Date: Fri, 29 Mar 2013 23:07:29 +0100 From: Spil Oss <spil.oss@gmail.com> To: olli hauer <ohauer@gmx.de> Cc: freebsd-apache@freebsd.org Subject: Re: Apache 2.4 in a jail with Digest auth Message-ID: <CAEJyAvMXHaEpWxE=Asvyud7pUGR5s2jCmHt=z_mwxkF2KHXZwg@mail.gmail.com> In-Reply-To: <51560A74.6030007@gmx.de> References: <CAEJyAvNu1LvLOaTBkozq0EdkoMtiXNTDtbVRDPtAQqwebt-uCg@mail.gmail.com> <51560A74.6030007@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 29, 2013 at 10:41 PM, olli hauer <ohauer@gmx.de> wrote: > On 2013-03-29 21:36, Spil Oss wrote: >> Hi, >> >> I'm trying to upgrade my apache configurarion to 2.4 and ran into >> trouble that I haven't solved yet. >> >> [Fri Mar 29 20:53:26.867199 2013] [auth_digest:notice] [pid 88563:tid >> 679494400] AH01757: generating secret for digest authentication ... >> [Fri Mar 29 20:53:26.867531 2013] [auth_digest:error] [pid 88563:tid >> 679494400] (78)Function not implemented: AH01762: Failed to create >> shared memory segment on file /var/run/authdigest_shm.88563 >> [Fri Mar 29 20:53:26.867556 2013] [auth_digest:error] [pid 88563:tid >> 679494400] (78)Function not implemented: AH01760: failed to initialize >> shm - all nonce-count checking, one-time nonces, and MD5-sess >> algorithm disabled >> [Fri Mar 29 20:53:26.867571 2013] [:emerg] [pid 88563:tid 679494400] >> AH00020: Configuration Failed, exiting >> >> Since setting sysvipc.allow = 1 makes the usage of a jail superfluous >> "If it were set to 1, it would defeat the whole purpose of having a >> jail;" [http://www.freebsd.org/doc/en/books/arch-handbook/jail-restrictions.html] >> >> I was searching for a way to get it to use any of the other available >> methods but haven't found any. >> 1. Documentation to change the socache provider I haven't found after >> ploughing through the docs from httpd.apache.org >> 2. Disable shm in apr -> no switch for shm found in configure >> >> Anyone have any bright ideas how to get Apache 2.4 to get to use a >> different store for the nonce? >> >> (This is basically a duplicate of >> http://lists.freebsd.org/pipermail/freebsd-ports/2013-February/081052.html >> item 6 but now for the official port. >> >> Kind regards, >> >> Spil. > > Hm, yes in apr/apu is no switch to disable shm but it shoud be possible > to disable this in apache24. > > In modules/aaa/mod_auth_digest.c there is the following construct which > can be interesting. > > #if APR_HAS_SHARED_MEMORY > static int initialize_tables(server_rec *s, apr_pool_t *ctx) > ... > > I haven't investigated what will happen if SHM will be disabled. > > Perhaps try the following parameter > AuthDigestShmemSize = 0 > > > -- > Regards, > olli Hi Olli, Just found that out :D Thanks for your reply though! There some more spots where this macro is used: ldap and scoreboard. Not sure if it's equally trivial to remove this just as easily. As it's a Macro it should work just as well for these modules. For reference I add my patch with now sits in the port's files directory and works for me(TM) # cat files/patch-mod_auth_digest.c --- ./modules/aaa/mod_auth_digest.c.orig 2013-03-29 22:38:31.000000000 +0100 +++ ./modules/aaa/mod_auth_digest.c 2013-03-29 22:39:06.000000000 +0100 @@ -81,6 +81,8 @@ #include "mod_auth.h" +#undef APR_HAS_SHARED_MEMORY + #if APR_HAVE_UNISTD_H #include <unistd.h> #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEJyAvMXHaEpWxE=Asvyud7pUGR5s2jCmHt=z_mwxkF2KHXZwg>