Re: Apache 2.2, mod_auth_kerb
On 06/03/2010 02:16 AM, John wrote: > On 2010-06-03 07:45, Benjamin Lee wrote: >> On 05/20/2010 06:02 AM, John wrote: >> >>> Hi list. >>> >>> I'm having problems getting mod_auth_kerb to play nice on one of my >>> servers. >>> I have the exact same setup on other machines and it works perfectly, >>> only difference is this ones running CURRENT while they track RELEASE. >>> >>> Some info: >>> >>> # pkg_info|grep apache&& pkg_info|grep kerb >>> apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. >>> mod_auth_kerb-5.4 An Apache module for authenticating users with >>> Kerberos v5 >>> >>> # uname -a >>> FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 >>> 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 >>> >>> >>> Everything compiles and installs nicely, but when I try to do a >>> 'apachectl start' I get this: >>> >>> httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: >>> Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>> "gsskrb5_register_acceptor_identity" >>> >>> Is this due to running current? >>> If it is I will drop the issue right now, I just want to know for sure >>> before I spend hours trying to solve it. >>> >> Hi John, >> >> What is the output of 'ldd /usr/local/libexec/apache22/mod_auth_kerb.so'? >> >> > > /usr/local/libexec/apache22/mod_auth_kerb.so: > libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x281b8000) > libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x281c1000) > libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x281c6000) > libhx509.so.10 => /usr/lib/libhx509.so.10 (0x28224000) > libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x2825a000) > libcrypto.so.6 => /lib/libcrypto.so.6 (0x2825c000) > libasn1.so.10 => /usr/lib/libasn1.so.10 (0x2880) > libroken.so.10 => /usr/lib/libroken.so.10 (0x283c1000) > libcrypt.so.5 => /lib/libcrypt.so.5 (0x283d1000) > libc.so.7 => /lib/libc.so.7 (0x28091000) Hi John, It looks like libgssapi (and potentially other parts of heimdal) have been broken in head/ since the heimdal-1.1 merge. Thus, it's now also broken in stable/8/ and releng/8.0/. I've filed a PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=147454 -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Apache 2.2, mod_auth_kerb
On 2010-06-03 07:45, Benjamin Lee wrote: On 05/20/2010 06:02 AM, John wrote: Hi list. I'm having problems getting mod_auth_kerb to play nice on one of my servers. I have the exact same setup on other machines and it works perfectly, only difference is this ones running CURRENT while they track RELEASE. Some info: # pkg_info|grep apache&& pkg_info|grep kerb apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. mod_auth_kerb-5.4 An Apache module for authenticating users with Kerberos v5 # uname -a FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 Everything compiles and installs nicely, but when I try to do a 'apachectl start' I get this: httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol "gsskrb5_register_acceptor_identity" Is this due to running current? If it is I will drop the issue right now, I just want to know for sure before I spend hours trying to solve it. Hi John, What is the output of 'ldd /usr/local/libexec/apache22/mod_auth_kerb.so'? /usr/local/libexec/apache22/mod_auth_kerb.so: libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x281b8000) libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x281c1000) libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x281c6000) libhx509.so.10 => /usr/lib/libhx509.so.10 (0x28224000) libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x2825a000) libcrypto.so.6 => /lib/libcrypto.so.6 (0x2825c000) libasn1.so.10 => /usr/lib/libasn1.so.10 (0x2880) libroken.so.10 => /usr/lib/libroken.so.10 (0x283c1000) libcrypt.so.5 => /lib/libcrypt.so.5 (0x283d1000) libc.so.7 => /lib/libc.so.7 (0x28091000) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache 2.2, mod_auth_kerb
On 05/20/2010 06:02 AM, John wrote: > Hi list. > > I'm having problems getting mod_auth_kerb to play nice on one of my > servers. > I have the exact same setup on other machines and it works perfectly, > only difference is this ones running CURRENT while they track RELEASE. > > Some info: > > # pkg_info|grep apache && pkg_info|grep kerb > apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. > mod_auth_kerb-5.4 An Apache module for authenticating users with > Kerberos v5 > > # uname -a > FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 > 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 > > > Everything compiles and installs nicely, but when I try to do a > 'apachectl start' I get this: > > httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol > "gsskrb5_register_acceptor_identity" > > Is this due to running current? > If it is I will drop the issue right now, I just want to know for sure > before I spend hours trying to solve it. Hi John, What is the output of 'ldd /usr/local/libexec/apache22/mod_auth_kerb.so'? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Apache 2.2, mod_auth_kerb
