Bug 212325

Summary: New port: www/mod_auth_gssapi GSSAPI authentication module for Apache
Product: Ports & Packages Reporter: Christian Ullrich <chris>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Only Me CC: pi
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Description Flags
New port
Updated new port
Updated new port none

Description Christian Ullrich 2016-09-02 08:14:51 UTC
Created attachment 174308 [details]
New port

"This module has been built as a replacement for the aging mod_auth_kerb. Its aim is to use only GSSAPI calls and be as much as possible agnostic of the actual mechanism used."

I took a lot of inspiration from other Apache module port's Makefiles, particularly the do-install target (which is a workaround for libtool's inability not to install .la and .a files). Any improvement suggestions
will be welcome.

Comment 1 Kurt Jaeger freebsd_committer 2016-09-04 19:44:37 UTC
Have you tried to USE_GITHUB instead of using a MASTER_SITES which points to github ?

Comment 2 Christian Ullrich 2016-09-04 19:55:17 UTC
I did, and as far as I can tell, USE_GITHUB can only download tags (that is, repo snapshots), not prepared release tarballs.

If I use that, I also have to do USES=autoreconf, and I thought it was better to avoid that if possible.
Comment 3 Christian Ullrich 2016-09-05 08:22:22 UTC
Created attachment 174381 [details]
Updated new port

New patch with USE_GITHUB, USES=autoreconf.

I have also added an override of $KRB5_CONFIG in CONFIGURE_ENV, because without that, the port will compile with port MIT headers, then link with base Heimdal libraries, and eventually fail to run due to undefined symbols.
Comment 4 Kurt Jaeger freebsd_committer 2016-09-05 17:59:08 UTC
Comment 5 Kurt Jaeger freebsd_committer 2016-09-05 18:25:39 UTC
Testbuilds fail in configure phase. See


(identical problem for the other platforms 11a, 10i, 9.3a)
Comment 6 Christian Ullrich 2016-09-07 08:45:31 UTC
Created attachment 174468 [details]
Updated new port

- Fixes OpenSSL selection (base and port) on 9, 10, 11
  - IGNOREs with base OpenSSL on 9, due to API incompatibility
- IGNOREs with any LibreSSL, due to (im)proper use of footgun with regard
- Adds module configuration file
  - I arbitrarily chose the load order prefix (240, currently vacant) based
    on information from apache@ that there are no rules for selecting it
Comment 7 commit-hook freebsd_committer 2016-09-10 19:10:24 UTC
A commit references this bug:

Author: pi
Date: Sat Sep 10 19:10:08 UTC 2016
New revision: 421727
URL: https://svnweb.freebsd.org/changeset/ports/421727

  New port: www/mod_auth_gssapi

  This module adds support for single-sign-on authentication via GSSAPI
  to the Apache httpd. It is intended as a successor to mod_auth_kerb.

  WWW: https://github.com/modauthgssapi/mod_auth_gssapi

  PR:		212325
  Submitted by:	chris@chrullrich.net

Comment 8 Kurt Jaeger freebsd_committer 2016-09-10 19:10:37 UTC
Committed, thanks!