From owner-freebsd-questions@FreeBSD.ORG Thu Jun 3 00:24:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 374601065673 for ; Thu, 3 Jun 2010 00:24:15 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id E68E28FC17 for ; Thu, 3 Jun 2010 00:24:14 +0000 (UTC) Received: by gwj23 with SMTP id 23so5986635gwj.13 for ; Wed, 02 Jun 2010 17:24:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=8m4pZjv+YmtA+4xXhgAunSCZK6throMCT7yRdrk3ddQ=; b=mny4YFl7yExlii5HNebP2OhhoPBXObWGkh7J06uLcj7/XKCzNriUrmpPofmE5xZkI9 jquP8mLUITkBlnhlXbMYtUtd2ZrcpEF7Ks7FhLN+w4Mjn1GEq2NF+IX7gjHQ5vUBs465 cIITgGUh2ItQCePTtym3zLFfKIKzZ1moKWQtc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=h54oBTjdIQQxmzWWPRB6c6lHrpgFOHubkribU1t3dQnHs4wyu9eHjaYCE7/GhiH06O drkm8l7lNtVixA79D6TDxBZyNT7/VjsqM3aBSOOu2GEDJDTyxuhdoHPEuKOZIc6AMrse JFPGSItOYzTB2tel4m1l+YTaMmubFtkTGD/YA= MIME-Version: 1.0 Received: by 10.231.187.3 with SMTP id cu3mr10764496ibb.75.1275524653652; Wed, 02 Jun 2010 17:24:13 -0700 (PDT) Received: by 10.231.141.215 with HTTP; Wed, 2 Jun 2010 17:24:13 -0700 (PDT) In-Reply-To: <4C06BC26.5040404@gmail.com> References: <4BF532F7.7070003@gmail.com> <4C0622C2.7080408@gmail.com> <4C06BC26.5040404@gmail.com> Date: Wed, 2 Jun 2010 18:24:13 -0600 Message-ID: From: Tim Judd To: John Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: Apache 2.2, mod_auth_kerb X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 00:24:15 -0000 On 6/2/10, John wrote: > On 2010-06-02 18:56, Tim Judd wrote: >> On 6/2/10, John wrote: >>> On 2010-05-20 23:34, Tim Judd wrote: >>>> On 5/20/10, John wrote: >>>>> Hi list. >>>>> >>>>> I'm having problems getting mod_auth_kerb to play nice on one of my >>>>> servers. >>>>> I have the exact same setup on other machines and it works perfectly, >>>>> only difference is this ones running CURRENT while they track RELEASE. >>>>> >>>>> Some info: >>>>> >>>>> # pkg_info|grep apache&& pkg_info|grep kerb >>>>> apache-2.2.15_7 Version 2.2.x of Apache web server with prefork >>>>> MPM. >>>>> mod_auth_kerb-5.4 An Apache module for authenticating users with >>>>> Kerberos v5 >>>>> >>>>> # uname -a >>>>> FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 >>>>> 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 >>>>> >>>>> >>>>> Everything compiles and installs nicely, but when I try to do a >>>>> 'apachectl start' I get this: >>>>> >>>>> httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: >>>>> Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>>>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>>>> "gsskrb5_register_acceptor_identity" >>>>> >>>>> Is this due to running current? >>>>> If it is I will drop the issue right now, I just want to know for sure >>>>> before I spend hours trying to solve it. >>>>> >>>> >>>> >>>> It begins to look like GSSAPI is not in there. GSSAPI is part of >>>> world. You may need to rebuild kerberos with GSSAPI support. Are you >>>> using the builtin MIT or the add-on heimdal kerberos? >>> >>> I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I >>> though that was builtin by default in FreeBSD since 5.1 somewhere? >>> >>> klist, kinit and kdestroy all works fine and I can authenticate against >>> an Active Directory server, but I just cant get Apache to load the >>> mod_auth_kerb module. >>> >>> I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have >>> exactly the same error there so it's not related to running current. >>> What am I doing wrong? >> >> >> I don't know if I'm reading bsd.apache.mk right (included due to the >> dependency of apache webserver), but mod_auth_kerb may require apache >> 1.3, not 2.x >> >> does your 8.1 have apache1.3? Maybe it has both nd 1.3 is running? >> >> I would bet that a 1.3 module won't work in 2.x >> >> does apache2.x have a kerberos module? there have been a ton of >> additions to apache2.x >> >> >> >> Let us know. > > Are you looking at /usr/ports/www/mod_auth_kerb or > /usr/ports/www/mod_auth_kerb2? > > mod_auth_kerb2 is for apache 2.x was looking at ports/www/mod_auth_kerb i think i'm outta ideas. was basic troubleshooting, but I've kind of given up on kerberos auth. binding to LDAP works when working against Microsoft AD