Comment 1 Sam James 2021-12-29 07:20:51 UTC

I don't think mit-krb5 installes the Apache module, does it?

Comment 2 Sam James 2021-12-29 07:32:31 UTC

Can you try https://sources.debian.org/data/main/liba/libapache-mod-auth-kerb/5.4-2.5/debian/patches/0011-Always-use-NONE-replay-cache-type.patch please?

1 out of 3 hunks FAILED 

src/mod_auth_kerb.c.rej
--- src/mod_auth_kerb.c
+++ src/mod_auth_kerb.c
@@ -2057,27 +2057,6 @@ kerb_authenticate_user(request_rec *r)
    return ret;
 }

-static int
-have_rcache_type(const char *type)
-{
-   krb5_error_code ret;
-   krb5_context context;
-   krb5_rcache id = NULL;
-   int found;
-
-   ret = krb5_init_context(&context);
-   if (ret)
-      return 0;
-
-   ret = krb5_rc_resolve_full(context, &id, "none:");
-   found = (ret == 0);
-
-   if (ret == 0)
-      krb5_rc_destroy(context, id);
-   krb5_free_context(context);
-
-   return found;
-}

 /***************************************************************************
  Module Setup/Configuration

Comment 4 Sam James 2021-12-29 08:15:58 UTC

You should be able to delete that hunk for testing purposes.

Created attachment 760702 [details, diff]
patch for latest ebuild

to be included as last patch in ebuild

I created mod_auth_kerb-5.4-r4.ebuild from current mod_auth_kerb-5.4-r3.ebuild and simply added the patch as so:

PATCHES=(
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch
        "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch
        "${FILESDIR}"/0011-Always-use-NONE-replay-cache-type.patch
)

Emerged mod_auth_kerb and an apache service restart does NOT complain anymore.

Comment 7 Larry the Git Cow 2021-12-29 08:39:10 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4c542201cff236f67aac6eaa0ca86863d34df80

commit b4c542201cff236f67aac6eaa0ca86863d34df80
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-29 08:38:06 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-29 08:38:06 +0000

    www-apache/mod_auth_kerb: add Debian patch for krb5 ABI break
    
    Was using an internal API.
    
    Closes: https://bugs.gentoo.org/830208
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/mod_auth_kerb-5.4-api-change-krb5.patch  | 51 ++++++++++++++++++
 .../mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild      | 63 ++++++++++++++++++++++
 2 files changed, 114 insertions(+)

Comment 8 Sam James 2021-12-29 08:39:45 UTC

Thanks for testing!

Stable won't work at all right now so let's stable immediately.

Please consider adding mod_auth_kerb-krb5_kt_close.patch from
https://sourceforge.net/p/modauthkerb/bugs/61/

This patch was developed by us some years ago and is essential to us.

Comment 11 Sam James 2021-12-29 09:09:57 UTC

(In reply to Joakim Tjernlund from comment #10)
> Please consider adding mod_auth_kerb-krb5_kt_close.patch from
> https://sourceforge.net/p/modauthkerb/bugs/61/
> 
> This patch was developed by us some years ago and is essential to us.

Done, I think, in bug 673066 (I noticed it after I added the original patch but it's in -r5). Thank you!

(In reply to Sam James from comment #11)
> (In reply to Joakim Tjernlund from comment #10)
> > Please consider adding mod_auth_kerb-krb5_kt_close.patch from
> > https://sourceforge.net/p/modauthkerb/bugs/61/
> > 
> > This patch was developed by us some years ago and is essential to us.
> 
> Done, I think, in bug 673066 (I noticed it after I added the original patch
> but it's in -r5). Thank you!

Yes, that is the one. Thanks

Comment 13 Sam James 2022-01-01 11:06:12 UTC

amd64 done

Comment 14 Sam James 2022-01-02 00:03:07 UTC

x86 done

all arches done