mod_auth_kerb2 causes apache to fail to start
Da Rock
freebsd-apache at herveybayaustralia.com.au
Tue Feb 27 02:51:45 UTC 2018
In theory I could submit this as a bug, but given the bug reports
already and that have been closed without specific resolution I think
that might not be a good idea.
AFAICT most kerberos stuff has been geared toward using heimdal, and
little testing has been done for mit krb5. What I have is an error:
httpd: Syntax error on line 169 of /usr/local/etc/apache24/httpd.conf:
Cannot load libexec/apache24/mod_auth_kerb.so into server:
/usr/local/libexec/apache24/mod_auth_kerb.so: Undefined symbol
"krb5_rc_dfl_init"
This is a new install (entire base as well) with 11.1-Release and using
krb5 from ports.
ldd reveals:
ldd /usr/local/libexec/apache24/mod_auth_kerb.so
/usr/local/libexec/apache24/mod_auth_kerb.so:
libgssapi_krb5.so.10 => /usr/lib/libgssapi_krb5.so.10 (0x801208000)
libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801427000)
libk5crypto.so.3.1 => /usr/local/lib/libk5crypto.so.3.1 (0x8016a5000)
libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8018d9000)
libc.so.7 => /lib/libc.so.7 (0x800824000)
libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x801adb000)
libcrypto.so.8 => /lib/libcrypto.so.8 (0x801e00000)
libroken.so.11 => /usr/lib/libroken.so.11 (0x802269000)
libasn1.so.11 => /usr/lib/libasn1.so.11 (0x80247c000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x80271e000)
libhx509.so.11 => /usr/lib/libhx509.so.11 (0x80293d000)
libwind.so.11 => /usr/lib/libwind.so.11 (0x802b8a000)
libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x802db2000)
libprivateheimipcc.so.11 => /usr/lib/libprivateheimipcc.so.11
(0x802fb6000)
libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1
(0x8031b8000)
libintl.so.8 => /usr/local/lib/libintl.so.8 (0x8033c6000)
libthr.so.3 => /lib/libthr.so.3 (0x8035d1000)
And here we can see that the module is looking in the wrong place for
the gssapi and krb5 libs - /usr/lib rather than /usr/local/lib.
Somewhere this is getting screwed up, and I have yet to figure out where
- when I do I'll pass it on, but meanwhile I figured a heads up is in order.
Cheers
More information about the freebsd-apache
mailing list