Date: Thu, 07 Apr 2011 09:53:08 +0200 From: Olli Hauer <ohauer@FreeBSD.org> To: George Mamalakis <mamalos@eng.auth.gr> Cc: ohauer@FreeBSD.org, apache@FreeBSD.org Subject: Re: [SPF:fail] Re: mod_auth_kerb2 Message-ID: <4D9D6D64.4070307@FreeBSD.org> In-Reply-To: <4D9D6951.1020706@eng.auth.gr> References: <4D9C6135.7030501@eng.auth.gr> <4D9CDF2C.4040201@FreeBSD.org> <4D9D6951.1020706@eng.auth.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2011-04-07 09:35, George Mamalakis wrote: > On 07/04/2011 00:46, Olli Hauer wrote: >> On 2011-04-06 14:48, George Mamalakis wrote: >>> Dear Sir/Madam, >>> >>> I've tried to build mod_auth_kerb2 with apache-2.2.17_1 on a FreeBSD-8.2-STABLE >>> system. After I gave make install and tried to restart apache, I received the >>> following message: >>> >>> # /usr/local/etc/rc.d/apache22 start >>> Performing sanity check on apache22 configuration: >>> httpd: Syntax error on line 103 of /usr/local/etc/apache22/httpd.conf: Cannot >>> load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>> "gsskrb5_register_acceptor_identity" >>> Starting apache22. >>> httpd: Syntax error on line 103 of /usr/local/etc/apache22/httpd.conf: Cannot >>> load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>> "gsskrb5_register_acceptor_identity" >>> /usr/local/etc/rc.d/apache22: WARNING: failed to start apache22 >>> >>> ldd showed: >>> # ldd /usr/local/libexec/apache22/mod_auth_kerb.so >>> /usr/local/libexec/apache22/mod_auth_kerb.so: >>> libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x800c00000) >>> libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x800d0a000) >>> libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x800e0f000) >>> libhx509.so.10 => /usr/lib/libhx509.so.10 (0x800f7e000) >>> libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8010be000) >>> libcrypto.so.6 => /lib/libcrypto.so.6 (0x8011c0000) >>> libasn1.so.10 => /usr/lib/libasn1.so.10 (0x801461000) >>> libroken.so.10 => /usr/lib/libroken.so.10 (0x8015e3000) >>> libcrypt.so.5 => /lib/libcrypt.so.5 (0x8016f5000) >>> libc.so.7 => /lib/libc.so.7 (0x800647000) >>> >>> >>> So, even though the configuration seemed to be just fine, the installation was >>> not functional. We changed >>> /usr/ports/www/mod_auth_kerb2/work/mod_auth_kerb-5.4/Makefile 3rd line to read: >>> >>> KRB5_LDFLAGS = -L/usr/lib -lgssapi -lgssapi_krb5 -lheimntlm -lkrb5 -lhx509 >>> -lcom_err -lcrypto -lasn1 -lroken -lcrypt >>> >>> which means that we added gssapi_krb5 among the linker flags. Then we installed >>> it and now it works fine. >>> >>> Please verify that this is a problem regarding the port, otherwise I should post >>> this mail to the freebsd-stable list. >>> >>> Thank you for your time in advance, >>> >>> Regards, >> >> >> I can confirm the issue, it's the /usr/bin/krb5-config script. >> Heimdal was update from 0.6.3 to 1.1.0 and I guess this is a merge issue. >> >> The following patch correct the issue on FreeBSD-8.2. >> >> >> --- /usr/bin/krb5-config.orig 2011-02-17 03:18:57.000000000 +0100 >> +++ /usr/bin/krb5-config 2011-04-06 23:41:31.000000000 +0200 >> @@ -93,7 +93,7 @@ >> lib_flags="-L${libdir}" >> case $library in >> gssapi) >> - lib_flags="$lib_flags -lgssapi -lheimntlm" >> + lib_flags="$lib_flags -lgssapi -lgssapi_krb5 -lheimntlm" >> ;; >> kadm-client) >> lib_flags="$lib_flags -lkadm5clnt" >> >> >> Can you open a PR for this? >> >> -- >> Regards, >> olli > > Oli thank you, > > Yes, I will open a PR. I have also confirmed that the heimdal-1.4 from ports > does exactly the same thing. > > Thanks again for your reply. > Hi George, I also looked at the heimdal sources and ask the heimdal support if this flag is missing. I guess this issue exists only on FreeBSD Question to heimdal support: >> I suspect there is a bug in krb5-config since version 1.1 or earlier, >> `krb5-config -libs' does not include '-lgssapi_krb5' >> >> Found this issue with mod_auth_kerb2, the module builds but cannot be loaded. >> There are also other reports for broken cyrus-sassl ... >> I even cannot found this entry in heimdal-1.5pre1 Answer from heimdal support: > Heimdal installs the gssapi framework as libgssapi, that includes the krb5 mech, heimdal have no libgssapi_krb5 > If I build heimdal direct from the heimdal-1.1 source, then indeed there is no libgssapi_krb5. -- Regards, olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D9D6D64.4070307>