From owner-freebsd-apache@freebsd.org Tue Feb 27 02:51:45 2018 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5E446F3E216 for ; Tue, 27 Feb 2018 02:51:45 +0000 (UTC) (envelope-from freebsd-apache@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A1C657C537 for ; Tue, 27 Feb 2018 02:51:43 +0000 (UTC) (envelope-from freebsd-apache@herveybayaustralia.com.au) Received: from [192.168.0.101] (laptop1.herveybayaustralia.com.au [192.168.0.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: rocky@HERVEYBAYAUSTRALIA.COM.AU) by mail.unitedinsong.com.au (Postfix) with ESMTPSA id 8AE1913A18 for ; Tue, 27 Feb 2018 12:44:45 +1000 (AEST) To: freebsd-apache@freebsd.org From: Da Rock Subject: mod_auth_kerb2 causes apache to fail to start Message-ID: <3fd7ffd1-c098-f8a2-47fb-9e26128fc68c@herveybayaustralia.com.au> Date: Tue, 27 Feb 2018 12:43:59 +1000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 02:51:45 -0000 In theory I could submit this as a bug, but given the bug reports already and that have been closed without specific resolution I think that might not be a good idea. AFAICT most kerberos stuff has been geared toward using heimdal, and little testing has been done for mit krb5. What I have is an error: httpd: Syntax error on line 169 of /usr/local/etc/apache24/httpd.conf: Cannot load libexec/apache24/mod_auth_kerb.so into server: /usr/local/libexec/apache24/mod_auth_kerb.so: Undefined symbol "krb5_rc_dfl_init" This is a new install (entire base as well) with 11.1-Release and using krb5 from ports. ldd reveals: ldd /usr/local/libexec/apache24/mod_auth_kerb.so /usr/local/libexec/apache24/mod_auth_kerb.so:     libgssapi_krb5.so.10 => /usr/lib/libgssapi_krb5.so.10 (0x801208000)     libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801427000)     libk5crypto.so.3.1 => /usr/local/lib/libk5crypto.so.3.1 (0x8016a5000)     libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8018d9000)     libc.so.7 => /lib/libc.so.7 (0x800824000)     libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x801adb000)     libcrypto.so.8 => /lib/libcrypto.so.8 (0x801e00000)     libroken.so.11 => /usr/lib/libroken.so.11 (0x802269000)     libasn1.so.11 => /usr/lib/libasn1.so.11 (0x80247c000)     libcrypt.so.5 => /lib/libcrypt.so.5 (0x80271e000)     libhx509.so.11 => /usr/lib/libhx509.so.11 (0x80293d000)     libwind.so.11 => /usr/lib/libwind.so.11 (0x802b8a000)     libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x802db2000)     libprivateheimipcc.so.11 => /usr/lib/libprivateheimipcc.so.11 (0x802fb6000)     libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1 (0x8031b8000)     libintl.so.8 => /usr/local/lib/libintl.so.8 (0x8033c6000)     libthr.so.3 => /lib/libthr.so.3 (0x8035d1000) And here we can see that the module is looking in the wrong place for the gssapi and krb5 libs - /usr/lib rather than /usr/local/lib. Somewhere this is getting screwed up, and I have yet to figure out where - when I do I'll pass it on, but meanwhile I figured a heads up is in order. Cheers