On 6/2/10, John wrote: > On 2010-06-02 18:56, Tim Judd wrote: >> On 6/2/10, John wrote: >>> On 2010-05-20 23:34, Tim Judd wrote: On 5/20/10, John wrote: > Hi list. > > I'm having problems getting mod_auth_kerb to play nice on one of my > servers. > I have the exact same setup on other machines and it works perfectly, > only difference is this ones running CURRENT while they track RELEASE. > > Some info: > > # pkg_info|grep apache&& pkg_info|grep kerb > apache-2.2.15_7 Version 2.2.x of Apache web server with prefork > MPM. > mod_auth_kerb-5.4 An Apache module for authenticating users with > Kerberos v5 > > # uname -a > FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 > 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 > > > Everything compiles and installs nicely, but when I try to do a > 'apachectl start' I get this: > > httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol > "gsskrb5_register_acceptor_identity" > > Is this due to running current? > If it is I will drop the issue right now, I just want to know for sure > before I spend hours trying to solve it. > It begins to look like GSSAPI is not in there. GSSAPI is part of world. You may need to rebuild kerberos with GSSAPI support. Are you using the builtin MIT or the add-on heimdal kerberos? >>> >>> I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I >>> though that was builtin by default in FreeBSD since 5.1 somewhere? >>> >>> klist, kinit and kdestroy all works fine and I can authenticate against >>> an Active Directory server, but I just cant get Apache to load the >>> mod_auth_kerb module. >>> >>> I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have >>> exactly the same error there so it's not related to running current. >>> What am I doing wrong? >> >> >> I don't know if I'm reading bsd.apache.mk right (included due to the >> dependency of apache webserver), but mod_auth_kerb may require apache >> 1.3, not 2.x >> >> does your 8.1 have apache1.3? Maybe it has both nd 1.3 is running? >> >> I would bet that a 1.3 module won't work in 2.x >> >> does apache2.x have a kerberos module? there have been a ton of >> additions to apache2.x >> >> >> >> Let us know. > > Are you looking at /usr/ports/www/mod_auth_kerb or > /usr/ports/www/mod_auth_kerb2? > > mod_auth_kerb2 is for apache 2.x was looking at ports/www/mod_auth_kerb i think i'm outta ideas. was basic troubleshooting, but I've kind of given up on kerberos auth. binding to LDAP works when working against Microsoft AD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache 2.2, mod_auth_kerb
On 2010-06-02 18:56, Tim Judd wrote: On 6/2/10, John wrote: On 2010-05-20 23:34, Tim Judd wrote: On 5/20/10, John wrote: Hi list. I'm having problems getting mod_auth_kerb to play nice on one of my servers. I have the exact same setup on other machines and it works perfectly, only difference is this ones running CURRENT while they track RELEASE. Some info: # pkg_info|grep apache&& pkg_info|grep kerb apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. mod_auth_kerb-5.4 An Apache module for authenticating users with Kerberos v5 # uname -a FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 Everything compiles and installs nicely, but when I try to do a 'apachectl start' I get this: httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol "gsskrb5_register_acceptor_identity" Is this due to running current? If it is I will drop the issue right now, I just want to know for sure before I spend hours trying to solve it. It begins to look like GSSAPI is not in there. GSSAPI is part of world. You may need to rebuild kerberos with GSSAPI support. Are you using the builtin MIT or the add-on heimdal kerberos? I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I though that was builtin by default in FreeBSD since 5.1 somewhere? klist, kinit and kdestroy all works fine and I can authenticate against an Active Directory server, but I just cant get Apache to load the mod_auth_kerb module. I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have exactly the same error there so it's not related to running current. What am I doing wrong? I don't know if I'm reading bsd.apache.mk right (included due to the dependency of apache webserver), but mod_auth_kerb may require apache 1.3, not 2.x does your 8.1 have apache1.3? Maybe it has both nd 1.3 is running? I would bet that a 1.3 module won't work in 2.x does apache2.x have a kerberos module? there have been a ton of additions to apache2.x Let us know. Are you looking at /usr/ports/www/mod_auth_kerb or /usr/ports/www/mod_auth_kerb2? mod_auth_kerb2 is for apache 2.x ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache 2.2, mod_auth_kerb
