Date: Fri, 29 Mar 2013 22:41:08 +0100 From: olli hauer <ohauer@gmx.de> To: freebsd-apache@freebsd.org Subject: Re: Apache 2.4 in a jail with Digest auth Message-ID: <51560A74.6030007@gmx.de> In-Reply-To: <CAEJyAvNu1LvLOaTBkozq0EdkoMtiXNTDtbVRDPtAQqwebt-uCg@mail.gmail.com> References: <CAEJyAvNu1LvLOaTBkozq0EdkoMtiXNTDtbVRDPtAQqwebt-uCg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-03-29 21:36, Spil Oss wrote: > Hi, > > I'm trying to upgrade my apache configurarion to 2.4 and ran into > trouble that I haven't solved yet. > > [Fri Mar 29 20:53:26.867199 2013] [auth_digest:notice] [pid 88563:tid > 679494400] AH01757: generating secret for digest authentication ... > [Fri Mar 29 20:53:26.867531 2013] [auth_digest:error] [pid 88563:tid > 679494400] (78)Function not implemented: AH01762: Failed to create > shared memory segment on file /var/run/authdigest_shm.88563 > [Fri Mar 29 20:53:26.867556 2013] [auth_digest:error] [pid 88563:tid > 679494400] (78)Function not implemented: AH01760: failed to initialize > shm - all nonce-count checking, one-time nonces, and MD5-sess > algorithm disabled > [Fri Mar 29 20:53:26.867571 2013] [:emerg] [pid 88563:tid 679494400] > AH00020: Configuration Failed, exiting > > Since setting sysvipc.allow = 1 makes the usage of a jail superfluous > "If it were set to 1, it would defeat the whole purpose of having a > jail;" [http://www.freebsd.org/doc/en/books/arch-handbook/jail-restrictions.html] > > I was searching for a way to get it to use any of the other available > methods but haven't found any. > 1. Documentation to change the socache provider I haven't found after > ploughing through the docs from httpd.apache.org > 2. Disable shm in apr -> no switch for shm found in configure > > Anyone have any bright ideas how to get Apache 2.4 to get to use a > different store for the nonce? > > (This is basically a duplicate of > http://lists.freebsd.org/pipermail/freebsd-ports/2013-February/081052.html > item 6 but now for the official port. > > Kind regards, > > Spil. Hm, yes in apr/apu is no switch to disable shm but it shoud be possible to disable this in apache24. In modules/aaa/mod_auth_digest.c there is the following construct which can be interesting. #if APR_HAS_SHARED_MEMORY static int initialize_tables(server_rec *s, apr_pool_t *ctx) ... I haven't investigated what will happen if SHM will be disabled. Perhaps try the following parameter AuthDigestShmemSize = 0 -- Regards, olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51560A74.6030007>