From owner-freebsd-apache@FreeBSD.ORG Tue May 3 21:09:43 2011 Return-Path: Delivered-To: apache@freeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FDF5106566C; Tue, 3 May 2011 21:09:43 +0000 (UTC) (envelope-from dmahoney@isc.org) Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by mx1.freebsd.org (Postfix) with ESMTP id 5608B8FC1B; Tue, 3 May 2011 21:09:43 +0000 (UTC) Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id A49B0C9427; Tue, 3 May 2011 21:09:40 +0000 (UTC) (envelope-from dmahoney@isc.org) Received: by bikeshed.isc.org (Postfix, from userid 10302) id 93B53216C43; Tue, 3 May 2011 21:09:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by bikeshed.isc.org (Postfix) with ESMTP id 93092216C40; Tue, 3 May 2011 21:09:40 +0000 (UTC) (envelope-from dmahoney@isc.org) Date: Tue, 3 May 2011 21:09:40 +0000 (UTC) From: Dan Mahoney To: Jeremy Chadwick In-Reply-To: <20110503011114.GA31398@icarus.home.lan> Message-ID: References: <20110503011114.GA31398@icarus.home.lan> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-ID: 0xE919EC51 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org Cc: pgollucci@freebsd.org, apache@freeBSD.org Subject: Re: bug in mod_auth_kerb port. X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2011 21:09:43 -0000 On Mon, 2 May 2011, Jeremy Chadwick wrote: > On Tue, May 03, 2011 at 01:01:55AM +0000, Dan Mahoney wrote: > > I just sent in a PR (haven't gotten the number back yet), whereby building > > mod_auth_kerb against apache22 (and attempting to run) will yield this > > error: > > > > httpd: Syntax error on line 106 of /usr/local/etc/apache22/httpd.conf: > > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: > > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol > > "gsskrb5_register_acceptor_identity" > > > > I'm not very familiar with the code, but does this seem like an easy fix? > > It works against the kerberos port, but not the base. > > Please see this thread in full, titled "mod_auth_kerb2": > > http://lists.freebsd.org/pipermail/freebsd-apache/2011-April/002206.html > http://lists.freebsd.org/pipermail/freebsd-apache/2011-April/thread.html#2206 Okay so: At present: The port will appear to build fine with stock kerberos, and does not list heimdal as a dependency. Attempting to build it and including the extra library included in the one-line-patch mentioned in this thread will make password based kerberos auth work, but will make GSSAPI-ticket based kerberos authentication cause the apache server child process to sig-11. Ergo, this feels like a bug in the port itself. As it happens, ISC uses these methods heavily -- I'm happy to capture whatever data would help. Is there anything more I can do on this? -Dan Mahoney