Re: Kerberos authentication in HTTP

[Daniel Kouril <kouril@ics.muni.cz>]

On Thu, Aug 15, 2002 at 11:12:59PM +0900, Jun Kuwamura wrote:
[...]
>   Thanks, It worked!
>   I just tested your gssapi authentication with DSO
> version of mod_ahth_gssapi for apache-1.3.26+mod_ssl-2.8.10.
> DSO was made by the following command.
> 
> --
> .../apache/bin/apxs \
>  -I/usr/include/openssl -I/usr/heimdal/include \
>  -L/usr/heimdal/lib -lgssapi -lkafs -lkrb5 -lasn1 -lroken -lcrypto -lresolv \
>  -o mod_auth_gssapi.so \
>  -c mod_auth_gssapi.c
> 
> .../apache/bin/apxs -i -a -n gssapi_auth mod_auth_gssapi.so
> --
> 
>   Sory, but I coulnot succeed with your mod_auth_kerb.
> (I found "segment fault" in apache error_log.)
> I eliminated Krb5* directives from your sample.

The implementation is very sensitive to the order in which the modules are
called. The mod_auth_gssapi is always supposed to be called _before_ the
kerberos one. If they are called in inverse order, the result is inpredicable
(I have no idea if it's possible for apache to specify the order in which
modules are invoked). Please could you try removing the Kerberos module at
all and test if the GSS module still coredumps?

--
Dan