ports/136432: mod_auth_kerb does not build with MIT Kerberos (security/krb5)
Palle Girgensohn
girgen at FreeBSD.org
Tue Jul 7 16:10:02 UTC 2009
>Number: 136432
>Category: ports
>Synopsis: mod_auth_kerb does not build with MIT Kerberos (security/krb5)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 07 16:10:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Palle Girgensohn
>Release: FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD paron.pingpong.net 7.2-STABLE FreeBSD 7.2-STABLE #4: Mon Jul 6 19:43:58 CEST 2009 girgen at paron.pingpong.net:/usr/obj/.a/banan/usr/src/sys/VMWARE i386
# pkg_info |egrep 'apache|openssl|mod_|krb'
apache+mod_ssl+mod_deflate-1.3.41+2.8.31 The Apache 1.3 webserver with SSL/TLS functionality
apache-ant-1.7.0_2 Java- and XML-based build tool, conceptually similar to mak
apache-tomcat-6.0.16 Open-source Java web server by Apache, 6.x branch
krb5-1.6.3_5 An authentication system developed at MIT, successor to Ker
mod_auth_kerb-5.3,1 An Apache module for authenticating users with Kerberos v5
mod_gzip-1.3.26.1a_1 An Internet Content Acceleration module for Apache
mod_jk-1.2.27,1 Apache JK module for connecting to Tomcat using AJP1X
openssl-0.9.8k_2 SSL and crypto library
>Description:
www/mod_auth_kerb does not build, since MIT krb5's krb5-config is too verbose:
MIT:$ /usr/local/bin/krb5-config --libs gssapi
-L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -rpath=/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
HEIMDAL:$ krb5-config --libs gssapi
-L/usr/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
In my world, MIT krb5's krb5-config --libs gssapi should say:
$ /usr/local/bin/krb5-config --libs gssapi
-L/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
>How-To-Repeat:
install apache+mod_ssl
install krb5
try to run cd /usr/ports/www/mod_auth_kerb && make install
===> Building for mod_auth_kerb-5.3,1
/usr/local/sbin/apxs -c -Wc,-I. -Wc,-Ispnegokrb5 -Wc,-I/usr/local/include -Wl,-L/usr/local/lib -Wl,-Wl,-rpath -Wl,-Wl,/usr/local/lib -Wl,-O2 -Wl,-fno-strict-aliasing -Wl,-pipe -Wl,-rpath=/usr/local/lib -Wl,-lgssapi_krb5 -Wl,-lkrb5 -Wl,-lk5crypto -Wl,-lcom_err src/mod_auth_kerb.c
cc -DHARD_SERVER_LIMIT=512 -DDOCUMENT_LOCATION="/usr/local/www/data" -DDEFAULT_PATH="/usr/local/bin:/bin:/usr/bin" -DACCEPT_FILTER_NAME="httpready" -DFD_SETSIZE=1024 -funsigned-char -DMOD_SSL=208131 -DMOD_DEFLATE -DMOD_DEFLATE_IDLE_SUPPORTED -DEAPI -DEAPI_MM -O2 -fno-strict-aliasing -pipe -fPIC -DSHARED_MODULE -I/usr/local/include/apache -I. -Ispnegokrb5 -I/usr/local/include -c src/mod_auth_kerb.c
src/mod_auth_kerb.c: In function 'create_krb5_ccache':
src/mod_auth_kerb.c:819: warning: passing argument 3 of 'ap_register_cleanup' from incompatible pointer type
src/mod_auth_kerb.c: In function 'get_gss_creds':
src/mod_auth_kerb.c:1153: warning: passing argument 3 of 'gss_import_name' discards qualifiers from pointer target type
gcc -shared -o src/mod_auth_kerb.so mod_auth_kerb.o -Wc,-I. -Wc,-Ispnegokrb5 -Wc,-I/usr/local/include -Wl,-L/usr/local/lib -Wl,-Wl,-rpath -Wl,-Wl,/usr/local/lib -Wl,-O2 -Wl,-fno-strict-aliasing -Wl,-pipe -Wl,-rpath=/usr/local/lib -Wl,-lgssapi_krb5 -Wl,-lkrb5 -Wl,-lk5crypto -Wl,-lcom_err
/usr/bin/ld: unrecognized option '-Wl'
/usr/bin/ld: use the --help option for usage information
apxs:Break: Command failed with rc=1
gmake: *** [src/mod_auth_kerb.so] Fel 1
>Fix:
dunno what the best way to fix it is, but I ran
export KRB5_LDFLAGS="-L/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
make install
and that seems to have helped. Main problem is, IMO, the krb5-config verbosity.
Fix this by either modify krb5-config, or if the problem is specific to mod_auth_kerb,
patch the mod_auth_kerb port.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list