Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 3 May 2011 21:09:40 +0000 (UTC)
From:      Dan Mahoney <dmahoney@isc.org>
To:        Jeremy Chadwick <freebsd@jdc.parodius.com>
Cc:        pgollucci@freebsd.org, apache@freeBSD.org
Subject:   Re: bug in mod_auth_kerb port.
Message-ID:  <alpine.BSF.2.00.1105032103260.96679@bikeshed.isc.org>
In-Reply-To: <20110503011114.GA31398@icarus.home.lan>
References:  <alpine.BSF.2.00.1105030059130.82461@bikeshed.isc.org> <20110503011114.GA31398@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Mon, 2 May 2011, Jeremy Chadwick wrote:

> On Tue, May 03, 2011 at 01:01:55AM +0000, Dan Mahoney wrote:
> > I just sent in a PR (haven't gotten the number back yet), whereby building 
> > mod_auth_kerb against apache22 (and attempting to run) will yield this 
> > error:
> > 
> > httpd: Syntax error on line 106 of /usr/local/etc/apache22/httpd.conf: 
> > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: 
> > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol 
> > "gsskrb5_register_acceptor_identity"
> > 
> > I'm not very familiar with the code, but does this seem like an easy fix?  
> > It works against the kerberos port, but not the base.
> 
> Please see this thread in full, titled "mod_auth_kerb2":
> 
> http://lists.freebsd.org/pipermail/freebsd-apache/2011-April/002206.html
> http://lists.freebsd.org/pipermail/freebsd-apache/2011-April/thread.html#2206

Okay so:

At present:

The port will appear to build fine with stock kerberos, and does not list 
heimdal as a dependency.

Attempting to build it and including the extra library included in the 
one-line-patch mentioned in this thread will make password based kerberos 
auth work, but will make GSSAPI-ticket based kerberos authentication cause 
the apache server child process to sig-11.

Ergo, this feels like a bug in the port itself.

As it happens, ISC uses these methods heavily -- I'm happy to capture 
whatever data would help.  Is there anything more I can do on this?

-Dan Mahoney

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1105032103260.96679>