78afa9efc14a1468bff9c10729f7de9dba1f4ff163285088 |
| mod_auth_kerb-debuginfo-5.4-9.el6.i686.rpm | SHA-256: c55680e5913d9681199796fd93d0c722734d9264337f12cb031b0e49dd46b756 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| i386 | |
| mod_auth_kerb-5.4-9.el6.i686.rpm | SHA-256: 80f6a464ba7804bf78afa9efc14a1468bff9c10729f7de9dba1f4ff163285088 |
| mod_auth_kerb-debuginfo-5.4-9.el6.i686.rpm | SHA-256: c55680e5913d9681199796fd93d0c722734d9264337f12cb031b0e49dd46b756 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| i386 | |
| mod_auth_kerb-5.4-9.el6.i686.rpm | SHA-256: 80f6a464ba7804bf78afa9efc14a1468bff9c10729f7de9dba1f4ff163285088 |
| mod_auth_kerb-debuginfo-5.4-9.el6.i686.rpm | SHA-256: c55680e5913d9681199796fd93d0c722734d9264337f12cb031b0e49dd46b756 |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| s390x | |
| mod_auth_kerb-5.4-9.el6.s390x.rpm | SHA-256: 5ae9d28e53cc312f5e1e0293af1c261eb9fc74fe62ad1911379eec609d3de1cd |
| mod_auth_kerb-debuginfo-5.4-9.el6.s390x.rpm | SHA-256: f5f4fb8da94ae163865932ad7e645e5817243b0202473306ad7f3182a1145e3c |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| ppc64 | |
| mod_auth_kerb-5.4-9.el6.ppc64.rpm | SHA-256: 04e97941a0c8befa1da2b566ea17c8e0e6c008b656b4e486b49a9e8289b316b0 |
| mod_auth_kerb-debuginfo-5.4-9.el6.ppc64.rpm | SHA-256: e005e70b74bd1f410607257116cc7db65abf784ef3927a746efd8319b69654bf |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| s390x | |
| mod_auth_kerb-5.4-9.el6.s390x.rpm | SHA-256: 5ae9d28e53cc312f5e1e0293af1c261eb9fc74fe62ad1911379eec609d3de1cd |
| mod_auth_kerb-debuginfo-5.4-9.el6.s390x.rpm | SHA-256: f5f4fb8da94ae163865932ad7e645e5817243b0202473306ad7f3182a1145e3c |
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| x86_64 | |
| mod_auth_kerb-5.4-9.el6.x86_64.rpm | SHA-256: 1b0f0ded2a09410f8da59130c82ea08d8e327dbd226ef48c0230cda86a2db5c2 |
| mod_auth_kerb-debuginfo-5.4-9.el6.x86_64.rpm | SHA-256: 6e898a180cfc53caf300412697948c3386d8d8f7fecfe6daebaa0dccb45e6d05 |
| i386 | |
| mod_auth_kerb-5.4-9.el6.i686.rpm | SHA-256: 80f6a464ba7804bf78afa9efc14a1468bff9c10729f7de9dba1f4ff163285088 |
| mod_auth_kerb-debuginfo-5.4-9.el6.i686.rpm | SHA-256: c55680e5913d9681199796fd93d0c722734d9264337f12cb031b0e49dd46b756 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6
| SRPM | |
|---|---|
| mod_auth_kerb-5.4-9.el6.src.rpm | SHA-256: a594f7bd6c8e27908be4e757b010f6a39180819e26df24b746af64262bbb1e89 |
| s390x | |
| mod_auth_kerb-5.4-9.el6.s390x.rpm | SHA-256: 5ae9d28e53cc312f5e1e0293af1c261eb9fc74fe62ad1911379eec609d3de1cd |
| mod_auth_kerb-debuginfo-5.4-9.el6.s390x.rpm | SHA-256: f5f4fb8da94ae163865932ad7e645e5817243b0202473306ad7f3182a1145e3c |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
