# What's the go with Kerberos/GSSAPI in 8-stable?



## jyavenard (Sep 12, 2010)

Hi.

I've had a great deal of pain to unsuccessfully compile mod_auth_kerb on my FreeBSD 8.1 box.

According to various places:
http://www.freebsd.org/cgi/query-pr.cgi?pr=147454 (libgssapi (heimdal) broken in head/, stable/8/, and releng/8.0/)
http://www.freebsd.org/cgi/query-pr.cgi?pr=147282 (errors when starting www/apache22 after installation of mod_auth_kerb2)
(the list goes on).

Seems to be related to libgssapi broken in anything >= 8.0

I see that some patches were posted by Benjamin Lee, in ticket 147454, but I would prefer something all done in port, so that I do not have to recompile the whole base.

Any advice on the best way to proceed to re-introduce kerberos and libgssapi support in FreeBSD 8 ?
Thank you


----------



## garrych (Feb 8, 2011)

I second that.
I've managed to compile mod_auth_kerb2 against base Heimdal with patched file/patch-Makefile.in, where I've added link to libgssapi_krb5 to dismiss error while `# service apache22 configtest`

```
+       ./apxs.sh "${CPPFLAGS}" "${LDFLAGS}[B] -lgssapi_krb5[/B]" "${SPNEGO_SRCS}" "${APXS}" "-c -i -a" "src/mod_auth_kerb.c"
```

I can authenticate with the 

```
KrbMethodNegotiate off
KrbMethodK5Passwd on
```
 in httpd.conf
But GSS-API (SPNEGO) causes segfault


----------



## jyavenard (Feb 9, 2011)

What I ended up doing was to simply disable kerberos completely in base.

Added:

```
NO_KERBEROS=yes
KRB5_HOME=/usr/local
KRB5_IMPL=mit
```

in /etc/make.conf

Then recompiled world.

Make sure you run [CMD=]make delete-old-libs[/CMD] after so any old (useless) kerberos libraries are removed.

Then compiled krb5 and mod_auth_kerb2 and any ports using kerberos libraries.

This solved the issue for me.

I doubt this kerberos will ever get fixed unfortunately. The more it goes, the more I want to get away from FreeBSD, the pain in getting things to work with 3rd parties tool keep getting bigger and bigger.


----------

