[OpenAFS] Apache/Kerberos/AFS k5start question

John Hammond jhammond@ucsc.edu
Thu, 13 Dec 2007 14:54:46 -0800 

I'm hoping someone might have some insight on a problem I'm having. I'm 
running Apache/2.0.52, Kerberos5 and OpenAFS/1.4.5. Kerberos, AFS and 
Apache are initiated in the following manner in /etc/init.d/httpd:

/usr/bin/pagsh -c "/usr/local/bin/k5start -b -K 30 -l 10h -p 
/var/run/httpd.k5start.pid -f /etc/keytabs/krb5.wwwadmin -t wwwadmin; 
LANG=$HTTPD_LANG $httpd $OPTIONS"

The Apache server is run as user apache but credentials are under user 
wwwadmin. /tmp/krb5cc_0 permissions are as follows:
-rw-------   1 root     root    787 Dec 13 08:30 krb5cc_0

I get the following error when certain cgi's are run. It does not appear 
to happen everytime the cgi's are run.
as-prod-web-2 kernel: afs: Tokens for user of AFS id 0 for cell 
cats.ucsc.edu are discarded (rxkad error=19270408)

klists gives the following:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: wwwadmin@CATS.UCSC.EDU

Valid starting     Expires            Service principal
12/13/07 08:30:05  12/13/07 18:30:05  krbtgt/CATS.UCSC.EDU@CATS.UCSC.EDU
12/13/07 08:30:05  12/13/07 18:30:05  afs/cats.ucsc.edu@CATS.UCSC.EDU


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


Any ideas why I might be getting this error? Places to look? Debugging 
tips?

thanks
John


PS some data:
uname -a -> Linux as-prod-web-2.ucsc.edu 2.6.9-42.0.10.ELsmp #1 SMP Fri 
Feb 16 17:17:21 EST 2007 i686 i686 i386 GNU/Linux

/usr/sbin/httpd -V
Server version: Apache/2.0.52
Server built:   Jun 29 2007 05:07:13
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"