# mod_auth_kerb fails to load in ~amd64 apache

## alamahant

Hi friends,

I recently came across an error loading the kerberos module into apache web-server.

Until recently it was working fine both in "stable" and "unstable installations".

However as of late I keep getting this error when I start apache in ~amd64 environment:

```

start apache2

 * apache2 has detected an error in your setup:

apache2: Syntax error on line 153 of /etc/apache2/httpd.conf: Syntax error on line 2 of /etc/apache2/modules.d/11_mod_auth_kerb.conf: Cannot load modules/mod_auth_kerb.so into server: /usr/lib64/apache2/modules/mod_auth_kerb.so: undefined symbol: krb5_rc_destroy

 * ERROR: apache2 failed to start

```

Any feedback would be so much appreciated.

By the way I noticed that mod_auth_kerb needs maintainers.

Does one have to be a super linux guru to maintain a package or would an involved linux user be up to the task?Last edited by alamahant on Mon Apr 27, 2020 1:14 pm; edited 2 times in total

----------

## Hu

On my system, the missing symbol is defined by /usr/lib/libkrb5.so:

```
$ nm -D --defined-only /usr/lib/libkrb5.so | grep krb5_rc_destroy

0000000000071290 T krb5_rc_destroy
```

You could try rebuilding the Apache package that provides the affected module.  If that does not help, please show the output of lddtree /usr/lib64/apache2/modules/mod_auth_kerb.so ; emerge --info --verbose app-crypt/mit-krb5 www-servers/apache.

----------

## alamahant

Dear Hu

Thaanks for the info.

It seems the problem lies in the symbol "krb5_rc_destroy" is missing from the "~amd64 libkrb5.so", whereas it is present in the "stable" ones.

Here is the output of the "nm -D --defined-only........." both in stable and unstable:

Unstable:

```

dhaki /home/dharma # nm -D --defined-only /usr/lib64/libkrb5.so | grep krb5_rc_destroy

dhaki /home/dharma # 

```

Stable:

```

dhaki /home/dharma # nm -D --defined-only mnt/usr/lib64/libkrb5.so | grep krb5_rc_destroy

000000000006dc10 T krb5_rc_destroy

```

Therefore the problem seems to lie in the "mit-krb5" package of the "unstable".

Here is the version :

```

dhaki /home/dharma # equery list '*' | grep  mit-krb5

app-crypt/mit-krb5-1.18

