netbsd-help: Re: mod_auth

Subject: Re: mod_auth_kerb
To: Jukka Salmi <j+nbsd@2005.salmi.ch>
From: Thierry Lacoste <th.lacoste@wanadoo.fr>
List: netbsd-help
Date: 06/28/2005 11:45:19
On Monday 27 June 2005 23:06, Jukka Salmi wrote:
> Thierry Lacoste --> netbsd-help (2005-07-01 18:56:13 +0200):
> > I can't install mod_auth_kerb on -current.
> > I tried either the instructions of
> > http://modauthkerb.sourceforge.net/
> > or those of Oreilly's book on Kerberos.
> >
> > Did someone make it work on NetBSD? How?
>
> I use it with netbsd-2 and Apache from pkgsrc HEAD. What did you try,
> and how did it fail?

I installed /usr/pkgsrc/www/apache

$ httpd -v
Server version: Apache/1.3.33 (Unix)
Server built:   Jun 20 2005 22:26:06

After configuring /etc/krb5.conf I ensured that the machine
works as a kerberos client (I use heimdal from the core system).

I downloaded mod_auth_kerb-5.0-rc6.tar.gz from 
http://sourceforge.net/project/showfiles.php?group_id=51775

$ tar -xvzf mod_auth_kerb-5.0-rc6.tar.gz
$ cd mod_auth_kerb-5.0-rc6
$ ./configure
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking whether make sets $(MAKE)... yes
checking for main in -lresolv... yes
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... no
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for unistd.h... (cached) yes
checking for size_t... yes
checking whether struct tm is in sys/time.h or time.h... sys/time.h
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking for krb5_init_context in -lkrb5... yes
checking whether we are using Heimdal... no
checking for Kerberos4 installation... no
checking for apxs... /usr/pkg/sbin/apxs
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h

Well the line 'checking whether we are using Heimdal... no'
doesn't sound good.
I tried to set --with-krb5 but I didn't find any satisfying value.

$ make
/usr/pkg/sbin/apxs -c -I. -Ispnegokrb5 -I/usr/pkg/include/krb5    
-L/usr/pkg/lib -lgssapi -lkrb5 -lasn1 -ldes -ldes -lcrypto -lroken -lcrypt  
-lresolv src/mod_auth_kerb.c spnegokrb5/asn1_MechType.c                 
spnegokrb5/asn1_MechTypeList.c             spnegokrb5/asn1_ContextFlags.c             
spnegokrb5/asn1_NegTokenInit.c             spnegokrb5/asn1_NegTokenTarg.c             
spnegokrb5/der_get.c                       spnegokrb5/der_put.c                       
spnegokrb5/der_free.c                      spnegokrb5/der_length.c                    
spnegokrb5/der_copy.c                      spnegokrb5/timegm.c    
spnegokrb5/init_sec_context.c              spnegokrb5/accept_sec_context.c          
spnegokrb5/encapsulate.c                   spnegokrb5/decapsulate.c                
spnegokrb5/external.c
cc -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DNETBSD -DEAPI -DEAPI_MM -O2 
-I/usr/pkg/include -I/usr/include -fPIC -DPIC -DSHARED_MODULE 
-I/usr/pkg/include/httpd -I. -Ispnegokrb5 -I/usr/pkg/include/krb5  -c 
src/mod_auth_kerb.c
In file included from /usr/include/sys/select.h:39,
                 from /usr/include/sys/time.h:234,
                 from /usr/include/sys/stat.h:46,
                 from /usr/pkg/include/httpd/ap_config.h:47,
                 from /usr/pkg/include/httpd/httpd.h:29,
                 from src/mod_auth_kerb.c:51:
/usr/include/sys/fd_set.h:63: error: redefinition of `struct fd_set'
src/mod_auth_kerb.c:70:37: gssapi/gssapi_generic.h: No such file or directory
src/mod_auth_kerb.c:71:34: gssapi/gssapi_krb5.h: No such file or directory
In file included from src/mod_auth_kerb.c:200:
src/mit-internals.h:108: error: parse error before "krb5_magic"
[snip]

I also tried to compile mod_auth_kerb.c from 
http://sourceforge.net/project/showfiles.php?group_id=51775
with apxs but I invariably hit some errors about a missing
gssapi/gssapi_generic.h

Regards,
Thierry.