# mini-howto: Building www/nginx with MIT kerberos from ports



## zirias@ (Sep 4, 2016)

So trying to do as the thread title suggests, I found the following lines in www/nginx's Makefile:

```
# TODO: Provide optional dependence on Kerberos implementations from ports
USES+=  gssapi:base,flags
```
Ok, easy thing, just change it to

```
# TODO: Provide optional dependence on Kerberos implementations from ports
USES+=  gssapi:mit
```
and be done 

Well, not really ... port still tries to link -lgssapi and before anyone has to do the same detective work, I'll just post what I found:

This line from upstream unconditionally adds -lgssapi as soon as the build host runs FreeBSD. So, the obvious solution is -- change files/extra-patch-spnego-http-auth-nginx-module-config so it removes this nonsense:

```
--- ../spnego-http-auth-nginx-module-c85a38c/config.orig        2015-06-13 20:49:15.590751000 +0300
+++ ../spnego-http-auth-nginx-module-c85a38c/config     2015-06-13 20:49:31.024936000 +0300
@@ -1,7 +1,4 @@
 ngx_addon_name=ngx_http_auth_spnego_module
 HTTP_MODULES="$HTTP_MODULES ngx_http_auth_spnego_module"
 NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c"
-CORE_LIBS="$CORE_LIBS -lgssapi_krb5 -lkrb5 -lcom_err"
-if uname -o | grep -q FreeBSD; then
-    CORE_LIBS="$CORE_LIBS -lgssapi"
-fi
+CORE_LIBS="$CORE_LIBS %%GSSAPILIBS%% -lcom_err"
```
NOW you're done


----------

