From owner-freebsd-apache@FreeBSD.ORG Fri Mar 29 21:39:42 2013 Return-Path: Delivered-To: freebsd-apache@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 64BC6EE5 for ; Fri, 29 Mar 2013 21:39:42 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by mx1.freebsd.org (Postfix) with ESMTP id F04F7C29 for ; Fri, 29 Mar 2013 21:39:40 +0000 (UTC) Received: from mailout-de.gmx.net ([10.1.76.1]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0LxZpd-1UjriC11rf-017GMr for ; Fri, 29 Mar 2013 22:39:39 +0100 Received: (qmail invoked by alias); 29 Mar 2013 21:39:39 -0000 Received: from p578be941.dip0.t-ipconnect.de (EHLO [192.168.0.100]) [87.139.233.65] by mail.gmx.net (mp001) with SMTP; 29 Mar 2013 22:39:39 +0100 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX190Q4VJ9iB0x3RLKTgqAYGk1T6dn8YPhcpuG9Fzge p0j80Y8jbMOXDC Message-ID: <51560A74.6030007@gmx.de> Date: Fri, 29 Mar 2013 22:41:08 +0100 From: olli hauer User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130307 Thunderbird/17.0.4 MIME-Version: 1.0 To: freebsd-apache@freebsd.org Subject: Re: Apache 2.4 in a jail with Digest auth References: In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2013 21:39:42 -0000 On 2013-03-29 21:36, Spil Oss wrote: > Hi, > > I'm trying to upgrade my apache configurarion to 2.4 and ran into > trouble that I haven't solved yet. > > [Fri Mar 29 20:53:26.867199 2013] [auth_digest:notice] [pid 88563:tid > 679494400] AH01757: generating secret for digest authentication ... > [Fri Mar 29 20:53:26.867531 2013] [auth_digest:error] [pid 88563:tid > 679494400] (78)Function not implemented: AH01762: Failed to create > shared memory segment on file /var/run/authdigest_shm.88563 > [Fri Mar 29 20:53:26.867556 2013] [auth_digest:error] [pid 88563:tid > 679494400] (78)Function not implemented: AH01760: failed to initialize > shm - all nonce-count checking, one-time nonces, and MD5-sess > algorithm disabled > [Fri Mar 29 20:53:26.867571 2013] [:emerg] [pid 88563:tid 679494400] > AH00020: Configuration Failed, exiting > > Since setting sysvipc.allow = 1 makes the usage of a jail superfluous > "If it were set to 1, it would defeat the whole purpose of having a > jail;" [http://www.freebsd.org/doc/en/books/arch-handbook/jail-restrictions.html] > > I was searching for a way to get it to use any of the other available > methods but haven't found any. > 1. Documentation to change the socache provider I haven't found after > ploughing through the docs from httpd.apache.org > 2. Disable shm in apr -> no switch for shm found in configure > > Anyone have any bright ideas how to get Apache 2.4 to get to use a > different store for the nonce? > > (This is basically a duplicate of > http://lists.freebsd.org/pipermail/freebsd-ports/2013-February/081052.html > item 6 but now for the official port. > > Kind regards, > > Spil. Hm, yes in apr/apu is no switch to disable shm but it shoud be possible to disable this in apache24. In modules/aaa/mod_auth_digest.c there is the following construct which can be interesting. #if APR_HAS_SHARED_MEMORY static int initialize_tables(server_rec *s, apr_pool_t *ctx) ... I haven't investigated what will happen if SHM will be disabled. Perhaps try the following parameter AuthDigestShmemSize = 0 -- Regards, olli