app-crypt/mit-krb5-1.18.2-r1 doesn't contain anymore krb5_rc_resolve_full, thus apache with mod_auth_kerb enabled fails to start: apache2 | * apache2 has detected an error in your setup: apache2 |apache2: Syntax error on line 166 of /etc/apache2/httpd.conf: Syntax error on line 2 of /etc/apache2/modules.d/11_mod_auth_kerb.conf: Cannot load modules/mod_auth_kerb.so into server: /usr/lib64/apache2/modules/mod_auth_kerb.so: undefned symbol: krb5_rc_resolve_full apache2 | * ERROR: apache2 failed to start Reproducible: Always Steps to Reproduce: 1. Build apache 2. Build mod_auth_kerb 3. Configure apache to use mod_auth_kerb 4. Start apache Actual Results: mod_auth_kerb.so references krb5_rc_resolve_full, even though it is removed from libkrb5.so. Thus apache fails to start. Expected Results: mod_auth_kerb.so doesn't use nonexistent API krb5_rc_resolve_full, Apache can load the mod_auth_kerb module, and can successfully start, and authenticates users through kerberos SSO.
It is somewhat related to this bug: https://bugs.gentoo.org/716736 (the method is removed in the same commit)
since this packages is on EAPI=5, and "epatch_user" is missing, was a bit harder to test patchs, but I found a working one here: https://sourceforge.net/p/modauthkerb/bugs/61/ https://sourceforge.net/p/modauthkerb/bugs/_discuss/thread/face832cc0/807c/attachment/krb5-1.18.patch Applying this, the Kerberos authentication works again.
Confirmed... anyway, any official solution, PullRequest or something available?
Created attachment 660420 [details, diff] mit-krb5-1.18.2 fix Works for me. RCACHE is mandatory these days so hardcode
(In reply to Barnabás Virágh from comment #2) > since this packages is on EAPI=5, and "epatch_user" is missing, was a bit > harder to test patchs, but I found a working one here: > https://sourceforge.net/p/modauthkerb/bugs/61/ > > https://sourceforge.net/p/modauthkerb/bugs/_discuss/thread/face832cc0/807c/ > attachment/krb5-1.18.patch > > Applying this, the Kerberos authentication works again. That was my first hack, attached a better one. Works with 1.17 too
Created attachment 660423 [details, diff] Fixes SEGV You should apply this one too
Created attachment 660426 [details] mod_auth_kerb-5.4-r4 ebuild , EAPI=6 Our internal ebuild Got one for mod_auth_gssapi too, not tested though
Fix here: https://bugs.gentoo.org/830208#c7. Stabilisation in progress.