```

Furthermore here is the requested output:

```

CHROOTdhaki / # lddtree /usr/lib64/apache2/modules/mod_auth_kerb.so ; emerge --info --verbose app-crypt/mit-krb5 www-servers/apache

mod_auth_kerb.so => /usr/lib64/apache2/modules/mod_auth_kerb.so (interpreter => none)

    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2

        libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0

        libdl.so.2 => /lib64/libdl.so.2

            ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2

        libkeyutils.so.1 => /lib64/libkeyutils.so.1

    libkrb5.so.3 => /usr/lib64/libkrb5.so.3

    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3

    libcom_err.so.2 => /lib64/libcom_err.so.2

        libpthread.so.0 => /lib64/libpthread.so.0

    libresolv.so.2 => /lib64/libresolv.so.2

    libc.so.6 => /lib64/libc.so.6

Portage 2.3.96 (python 3.6.10-final-0, default/linux/amd64/17.1/desktop, gcc-9.3.0, glibc-2.30-r6, 5.4.26 x86_64)

=================================================================

                         System Settings

=================================================================

System uname: Linux-5.4.26-x86_64-Intel-R-_Core-TM-_i7-4710HQ_CPU_@_2.50GHz-with-gentoo-2.7

KiB Mem:    16346656 total,   8307600 free

KiB Swap:   16379900 total,  16379900 free

Timestamp of repository gentoo: Tue, 31 Mar 2020 10:00:01 +0000

Head commit of repository gentoo: 8432050432f615c45e1a07adab6accf701e57d1a

sh bash 5.0_p16

ld GNU ld (Gentoo 2.34 p1) 2.34.0

app-shells/bash:          5.0_p16::gentoo

dev-lang/perl:            5.30.1::gentoo

dev-lang/python:          2.7.17-r1::gentoo, 3.6.10::gentoo, 3.7.7::gentoo, 3.8.2::gentoo

dev-util/cmake:           3.17.0::gentoo

sys-apps/baselayout:      2.7::gentoo

sys-apps/openrc:          0.42.1::gentoo

sys-apps/sandbox:         2.18::gentoo

sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r5::gentoo

sys-devel/automake:       1.16.2::gentoo

sys-devel/binutils:       2.34::gentoo

sys-devel/gcc:            9.3.0::gentoo

sys-devel/gcc-config:     2.2.1::gentoo

sys-devel/libtool:        2.4.6-r6::gentoo

sys-devel/make:           4.3::gentoo

sys-kernel/linux-headers: 5.6::gentoo (virtual/os-headers)

sys-libs/glibc:           2.30-r6::gentoo

Repositories:

gentoo

    location: /usr/portage

    sync-type: rsync

    sync-uri: rsync://rsync.gentoo.org/gentoo-portage

    priority: -1000

    sync-rsync-extra-opts: 

    sync-rsync-verify-metamanifest: yes

    sync-rsync-verify-jobs: 1

    sync-rsync-verify-max-age: 24

flatpak-overlay

    location: /var/lib/layman/flatpak-overlay

    masters: gentoo

    priority: 50

ABI="amd64"

ABI_X86="64"

ACCEPT_KEYWORDS="amd64 ~amd64"

ACCEPT_LICENSE="*"

ACCEPT_PROPERTIES="*"

ACCEPT_RESTRICT="*"

ADA_TARGET="gnat_2018"

ALSA_CARDS="hda-intel"

APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias"

ARCH="amd64"

AUTOCLEAN="yes"

BOOTSTRAP_USE="unicode internal-glib pkg-config split-usr python_targets_python3_6 python_targets_python2_7 multilib"

BROOT=""

CALLIGRA_FEATURES="karbon sheets words"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-march=haswell -O2 -pipe"

CFLAGS_amd64="-m64"

CFLAGS_x32="-mx32"

CFLAGS_x86="-m32"

CHOST="x86_64-pc-linux-gnu"

CHOST_amd64="x86_64-pc-linux-gnu"

CHOST_x32="x86_64-pc-linux-gnux32"

CHOST_x86="i686-pc-linux-gnu"

CLEAN_DELAY="5"

COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog"

COLLISION_IGNORE="/lib/modules/*"

COLORTERM="truecolor"

COMMON_FLAGS="-march=haswell -O2 -pipe"

CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt sse3 sse4_1 sse4_2 ssse3"

CXXFLAGS="-march=haswell -O2 -pipe"

DEFAULT_ABI="amd64"

DISPLAY=":0.0"

DISTDIR="/usr/portage/distfiles"

EDITOR="/bin/nano"

ELIBC="glibc"

EMERGE_WARNING_DELAY="10"

ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"

EPREFIX=""

EROOT="/"

ESYSROOT="/"

FCFLAGS="-march=haswell -O2 -pipe"

FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"

FETCHCOMMAND="wget -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""

FETCHCOMMAND_RSYNC="rsync -LtvP "${URI}" "${DISTDIR}/${FILE}""

FETCHCOMMAND_SFTP="bash -c "x=\${2#sftp://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; eval \"declare -a ssh_opts=(\${3})\" ; exec sftp \${port:+-P \${port}} \"\${ssh_opts[@]}\" \"\${host}:/\${x#*/}\" \"\$1\"" sftp "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""

FETCHCOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; exec rsync --rsh=\"ssh \${port:+-p\${port}} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""

FFLAGS="-march=haswell -O2 -pipe"

GCC_SPECS=""

GENTOO_MIRRORS="http://ftp.ntua.gr/pub/linux/gentoo/"

GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx"

GRUB_PLATFORMS="efi-64"

GSETTINGS_BACKEND="dconf"

HOME="/root"

INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.34/info:/usr/share/info"

INPUT_DEVICES="libinput keyboard mouse synaptics"

IUSE_IMPLICIT="abi_x86_64 prefix prefix-guest prefix-stack"

KERNEL="linux"

LANG="en_US.utf8"

LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"

LC_COLLATE="C"

LC_MESSAGES="C"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

LDFLAGS_amd64="-m elf_x86_64"

LDFLAGS_x32="-m elf32_x86_64"

LDFLAGS_x86="-m elf_i386"

LESS="-R -M --shift 5"

LESSOPEN="|lesspipe %s"

LIBDIR_amd64="lib64"

LIBDIR_x32="libx32"

LIBDIR_x86="lib"

LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer"

LOGNAME="root"

LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33

;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw

=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj

=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=

01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:

*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst

=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;

31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:

*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.

cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.

jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*

.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.

tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.

mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.

webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.

qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=

01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35

:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.

cfg=00;32:*.conf=00;32:*.diff=00;32:*.doc=00;32:*.ini=00;32:*.log=00;32:*.

patch=00;32:*.pdf=00;32:*.ps=00;32:*.tex=00;32:*.txt=00;32:*.aac=00;36:*.au

=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=

00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;

36:*.spx=00;36:*.xspf=00;36:"

MAKEOPTS="-j4"

MANPAGER="manpager"

MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/9.3.0/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.34/man:/usr/local/share/man:/usr/share/man:/usr/lib/llvm/10/share/man:/usr/lib/llvm/9/share/man"

MULTILIB_ABIS="amd64 x86"

MULTILIB_STRICT_DENY="64-bit.*shared object"

MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"

MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage|udev|systemd|clang|python-exec|llvm)"

OFFICE_IMPLEMENTATION="libreoffice"

OPENGL_PROFILE="xorg-x11"

PAGER="/usr/bin/less"

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/lib/llvm/10/bin:/usr/lib/llvm/9/bin"

PHP_TARGETS="php7-2"

PKGDIR="/usr/portage/packages"

PORTAGE_ARCHLIST="alpha amd64 amd64-linux arm arm-linux arm64 arm64-linux hppa ia64 m68k m68k-mint mips ppc ppc-aix ppc-macos ppc64 ppc64-linux riscv s390 sparc sparc-solaris sparc64-solaris x64-cygwin x64-macos x64-solaris x64-winnt x86 x86-cygwin x86-linux x86-macos x86-solaris x86-winnt"

PORTAGE_BIN_PATH="/usr/lib/portage/python3.6"

PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"

PORTAGE_CONFIGROOT="/"

PORTAGE_DEBUG="0"

PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"

PORTAGE_ELOG_CLASSES="log warn error"

PORTAGE_ELOG_MAILFROM="portage@localhost"

PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"

PORTAGE_ELOG_MAILURI="root"

PORTAGE_ELOG_SYSTEM="save_summary:log,warn,error,qa echo"

PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"

PORTAGE_FETCH_RESUME_MIN_SIZE="350K"

PORTAGE_GID="250"

PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}""

PORTAGE_INST_GID="0"

PORTAGE_INST_UID="0"

PORTAGE_INTERNAL_CALLER="1"

PORTAGE_LOGDIR_CLEAN="find "${PORTAGE_LOGDIR}" -type f ! -name "summary.log*" -mtime +7 -delete"

PORTAGE_OVERRIDE_EPREFIX=""

PORTAGE_PYM_PATH="/usr/lib64/python3.6/site-packages"

PORTAGE_PYTHONPATH="/usr/lib64/python3.6/site-packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"

PORTAGE_RSYNC_RETRIES="-1"

PORTAGE_SYNC_STALE="30"

PORTAGE_TMPDIR="/var/tmp/portage"

PORTAGE_VERBOSE="1"

PORTAGE_WORKDIR_MODE="0700"

PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima    security.selinux system.nfs4_acl user.apache_handler user.Beagle.* user.dublincore.* user.mime_encoding user.xdg.*"

POSTGRES_TARGETS="postgres10 postgres11"

PROFILE_ONLY_VARIABLES="ARCH ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ARCH USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"

PS1="CHROOT\[\033]0;\u@\h:\w\007\]\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] "

PWD="/"

PYTHONDONTWRITEBYTECODE="1"

PYTHON_SINGLE_TARGET="python3_6"

PYTHON_TARGETS="python2_7 python3_6"

RESUMECOMMAND="wget -c -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""

RESUMECOMMAND_RSYNC="rsync -LtvP "${URI}" "${DISTDIR}/${FILE}""

RESUMECOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; exec rsync --rsh=\"ssh \${port:+-p\${port}} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""

ROOT="/"

ROOTPATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/lib/llvm/10/bin:/usr/lib/llvm/9/bin"

RPMDIR="/var/cache/rpm"

RUBY_TARGETS="ruby24 ruby25"

SHELL="/bin/bash"

SHLVL="3"

SYMLINK_LIB="no"

SYNC_TYPE="rsync"

SYNC_URI="rsync://rsync.europe.gentoo.org/gentoo-portage"

SYSROOT="/"

TERM="xterm-256color"

TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE="1"

UNINSTALL_IGNORE="/lib/modules/* /var/run /var/lock"

USE="X a52 aac acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdda cdr cli crypt cups dbus dlz dri dts dvd dvdr elogind emboss encode exif flac fortran gdbm gif gpm gtk iconv icu ipv6 jpeg lcms ldap libnotify libtirpc mad mng mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp openssl pam pango pcre pdf png policykit ppds pulseaudio readline sdl seccomp spell split-usr ssl startup-notification svg tcpd tiff truetype udev udisks unicode upower usb vaapi vorbis wxwidgets x264 xattr xcb xfce xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="nouveau intel i915 i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

USER="root"

USERLAND="GNU"

USE_EXPAND="ABI_MIPS ABI_PPC ABI_RISCV ABI_S390 ABI_X86 ADA_TARGET ALSA_CARDS APACHE2_MODULES APACHE2_MPMS CALLIGRA_FEATURES CAMERAS COLLECTD_PLUGINS CPU_FLAGS_ARM CPU_FLAGS_PPC CPU_FLAGS_X86 CURL_SSL ELIBC ENLIGHTENMENT_MODULES FFTOOLS GPSD_PROTOCOLS GRUB_PLATFORMS INPUT_DEVICES KERNEL L10N LCD_DEVICES LIBREOFFICE_EXTENSIONS LIRC_DEVICES LLVM_TARGETS MONKEYD_PLUGINS NGINX_MODULES_HTTP NGINX_MODULES_MAIL NGINX_MODULES_STREAM OFED_DRIVERS OFFICE_IMPLEMENTATION OPENMPI_FABRICS OPENMPI_OFED_FEATURES OPENMPI_RM PHP_TARGETS POSTGRES_TARGETS PYTHON_SINGLE_TARGET PYTHON_TARGETS QEMU_SOFTMMU_TARGETS QEMU_USER_TARGETS ROS_MESSAGES RUBY_TARGETS SANE_BACKENDS USERLAND UWSGI_PLUGINS VIDEO_CARDS VOICEMAIL_STORAGE XFCE_PLUGINS XTABLES_ADDONS"

USE_EXPAND_HIDDEN="ABI_MIPS ABI_PPC ABI_RISCV ABI_S390 CPU_FLAGS_ARM CPU_FLAGS_PPC ELIBC KERNEL USERLAND"

