From owner-freebsd-questions@FreeBSD.ORG Wed Jun 2 16:56:49 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F30D21065678 for ; Wed, 2 Jun 2010 16:56:48 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from mail-pz0-f175.google.com (mail-pz0-f175.google.com [209.85.222.175]) by mx1.freebsd.org (Postfix) with ESMTP id C354F8FC1D for ; Wed, 2 Jun 2010 16:56:48 +0000 (UTC) Received: by pzk5 with SMTP id 5so3503243pzk.14 for ; Wed, 02 Jun 2010 09:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=uEqMWWM3ohKUDjFP4Ht8SyG9aGXeiObccWS0tarWYLk=; b=Ur2yzEXh2wL3mt4dZhuyO+1HngV81mBoeTl1z3m/LU57H/5ZChaZX6UP/rkQl3faX3 s8AheRmGWSuBreKs0+E6IyJEjAr899cYSFdJ50+SCVJR8XA5tRQQ/38oWAamSvW9onsW zD1/kE/Uy/ApGCbDHXmxnQhlS238Ck9owr1Kg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=scgRiEkOyUcfoPqGeB6/zX2fy6hMo63U2YktbW+e5sR6Gfo4LxQzLczIxOSzT2y8N7 JZF/Rcyz6kbeAmqyi5eCvX7lIyuE+248ibkqQDDzX2UoDpXTG645Oz22FYjxVoBzeqyv TczgQErZr1sop9ZfGFu/m1rw5ZgSiouzC0myQ= MIME-Version: 1.0 Received: by 10.143.87.2 with SMTP id p2mr5091641wfl.323.1275497807687; Wed, 02 Jun 2010 09:56:47 -0700 (PDT) Received: by 10.231.141.215 with HTTP; Wed, 2 Jun 2010 09:56:47 -0700 (PDT) In-Reply-To: <4C0622C2.7080408@gmail.com> References: <4BF532F7.7070003@gmail.com> <4C0622C2.7080408@gmail.com> Date: Wed, 2 Jun 2010 10:56:47 -0600 Message-ID: From: Tim Judd To: John Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: Apache 2.2, mod_auth_kerb X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jun 2010 16:56:49 -0000 On 6/2/10, John wrote: > On 2010-05-20 23:34, Tim Judd wrote: >> On 5/20/10, John wrote: >>> Hi list. >>> >>> I'm having problems getting mod_auth_kerb to play nice on one of my >>> servers. >>> I have the exact same setup on other machines and it works perfectly, >>> only difference is this ones running CURRENT while they track RELEASE. >>> >>> Some info: >>> >>> # pkg_info|grep apache&& pkg_info|grep kerb >>> apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. >>> mod_auth_kerb-5.4 An Apache module for authenticating users with >>> Kerberos v5 >>> >>> # uname -a >>> FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 >>> 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 >>> >>> >>> Everything compiles and installs nicely, but when I try to do a >>> 'apachectl start' I get this: >>> >>> httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: >>> Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>> "gsskrb5_register_acceptor_identity" >>> >>> Is this due to running current? >>> If it is I will drop the issue right now, I just want to know for sure >>> before I spend hours trying to solve it. >>> >> >> >> It begins to look like GSSAPI is not in there. GSSAPI is part of >> world. You may need to rebuild kerberos with GSSAPI support. Are you >> using the builtin MIT or the add-on heimdal kerberos? > > I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I > though that was builtin by default in FreeBSD since 5.1 somewhere? > > klist, kinit and kdestroy all works fine and I can authenticate against > an Active Directory server, but I just cant get Apache to load the > mod_auth_kerb module. > > I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have > exactly the same error there so it's not related to running current. > What am I doing wrong? I don't know if I'm reading bsd.apache.mk right (included due to the dependency of apache webserver), but mod_auth_kerb may require apache 1.3, not 2.x does your 8.1 have apache1.3? Maybe it has both nd 1.3 is running? I would bet that a 1.3 module won't work in 2.x does apache2.x have a kerberos module? there have been a ton of additions to apache2.x Let us know.