Package: libapache2-mod-auth-kerb Version: 5.4-2.2 Severity: grave Justification: renders package unusable
When attempting to authenticate using GSS-API the server sometimes responds with a 401 error (which it shouldn't, as the user data is correct). Meanwhile, the apache log fills very rapidly with several "Request is a replay" messages: [Sat Feb 20 21:09:11.537822 2016] [auth_kerb:error] [pid 21422] [client] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Request is a replay) [Sat Feb 20 21:09:11.538313 2016] [auth_kerb:error] [pid 21422] [client] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Request is a replay) [Sat Feb 20 21:09:11.538806 2016] [auth_kerb:error] [pid 21422] [client] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Request is a replay) [Sat Feb 20 21:09:11.539292 2016] [auth_kerb:error] [pid 21422] [client] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Request is a replay) [Sat Feb 20 21:09:11.539779 2016] [auth_kerb:error] [pid 21422] [client] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Request is a replay) [Sat Feb 20 21:09:11.540296 2016] [auth_kerb:error] [pid 21422] [client] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Request is a replay) The issue seems to be related to mod_auth_kerb-5.4-delegation.patch. It does not occur when building without this patch. This is a regression from wheezy. -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-itk01 (SMP w/24 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libapache2-mod-auth-kerb depends on: ii apache2-bin [apache2-api-20120211] 2.4.10-10+deb8u4 ii krb5-config 2.3 ii libc6 2.19-18+deb8u3 ii libcomerr2 1.42.12-1.1 ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2 ii libk5crypto3 1.12.1+dfsg-19+deb8u2 ii libkrb5-3 1.12.1+dfsg-19+deb8u2 libapache2-mod-auth-kerb recommends no packages. libapache2-mod-auth-kerb suggests no packages. -- no debconf information
