Apache 2.2, mod_auth_kerb

Tim Judd tajudd at gmail.com
Thu Jun 3 00:24:15 UTC 2010 

On 6/2/10, John <ilcsfe at gmail.com> wrote:
> On 2010-06-02 18:56, Tim Judd wrote:
>> On 6/2/10, John<ilcsfe at gmail.com>  wrote:
>>> On 2010-05-20 23:34, Tim Judd wrote:
>>>> On 5/20/10, John<ilcsfe at gmail.com>   wrote:
>>>>> Hi list.
>>>>>
>>>>> I'm having problems getting mod_auth_kerb to play nice on one of my
>>>>> servers.
>>>>> I have the exact same setup on other machines and it works perfectly,
>>>>> only difference is this ones running CURRENT while they track RELEASE.
>>>>>
>>>>> Some info:
>>>>>
>>>>> # pkg_info|grep apache&&   pkg_info|grep kerb
>>>>> apache-2.2.15_7     Version 2.2.x of Apache web server with prefork
>>>>> MPM.
>>>>> mod_auth_kerb-5.4   An Apache module for authenticating users with
>>>>> Kerberos v5
>>>>>
>>>>> # uname -a
>>>>> FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11
>>>>> 20:04:45 UTC 2010     host.example.com:/usr/obj/usr/src/sys/HOST  i386
>>>>>
>>>>>
>>>>> Everything compiles and installs nicely, but when I try to do a
>>>>> 'apachectl start' I get this:
>>>>>
>>>>> httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf:
>>>>> Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server:
>>>>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol
>>>>> "gsskrb5_register_acceptor_identity"
>>>>>
>>>>> Is this due to running current?
>>>>> If it is I will drop the issue right now, I just want to know for sure
>>>>> before I spend hours trying to solve it.
>>>>>
>>>>
>>>>
>>>> It begins to look like GSSAPI is not in there.  GSSAPI is part of
>>>> world.  You may need to rebuild kerberos with GSSAPI support.  Are you
>>>> using the builtin MIT or the add-on heimdal kerberos?
>>>
>>> I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I
>>> though that was builtin by default in FreeBSD since 5.1 somewhere?
>>>
>>> klist, kinit and kdestroy all works fine and I can authenticate against
>>> an Active Directory server, but I just cant get Apache to load the
>>> mod_auth_kerb module.
>>>
>>> I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have
>>> exactly the same error there so it's not related to running current.
>>> What am I doing wrong?
>>
>>
>> I don't know if I'm reading bsd.apache.mk right (included due to the
>> dependency of apache webserver), but mod_auth_kerb may require apache
>> 1.3, not 2.x
>>
>> does your 8.1 have apache1.3?  Maybe it has both nd 1.3 is running?
>>
>> I would bet that a 1.3 module won't work in 2.x
>>
>> does apache2.x have a kerberos module?  there have been a ton of
>> additions to apache2.x
>>
>>
>>
>> Let us know.
>
> Are you looking at /usr/ports/www/mod_auth_kerb or
> /usr/ports/www/mod_auth_kerb2?
>
> mod_auth_kerb2 is for apache 2.x

was looking at ports/www/mod_auth_kerb


i think i'm outta ideas.  was basic troubleshooting, but I've kind of
given up on kerberos auth.  binding to LDAP works when working against
Microsoft AD

More information about the freebsd-questions mailing list