Kerberized Apache

Ido Levy IDOL at il.ibm.com
Wed Feb 20 13:03:52 EST 2008 

Hello Sebastian,

Thank you for your help.
My comments are integrated below.

Ido Levy


kerberos-bounces at mit.edu wrote on 19/02/2008 18:16:49:

> Ido Levy <IDOL at il.ibm.com> writes:
>
> > I am looking for a way to enable users to get access to their space
through
> > the web browser.
> > I would like to integrate it with our Kerberized SSO environment as
well.
> > I tried this module http://modauthkerb.sourceforge.net/ but I have
> > encounter some issues:
>
> Using mod_auth_gss
> (<http://cvs.opensolaris.
>
org/source/raw/sfwnv/test_stevel/usr/src/cmd/apache2/mod_auth_gss/mod_auth_gss.

> c>,
> install with "apxs -c -i -l gss mod_auth_gss.c") I have apache-2.2.8
> running with authentication via Kerberos. While mod_auth_kerb has the
> advantage of providing a username/password fallback, I haven't compiled
> it under Solaris.

Following your advice I tried to compile the module on RHEL 5 64 bit
architecture.
Unfortunately I got the following:

/usr/sbin/apxs -c -i -l gss ./mod_auth_gss.c
/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2
-g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic  -DLINUX=2 -D_REENTRANT
-D_GNU_SOURCE -pthread -I/usr/include/httpd  -I/usr/include/apr-1
-I/usr/include/apr-1   -c -o ./mod_auth_gss.lo ./mod_auth_gss.c &&
touch ./mod_auth_gss.slo
./mod_auth_gss.c:1: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:20:29: warning: character constant too long for its type
./mod_auth_gss.c:21:27: warning: character constant too long for its type
./mod_auth_gss.c:22:36: warning: character constant too long for its type
./mod_auth_gss.c:23:27: warning: character constant too long for its type
./mod_auth_gss.c:28: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:30: error: stray '#' in program
./mod_auth_gss.c:31:16: error: invalid suffix "px" on integer constant
./mod_auth_gss.c:32: error: stray '#' in program
./mod_auth_gss.c:38:15: error: exponent has no digits
./mod_auth_gss.c:39:18: error: invalid suffix "px" on integer constant
./mod_auth_gss.c:41: error: stray '#' in program
./mod_auth_gss.c:41: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'Iconbar',
./mod_auth_gss.c:41: error: stray '#' in program;
./mod_auth_gss.c:44: error: stray '#' in program;
./mod_auth_gss.c:44: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'Iconbar',
./mod_auth_gss.c:44: error: stray '#' in program;
./mod_auth_gss.c:47: error: stray '#' in program;
./mod_auth_gss.c:47: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'Iconbar',
./mod_auth_gss.c:47: error: stray '#' in program;
./mod_auth_gss.c:50: error: stray '#' in program;
./mod_auth_gss.c:50: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'Iconbar',
./mod_auth_gss.c:50: error: stray '#' in program;
./mod_auth_gss.c:53: error: stray '#' in program;
./mod_auth_gss.c:53: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'Iconbar',
./mod_auth_gss.c:53: error: stray '#' in program;
./mod_auth_gss.c:56: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:143: error: stray '#' in program
./mod_auth_gss.c:145: error: stray '#' in program
./mod_auth_gss.c:145: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:146: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:146: error: stray '#' in program
./mod_auth_gss.c:146: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:147: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:148: error: stray '#' in program
./mod_auth_gss.c:149: error: stray '#' in program
./mod_auth_gss.c:150: error: stray '#' in program
./mod_auth_gss.c:151: error: stray '#' in program
./mod_auth_gss.c:152: error: stray '#' in program
./mod_auth_gss.c:153: error: stray '#' in program
./mod_auth_gss.c:154: error: stray '#' in program
./mod_auth_gss.c:155: error: stray '#' in program
./mod_auth_gss.c:156: error: stray '#' in program
./mod_auth_gss.c:157: error: stray '#' in program
./mod_auth_gss.c:158: error: stray '#' in program
./mod_auth_gss.c:159: error: stray '#' in program
./mod_auth_gss.c:160: error: stray '#' in program
./mod_auth_gss.c:161: error: stray '#' in program
./mod_auth_gss.c:163: error: stray '#' in program
./mod_auth_gss.c:163: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:164: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:164: error: stray '#' in program
./mod_auth_gss.c:164: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:165: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:167: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:169: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:171: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:176: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:177: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:184: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:191: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:198: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:212: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:218: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:228: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:232: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:233: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:235: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:248: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:261: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:299: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:324: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:373: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:588: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:598: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:621: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:677: error: expected identifier or '(' before '<' token
./mod_auth_gss.c:689: error: expected identifier or '(' before numeric
constant
./mod_auth_gss.c:693: error: missing terminating " character
./mod_auth_gss.c:694: error: missing terminating " character
apxs:Error: Command failed with rc=65536

Any advice ?

>
> For an authentication needing part of your website you could either put
> these directives into a .htaccess file (assuming that your httpd
> configuration allows authentication override) or a directory or location
> section:
>
> AuthType           GSSAPI
> AuthGssServiceName HTTP
> AuthGssKeytabFile  /opt/apache/2.2.8/conf/http.keytab
> AuthGssDebug       0
> require valid-user
>
> The username - should you need to specifiy access only for select users
> - is the Kerberos principal.
>
>
> Sebastian
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list