From owner-freebsd-apache@FreeBSD.ORG Tue Jul 7 16:06:28 2009 Return-Path: Delivered-To: apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 930BC1065673; Tue, 7 Jul 2009 16:06:28 +0000 (UTC) (envelope-from girgen@pingpong.net) Received: from melon.pingpong.net (h-79-136-116-200.NA.cust.bahnhof.se [79.136.116.200]) by mx1.freebsd.org (Postfix) with ESMTP id 151E58FC14; Tue, 7 Jul 2009 16:06:27 +0000 (UTC) (envelope-from girgen@pingpong.net) Received: from localhost (localhost.pingpong.net [127.0.0.1]) by melon.pingpong.net (Postfix) with ESMTP id 1E3145084D; Tue, 7 Jul 2009 17:34:58 +0200 (CEST) Received: from melon.pingpong.net ([127.0.0.1]) by localhost (melon.pingpong.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 25186-01-9; Tue, 7 Jul 2009 17:34:57 +0200 (CEST) Received: from paron.pingpong.net (unknown [88.131.74.85]) by melon.pingpong.net (Postfix) with ESMTP id B00405082C; Tue, 7 Jul 2009 17:34:57 +0200 (CEST) Received: from paron.pingpong.net (localhost [127.0.0.1]) by paron.pingpong.net (8.14.3/8.14.3) with ESMTP id n678lx54055113; Tue, 7 Jul 2009 10:47:59 +0200 (CEST) (envelope-from girgen@paron.pingpong.net) Received: (from girgen@localhost) by paron.pingpong.net (8.14.3/8.14.3/Submit) id n678lxXa055112; Tue, 7 Jul 2009 10:47:59 +0200 (CEST) (envelope-from girgen) Date: Tue, 7 Jul 2009 10:47:59 +0200 (CEST) Message-Id: <200907070847.n678lxXa055112@paron.pingpong.net> To: FreeBSD-gnats-submit@freebsd.org From: Palle Girgensohn X-send-pr-version: 3.113 X-GNATS-Notify: X-Virus-Scanned: by amavisd-new at pingpong.net Cc: apache@freebsd.org Subject: mod_auth_kerb does not build with MIT Kerberos (security/krb5) X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Palle Girgensohn List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2009 16:06:29 -0000 >Submitter-Id: current-users >Originator: Palle Girgensohn >Organization: >Confidential: no >Synopsis: mod_auth_kerb does not build with MIT Kerberos (security/krb5) >Severity: serious >Priority: medium >Category: ports >Class: >Release: FreeBSD 7.2-STABLE i386 >Environment: System: FreeBSD paron.pingpong.net 7.2-STABLE FreeBSD 7.2-STABLE #4: Mon Jul 6 19:43:58 CEST 2009 girgen@paron.pingpong.net:/usr/obj/.a/banan/usr/src/sys/VMWARE i386 # pkg_info |egrep 'apache|openssl|mod_|krb' apache+mod_ssl+mod_deflate-1.3.41+2.8.31 The Apache 1.3 webserver with SSL/TLS functionality apache-ant-1.7.0_2 Java- and XML-based build tool, conceptually similar to mak apache-tomcat-6.0.16 Open-source Java web server by Apache, 6.x branch krb5-1.6.3_5 An authentication system developed at MIT, successor to Ker mod_auth_kerb-5.3,1 An Apache module for authenticating users with Kerberos v5 mod_gzip-1.3.26.1a_1 An Internet Content Acceleration module for Apache mod_jk-1.2.27,1 Apache JK module for connecting to Tomcat using AJP1X openssl-0.9.8k_2 SSL and crypto library >Description: www/mod_auth_kerb does not build, since MIT krb5's krb5-config is too verbose: MIT:$ /usr/local/bin/krb5-config --libs gssapi -L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -rpath=/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err HEIMDAL:$ krb5-config --libs gssapi -L/usr/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err In my world, MIT krb5's krb5-config --libs gssapi should say: $ /usr/local/bin/krb5-config --libs gssapi -L/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err >How-To-Repeat: install apache+mod_ssl install krb5 try to run cd /usr/ports/www/mod_auth_kerb && make install ===> Building for mod_auth_kerb-5.3,1 /usr/local/sbin/apxs -c -Wc,-I. -Wc,-Ispnegokrb5 -Wc,-I/usr/local/include -Wl,-L/usr/local/lib -Wl,-Wl,-rpath -Wl,-Wl,/usr/local/lib -Wl,-O2 -Wl,-fno-strict-aliasing -Wl,-pipe -Wl,-rpath=/usr/local/lib -Wl,-lgssapi_krb5 -Wl,-lkrb5 -Wl,-lk5crypto -Wl,-lcom_err src/mod_auth_kerb.c cc -DHARD_SERVER_LIMIT=512 -DDOCUMENT_LOCATION="/usr/local/www/data" -DDEFAULT_PATH="/usr/local/bin:/bin:/usr/bin" -DACCEPT_FILTER_NAME="httpready" -DFD_SETSIZE=1024 -funsigned-char -DMOD_SSL=208131 -DMOD_DEFLATE -DMOD_DEFLATE_IDLE_SUPPORTED -DEAPI -DEAPI_MM -O2 -fno-strict-aliasing -pipe -fPIC -DSHARED_MODULE -I/usr/local/include/apache -I. -Ispnegokrb5 -I/usr/local/include -c src/mod_auth_kerb.c src/mod_auth_kerb.c: In function 'create_krb5_ccache': src/mod_auth_kerb.c:819: warning: passing argument 3 of 'ap_register_cleanup' from incompatible pointer type src/mod_auth_kerb.c: In function 'get_gss_creds': src/mod_auth_kerb.c:1153: warning: passing argument 3 of 'gss_import_name' discards qualifiers from pointer target type gcc -shared -o src/mod_auth_kerb.so mod_auth_kerb.o -Wc,-I. -Wc,-Ispnegokrb5 -Wc,-I/usr/local/include -Wl,-L/usr/local/lib -Wl,-Wl,-rpath -Wl,-Wl,/usr/local/lib -Wl,-O2 -Wl,-fno-strict-aliasing -Wl,-pipe -Wl,-rpath=/usr/local/lib -Wl,-lgssapi_krb5 -Wl,-lkrb5 -Wl,-lk5crypto -Wl,-lcom_err /usr/bin/ld: unrecognized option '-Wl' /usr/bin/ld: use the --help option for usage information apxs:Break: Command failed with rc=1 gmake: *** [src/mod_auth_kerb.so] Fel 1 >Fix: dunno what the best way to fix it is, but I ran export KRB5_LDFLAGS="-L/usr/local/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" make install and that seems to have helped. Main problem is, IMO, the krb5-config verbosity. Fix this by either modify krb5-config, or if the problem is specific to mod_auth_kerb, patch the mod_auth_kerb port.