我使用 Apache 2.4.10 和 Debian 8。我用apt安装了apache和大多数软件包。很长一段时间一切都很好,但突然间我们开始收到赛格错误。
[Wed Jan 02 00:55:19.233027 2019] [mpm_prefork:notice] [pid 25161] AH00171: Graceful restart requested, doing restart
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
[Wed Jan 02 00:55:19.326118 2019] [core:notice] [pid 25161] AH00060: seg fault or similar nasty error detected in the parent process
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
apache2: ../../../src/util/support/threads.c:383: krb5int_key_delete: Assertion `destructors_set[keynum] == 1' failed.
[Wed Jan 02 00:55:19.347698 2019] [:alert] [pid 12257] (4)Interrupted system call: FastCGI: read() from pipe failed (0)
[Wed Jan 02 00:55:19.347729 2019] [:alert] [pid 12257] (4)Interrupted system call: FastCGI: the PM is shutting down, Apache seems to have disappeared - bye
这似乎是 libkrb5.so 错。据我所知,我在机器上有 2 个库 - libkrb5.so.3 和 libkrb5.so.3.3。
- krb5int_key_delete让我觉得它的 Kerberos 库。
- 该方法在此处被别名错误地称为一个。
我确实升级了所有软件,希望它能打补丁。但没有成功。我们不将 kerberos 模块用于 apache。
知道可以使用这个库什么,甚至如何防止这个问题吗?
我也遇到了这个问题,并试图确定原因
关于"任何想法可以使用这个库":
利用 ldd 并假设您有一个 apache 模块的中心位置,您可以遍历模块列表并使用此库转储模块。前任:
find /etc/httpd/modules/*.so -exec sh -c 'echo {}; ldd {} | grep libkrb5' ;
(在我们的例子中,这将返回以下内容)
/etc/httpd/modules/libphp7.so
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f4f35f65000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f4f34839000)
/etc/httpd/modules/libphp7-zts.so
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007ff228114000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007ff226c04000)
/etc/httpd/modules/mod_ssl.so
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f0c0c7fa000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f0c0bf9d000)
我确实注意到 https://krbdev.mit.edu/rt/Ticket/Display.html?id=8614 的错误指向安装了两个不同的版本导致问题,但是在我们的环境中,我们在/usr/lib64 中有这些多个库,除了 libkrb5.so.3 是指向 libkrb5.so.3.3 的符号链接,所以我会确保这不是你所看到的。
我已经向 krb5-bugs@mit.edu 发送了一封电子邮件(基于 https://k5wiki.kerberos.org/wiki/Reporting_bugs),并希望尽快在这篇文章中分享票证的链接。
编辑:遵循错误报告 @ https://krbdev.mit.edu/rt/Ticket/Display.html?id=8863