Skip to navigation

Bug Fix Advisory mod_auth_kerb bug fix and enhancement update

Advisory: RHBA-2013:0078-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-01-07
Last updated on: 2013-01-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)

Details

Updated mod_auth_kerb packages that fix two bugs and add one enhancement are now
available for Red Hat Enterprise Linux 5.

The mod_auth_kerb package provides a module for the Apache HTTP Server designed
to provide Kerberos authentication over HTTP. The module supports the Negotiate
authentication method, which performs full Kerberos authentication based on
ticket exchanges.

These updated mod_auth_kerb packages provide fixes for the following bugs:

* Prior to this update, the mod_auth_kerb source RPM could not be built by a
non-root user. This was because the httpd-devel package places the apxs utility,
which is needed to build the mod_auth_kerb package, into the /usr/sbin
directory. This directory is not specified in the PATH variable for non-root
users. With this update, the apxs utility is defined as being placed in the
/usr/bin directory in the "mod_auth_kerb.spec" file, and the mod_auth_kerb SRPM
can now be successfully built by non-root users. (BZ#456662)

* The "mod_auth_kerb" module did not use the Kerberos libraries in a thread-safe
way. Therefore, if mod_auth_kerb ran under a multi-threaded Apache HTTP Server,
authentication requests could terminate unexpectedly with a segmentation fault.
With this update, the thread-safety problem has been fixed, and crashes no
longer occur under these circumstances. (BZ#734098)

In addition, these updated mod_auth_kerb packages provide the following
enhancement:

* The "KrbLocalUserMapping" Apache directive has been added to allow Kerberos
principal names to be mapped to system user names. (BZ#446670)

Users are advised to upgrade to these updated mod_auth_kerb packages, which fix
these bugs and add this enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mod_auth_kerb-5.1-5.el5.src.rpm     MD5: 3ed0613c93e01f494022c4f5a171253f
SHA-256: b8712a1a501ade7c584a5fd38a9d87d42546cce1db80ffcdbcdd91c90f456db7
 
IA-32:
mod_auth_kerb-5.1-5.el5.i386.rpm     MD5: bde8626bd9637006968be484b5985d6c
SHA-256: 998b5b38d9e7af5427b5fae67b17fe50ed3a2b251ec5deb856866ef015c26d89
mod_auth_kerb-debuginfo-5.1-5.el5.i386.rpm     MD5: 993b5b0a15b61c4801bd6ca808daded0
SHA-256: 929e974f889c5867a1a5579de048470819c42939d095f19f180805e4f8fee6c1
 
x86_64:
mod_auth_kerb-5.1-5.el5.x86_64.rpm     MD5: 7ca05eb147d1ae6685b32ff7e488afe6
SHA-256: b2d1824ffafc7a780445ecc4bc763e48b94e89bd056ff52487550d01fc14f5b0
mod_auth_kerb-debuginfo-5.1-5.el5.x86_64.rpm     MD5: 420552b749bb42be1a20cd2286252d86
SHA-256: 465833752497d306dc2c3e4b9918368e1300145499e4ce7fd22c9d352a8d991e
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mod_auth_kerb-5.1-5.el5.src.rpm     MD5: 3ed0613c93e01f494022c4f5a171253f
SHA-256: b8712a1a501ade7c584a5fd38a9d87d42546cce1db80ffcdbcdd91c90f456db7
 
IA-32:
mod_auth_kerb-5.1-5.el5.i386.rpm     MD5: bde8626bd9637006968be484b5985d6c
SHA-256: 998b5b38d9e7af5427b5fae67b17fe50ed3a2b251ec5deb856866ef015c26d89
mod_auth_kerb-debuginfo-5.1-5.el5.i386.rpm     MD5: 993b5b0a15b61c4801bd6ca808daded0
SHA-256: 929e974f889c5867a1a5579de048470819c42939d095f19f180805e4f8fee6c1
 
IA-64:
mod_auth_kerb-5.1-5.el5.ia64.rpm     MD5: 67345c170cc4be1b20f301ea545b266e
SHA-256: c9429bcd70a6e8b2f1830df77b5c764532151f8f9d7798f3fb45db9acc8dc604
mod_auth_kerb-debuginfo-5.1-5.el5.ia64.rpm     MD5: 07e849003d8b0bd278942bab0887b387
SHA-256: 3f7fd1b5c3fdf068c6d2ac0bfe6a3dabb8bfe25c0fad05ce81de94e0c483d699
 
PPC:
mod_auth_kerb-5.1-5.el5.ppc.rpm     MD5: 9536bc070653f1b85718fdc1d8829fc0
SHA-256: 99a22802dd24ccb20bc4414a4fb06928a5f8c36854bf1b1c34a796eb91d9a2a0
mod_auth_kerb-debuginfo-5.1-5.el5.ppc.rpm     MD5: 8bee3ecd1a807ade7472e76ae0631bc5
SHA-256: d228cd065bf9b987f2e9ce4650faf3af9abf25fed2f9b91f581c0e9aceeb370d
 
s390x:
mod_auth_kerb-5.1-5.el5.s390x.rpm     MD5: 3d459daf43e6b0d0c212319dc5eaf464
SHA-256: 9581c0e1d332cbf0b8aeee74a177e4dbefbd1d085b329d6dc77dd5585179aa17
mod_auth_kerb-debuginfo-5.1-5.el5.s390x.rpm     MD5: 93e48c3dff9e277a9a810b40884fb815
SHA-256: ccf14ddcb504d247c9ab04d555cf5d18198d90e9751ac0c51f0f9bccf9714c3f
 
x86_64:
mod_auth_kerb-5.1-5.el5.x86_64.rpm     MD5: 7ca05eb147d1ae6685b32ff7e488afe6
SHA-256: b2d1824ffafc7a780445ecc4bc763e48b94e89bd056ff52487550d01fc14f5b0
mod_auth_kerb-debuginfo-5.1-5.el5.x86_64.rpm     MD5: 420552b749bb42be1a20cd2286252d86
SHA-256: 465833752497d306dc2c3e4b9918368e1300145499e4ce7fd22c9d352a8d991e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

446670 - [RFE] Include apache directive 'KrbLocalUserMapping' in 'mod_auth_kerb'
456662 - mod_auth_kerb does not build from SRPM
734098 - mod_auth_kerb threading problems



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/