On 6/2/10, John wrote: > On 2010-05-20 23:34, Tim Judd wrote: >> On 5/20/10, John wrote: >>> Hi list. >>> >>> I'm having problems getting mod_auth_kerb to play nice on one of my >>> servers. >>> I have the exact same setup on other machines and it works perfectly, >>> only difference is this ones running CURRENT while they track RELEASE. >>> >>> Some info: >>> >>> # pkg_info|grep apache&& pkg_info|grep kerb >>> apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. >>> mod_auth_kerb-5.4 An Apache module for authenticating users with >>> Kerberos v5 >>> >>> # uname -a >>> FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 >>> 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 >>> >>> >>> Everything compiles and installs nicely, but when I try to do a >>> 'apachectl start' I get this: >>> >>> httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: >>> Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>> "gsskrb5_register_acceptor_identity" >>> >>> Is this due to running current? >>> If it is I will drop the issue right now, I just want to know for sure >>> before I spend hours trying to solve it. >>> >> >> >> It begins to look like GSSAPI is not in there. GSSAPI is part of >> world. You may need to rebuild kerberos with GSSAPI support. Are you >> using the builtin MIT or the add-on heimdal kerberos? > > I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I > though that was builtin by default in FreeBSD since 5.1 somewhere? > > klist, kinit and kdestroy all works fine and I can authenticate against > an Active Directory server, but I just cant get Apache to load the > mod_auth_kerb module. > > I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have > exactly the same error there so it's not related to running current. > What am I doing wrong? I don't know if I'm reading bsd.apache.mk right (included due to the dependency of apache webserver), but mod_auth_kerb may require apache 1.3, not 2.x does your 8.1 have apache1.3? Maybe it has both nd 1.3 is running? I would bet that a 1.3 module won't work in 2.x does apache2.x have a kerberos module? there have been a ton of additions to apache2.x Let us know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache 2.2, mod_auth_kerb
On 2010-05-20 23:34, Tim Judd wrote: On 5/20/10, John wrote: Hi list. I'm having problems getting mod_auth_kerb to play nice on one of my servers. I have the exact same setup on other machines and it works perfectly, only difference is this ones running CURRENT while they track RELEASE. Some info: # pkg_info|grep apache&& pkg_info|grep kerb apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. mod_auth_kerb-5.4 An Apache module for authenticating users with Kerberos v5 # uname -a FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 Everything compiles and installs nicely, but when I try to do a 'apachectl start' I get this: httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol "gsskrb5_register_acceptor_identity" Is this due to running current? If it is I will drop the issue right now, I just want to know for sure before I spend hours trying to solve it. It begins to look like GSSAPI is not in there. GSSAPI is part of world. You may need to rebuild kerberos with GSSAPI support. Are you using the builtin MIT or the add-on heimdal kerberos? I'm using the builtin. How do I rebuild kerberos with GSSAPI support, I though that was builtin by default in FreeBSD since 5.1 somewhere? klist, kinit and kdestroy all works fine and I can authenticate against an Active Directory server, but I just cant get Apache to load the mod_auth_kerb module. I just did a clean install of a FreeBSD 8.1-PRERELEASE, and I have exactly the same error there so it's not related to running current. What am I doing wrong? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache 2.2, mod_auth_kerb
On 5/20/10, John wrote: > Hi list. > > I'm having problems getting mod_auth_kerb to play nice on one of my servers. > I have the exact same setup on other machines and it works perfectly, > only difference is this ones running CURRENT while they track RELEASE. > > Some info: > > # pkg_info|grep apache && pkg_info|grep kerb > apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. > mod_auth_kerb-5.4 An Apache module for authenticating users with > Kerberos v5 > > # uname -a > FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 > 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 > > > Everything compiles and installs nicely, but when I try to do a > 'apachectl start' I get this: > > httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol > "gsskrb5_register_acceptor_identity" > > Is this due to running current? > If it is I will drop the issue right now, I just want to know for sure > before I spend hours trying to solve it. > It begins to look like GSSAPI is not in there. GSSAPI is part of world. You may need to rebuild kerberos with GSSAPI support. Are you using the builtin MIT or the add-on heimdal kerberos? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Apache 2.2, mod_auth_kerb
Hi list. I'm having problems getting mod_auth_kerb to play nice on one of my servers. I have the exact same setup on other machines and it works perfectly, only difference is this ones running CURRENT while they track RELEASE. Some info: # pkg_info|grep apache && pkg_info|grep kerb apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. mod_auth_kerb-5.4 An Apache module for authenticating users with Kerberos v5 # uname -a FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 Everything compiles and installs nicely, but when I try to do a 'apachectl start' I get this: httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol "gsskrb5_register_acceptor_identity" Is this due to running current? If it is I will drop the issue right now, I just want to know for sure before I spend hours trying to solve it. -- J ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
