Dear all,
I installed mod_auth_kerb2 on my FreeBSD 8-STABLE machine and tried to
use it. After the installation (which was successful(?!?)), the server
refused to start giving the error:
# /usr/local/etc/rc.d/apache22 start
Performing sanity check on apache22 configuration:
httpd: Syntax error on line 103 of /usr/local/etc/apache22/httpd.conf:
Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server:
/usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol
"gsskrb5_register_acceptor_identity"
Starting apache22.
httpd: Syntax error on line 103 of /usr/local/etc/apache22/httpd.conf:
Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server:
/usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol
"gsskrb5_register_acceptor_identity"
/usr/local/etc/rc.d/apache22: WARNING: failed to start apache22
but ldd showed:
# ldd /usr/local/libexec/apache22/mod_auth_kerb.so
/usr/local/libexec/apache22/mod_auth_kerb.so:
libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x800c00000)
libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x800d0a000)
libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x800e0f000)
libhx509.so.10 => /usr/lib/libhx509.so.10 (0x800f7e000)
libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8010be000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x8011c0000)
libasn1.so.10 => /usr/lib/libasn1.so.10 (0x801461000)
libroken.so.10 => /usr/lib/libroken.so.10 (0x8015e3000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x8016f5000)
libc.so.7 => /lib/libc.so.7 (0x800647000)
which showed that everything should have been fine. I googled it a bit
and found this thread regarding my error message:
http://forum.nginx.org/read.php?23,88476 , which started on May 2010,
and pointed to this PR:
http://www.freebsd.org/cgi/query-pr.cgi?pr=147454 , which started on
June 2010. What is stated, is that heimdal-1.1 was broken in FreeBSD,
and that it should be fixed at some moment in the future. (I tested
mod_auth_kerb2 on another machine running heimdal from ports (1.4_1) and
I had exactly the same problem).
I searched to find where this notorious function
(gsskrb5_register_acceptor_identity) was located, and I found its
declaration in: /usr/include/gssapi/gssapi_krb5.h, and its definition
in: /usr/lib/libgssapi_krb5.so.
So, I added -lgssapi_krb5 in KRB5_LDFLAGS variable of
/usr/ports/www/mod_auth_kerb2/work/mod_auth_kerb-5.4/Makefile , since
this where the location of gsskrb5_register_acceptor_identity originally
seemed to be, and reinstalled the port using gmake this time (inside the
port's work directory). After that, the module works just fine. The
initial content of this line was:
KRB5_LDFLAGS = -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err
-lcrypto -lasn1 -lroken -lcrypt
I've sent an analogous email to the port maintainer, but I am not sure
if it is their "fault". Hence, I decided to send this email to the
stable list for two reasons: First, someone else may be having a similar
problem and wants to find a rough solution. Secondly, there are people
reading this list that know heimdal's code, so somebody may know another
(much more elegant) way to fix this bug.
Thank you all for your time in advance,
Regards,
mamalos.
--
George Mamalakis
IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
