bug in mod_auth_kerb port.
Dan Mahoney
dmahoney at isc.org
Tue May 3 21:09:43 UTC 2011
On Mon, 2 May 2011, Jeremy Chadwick wrote:
> On Tue, May 03, 2011 at 01:01:55AM +0000, Dan Mahoney wrote:
> > I just sent in a PR (haven't gotten the number back yet), whereby building
> > mod_auth_kerb against apache22 (and attempting to run) will yield this
> > error:
> >
> > httpd: Syntax error on line 106 of /usr/local/etc/apache22/httpd.conf:
> > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server:
> > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol
> > "gsskrb5_register_acceptor_identity"
> >
> > I'm not very familiar with the code, but does this seem like an easy fix?
> > It works against the kerberos port, but not the base.
>
> Please see this thread in full, titled "mod_auth_kerb2":
>
> http://lists.freebsd.org/pipermail/freebsd-apache/2011-April/002206.html
> http://lists.freebsd.org/pipermail/freebsd-apache/2011-April/thread.html#2206
Okay so:
At present:
The port will appear to build fine with stock kerberos, and does not list
heimdal as a dependency.
Attempting to build it and including the extra library included in the
one-line-patch mentioned in this thread will make password based kerberos
auth work, but will make GSSAPI-ticket based kerberos authentication cause
the apache server child process to sig-11.
Ergo, this feels like a bug in the port itself.
As it happens, ISC uses these methods heavily -- I'm happy to capture
whatever data would help. Is there anything more I can do on this?
-Dan Mahoney
More information about the freebsd-apache
mailing list