Date: Tue, 7 Jul 2009 10:47:59 +0200 (CEST) From: Palle Girgensohn <girgen@freebsd.org> To: FreeBSD-gnats-submit@freebsd.org Cc: apache@freebsd.org Subject: mod_auth_kerb does not build with MIT Kerberos (security/krb5) Message-ID: <200907070847.n678lxXa055112@paron.pingpong.net>
next in thread | raw e-mail | index | archive | help
>Submitter-Id: current-users >Originator: Palle Girgensohn >Organization: >Confidential: no >Synopsis: mod_auth_kerb does not build with MIT Kerberos (security/krb5) >Severity: serious >Priority: medium >Category: ports >Class: >Release: FreeBSD 7.2-STABLE i386 >Environment: System: FreeBSD paron.pingpong.net 7.2-STABLE FreeBSD 7.2-STABLE #4: Mon Jul 6 19:43:58 CEST 2009 girgen@paron.pingpong.net:/usr/obj/.a/banan/usr/src/sys/VMWARE i386 # pkg_info |egrep 'apache|openssl|mod_|krb' apache+mod_ssl+mod_deflate-1.3.41+2.8.31 The Apache 1.3 webserver with SSL/TLS functionality apache-ant-1.7.0_2 Java- and XML-based build tool, conceptually similar to mak apache-tomcat-6.0.16 Open-source Java web server by Apache, 6.x branch krb5-1.6.3_5 An authentication system developed at MIT, successor to Ker mod_auth_kerb-5.3,1 An Apache module for authenticating users with Kerberos v5 mod_gzip-1.3.26.1a_1 An Internet Content Acceleration module for Apache mod_jk-1.2.27,1 Apache JK module for connecting to Tomcat using AJP1X openssl-0.9.8k_2 SSL and crypto library >Description: www/mod_auth_kerb does not build, since MIT krb5's krb5-config is too verbose: MIT:$ /usr/local/bin/krb5-config --libs gssapi -L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -rpath=/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err HEIMDAL:$ krb5-config --libs gssapi -L/usr/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err In my world, MIT krb5's krb5-config --libs gssapi should say: $ /usr/local/bin/krb5-config --libs gssapi -L/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err >How-To-Repeat: install apache+mod_ssl install krb5 try to run cd /usr/ports/www/mod_auth_kerb && make install ===> Building for mod_auth_kerb-5.3,1 /usr/local/sbin/apxs -c -Wc,-I. -Wc,-Ispnegokrb5 -Wc,-I/usr/local/include -Wl,-L/usr/local/lib -Wl,-Wl,-rpath -Wl,-Wl,/usr/local/lib -Wl,-O2 -Wl,-fno-strict-aliasing -Wl,-pipe -Wl,-rpath=/usr/local/lib -Wl,-lgssapi_krb5 -Wl,-lkrb5 -Wl,-lk5crypto -Wl,-lcom_err src/mod_auth_kerb.c cc -DHARD_SERVER_LIMIT=512 -DDOCUMENT_LOCATION="/usr/local/www/data" -DDEFAULT_PATH="/usr/local/bin:/bin:/usr/bin" -DACCEPT_FILTER_NAME="httpready" -DFD_SETSIZE=1024 -funsigned-char -DMOD_SSL=208131 -DMOD_DEFLATE -DMOD_DEFLATE_IDLE_SUPPORTED -DEAPI -DEAPI_MM -O2 -fno-strict-aliasing -pipe -fPIC -DSHARED_MODULE -I/usr/local/include/apache -I. -Ispnegokrb5 -I/usr/local/include -c src/mod_auth_kerb.c src/mod_auth_kerb.c: In function 'create_krb5_ccache': src/mod_auth_kerb.c:819: warning: passing argument 3 of 'ap_register_cleanup' from incompatible pointer type src/mod_auth_kerb.c: In function 'get_gss_creds': src/mod_auth_kerb.c:1153: warning: passing argument 3 of 'gss_import_name' discards qualifiers from pointer target type gcc -shared -o src/mod_auth_kerb.so mod_auth_kerb.o -Wc,-I. -Wc,-Ispnegokrb5 -Wc,-I/usr/local/include -Wl,-L/usr/local/lib -Wl,-Wl,-rpath -Wl,-Wl,/usr/local/lib -Wl,-O2 -Wl,-fno-strict-aliasing -Wl,-pipe -Wl,-rpath=/usr/local/lib -Wl,-lgssapi_krb5 -Wl,-lkrb5 -Wl,-lk5crypto -Wl,-lcom_err /usr/bin/ld: unrecognized option '-Wl' /usr/bin/ld: use the --help option for usage information apxs:Break: Command failed with rc=1 gmake: *** [src/mod_auth_kerb.so] Fel 1 >Fix: dunno what the best way to fix it is, but I ran export KRB5_LDFLAGS="-L/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" make install and that seems to have helped. Main problem is, IMO, the krb5-config verbosity. Fix this by either modify krb5-config, or if the problem is specific to mod_auth_kerb, patch the mod_auth_kerb port.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907070847.n678lxXa055112>