mod_auth_kerb2 causes apache to fail to start

Da Rock freebsd-apache at herveybayaustralia.com.au
Tue Feb 27 02:51:45 UTC 2018 

In theory I could submit this as a bug, but given the bug reports 
already and that have been closed without specific resolution I think 
that might not be a good idea.

AFAICT most kerberos stuff has been geared toward using heimdal, and 
little testing has been done for mit krb5. What I have is an error:

httpd: Syntax error on line 169 of /usr/local/etc/apache24/httpd.conf: 
Cannot load libexec/apache24/mod_auth_kerb.so into server: 
/usr/local/libexec/apache24/mod_auth_kerb.so: Undefined symbol 
"krb5_rc_dfl_init"

This is a new install (entire base as well) with 11.1-Release and using 
krb5 from ports.

ldd reveals:

ldd /usr/local/libexec/apache24/mod_auth_kerb.so
/usr/local/libexec/apache24/mod_auth_kerb.so:
     libgssapi_krb5.so.10 => /usr/lib/libgssapi_krb5.so.10 (0x801208000)
     libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801427000)
     libk5crypto.so.3.1 => /usr/local/lib/libk5crypto.so.3.1 (0x8016a5000)
     libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8018d9000)
     libc.so.7 => /lib/libc.so.7 (0x800824000)
     libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x801adb000)
     libcrypto.so.8 => /lib/libcrypto.so.8 (0x801e00000)
     libroken.so.11 => /usr/lib/libroken.so.11 (0x802269000)
     libasn1.so.11 => /usr/lib/libasn1.so.11 (0x80247c000)
     libcrypt.so.5 => /lib/libcrypt.so.5 (0x80271e000)
     libhx509.so.11 => /usr/lib/libhx509.so.11 (0x80293d000)
     libwind.so.11 => /usr/lib/libwind.so.11 (0x802b8a000)
     libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x802db2000)
     libprivateheimipcc.so.11 => /usr/lib/libprivateheimipcc.so.11 
(0x802fb6000)
     libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1 
(0x8031b8000)
     libintl.so.8 => /usr/local/lib/libintl.so.8 (0x8033c6000)
     libthr.so.3 => /lib/libthr.so.3 (0x8035d1000)

And here we can see that the module is looking in the wrong place for 
the gssapi and krb5 libs - /usr/lib rather than /usr/local/lib.

Somewhere this is getting screwed up, and I have yet to figure out where 
- when I do I'll pass it on, but meanwhile I figured a heads up is in order.


Cheers

More information about the freebsd-apache mailing list