USE_EXPAND_IMPLICIT="ARCH ELIBC KERNEL USERLAND"

USE_EXPAND_UNPREFIXED="ARCH"

USE_EXPAND_VALUES_ARCH="alpha amd64 amd64-fbsd amd64-linux arm arm64 hppa ia64 m68k m68k-mint mips ppc ppc64 ppc64-linux ppc-aix ppc-macos riscv s390 sh sparc sparc64-solaris sparc-solaris x64-cygwin x64-macos x64-solaris x64-winnt x86 x86-cygwin x86-fbsd x86-linux x86-macos x86-solaris x86-winnt"

USE_EXPAND_VALUES_ELIBC="AIX bionic Cygwin Darwin DragonFly FreeBSD glibc HPUX Interix mingw mintlib musl NetBSD OpenBSD SunOS uclibc Winnt"

USE_EXPAND_VALUES_KERNEL="AIX Darwin FreeBSD freemint HPUX linux NetBSD OpenBSD SunOS Winnt"

USE_EXPAND_VALUES_USERLAND="BSD GNU"

USE_ORDER="env:pkg:conf:defaults:pkginternal:features:repo:env.d"

VIDEO_CARDS="nouveau intel i915 i965"

XAUTHORITY="/root/.xauthZiWFPH"

XDG_CONFIG_DIRS="/etc/xdg"

XDG_DATA_DIRS="/usr/local/share:/usr/share"

XSESSION="xfce4"

XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

uidserial="10003"

=================================================================

                        Package Settings

=================================================================

app-crypt/mit-krb5-1.18::gentoo was built with the following:

USE="keyutils nls openldap pkinit threads -doc -libressl -lmdb (-selinux) -test -xinetd" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="aes"

CFLAGS="-march=haswell -O2 -pipe -fno-strict-aliasing -fno-strict-overflow"

CXXFLAGS="-march=haswell -O2 -pipe -fno-strict-aliasing -fno-strict-overflow"

FEATURES="ebuild-locks unmerge-orphans distlocks unknown-features-warn xattr unmerge-logs userpriv sandbox multilib-strict fixlafiles pid-sandbox strict binpkg-logs protect-owned usersandbox ipc-sandbox assume-digests qa-unresolved-soname-deps binpkg-docompress news userfetch network-sandbox merge-sync sfperms usersync config-protect-if-modified binpkg-dostrip preserve-libs parallel-fetch"

www-servers/apache-2.4.41::gentoo was built with the following:

USE="gdbm ldap (split-usr) ssl suexec-caps -debug -doc -libressl (-selinux) -static -suexec -suexec-syslog -threads" ABI_X86="(64)" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_core authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias -access_compat -asis -auth_digest -auth_form -authn_dbd -authn_socache -authz_dbd -brotli -cache_disk -cache_socache -cern_meta -charset_lite -dbd -dumpio -http2 -ident -imagemap -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -log_forensic -macro -md -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_fcgi -proxy_ftp -proxy_html -proxy_http -proxy_http2 -proxy_scgi -proxy_wstunnel -ratelimit -remoteip -reqtimeout -session -session_cookie -session_crypto -session_dbd -slotmem_shm -substitute -version -watchdog -xml2enc" APACHE2_MPMS="-event -prefork -worker"

LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--no-as-needed"

```

Thanks a lot for the care.........

 :Very Happy:   :Very Happy: 

Wrapped a long line to make the forum layout behave. —Chiitoo

----------

## alamahant

I kind of resolved this by masking 

app-crypt/mit-krb5-1.18

which forced emerge to do an uninstall downgrade to

app-crypt/mit-krb5-1.17.1

Now mod_auth_kerb is working properly.

Should I file a bub report for 1.18?

Thanks a lot.

 :Smile: 

----------

## alamahant

UPDATE:

Since "mod_auth_kerb" is unmaintained nowadays It would be good if we had an ebuild for "mod_auth_gssapi" instead.

I did something politically incorrect.

I just used the "mod_auth_gssapi.so" module from debian and it WORKED like a charm in Apache.

Of course one needs to make slight modifications in the config but nothing really complicated.

So is there maybe a channel that we can request the Gentoo team to maybe create an ebuild for it?

Thanks friends

 :Very Happy: 

----------

## Hu

Packaging requests have typically been done through bugs.gentoo.org, not through the forums.  You may get a smoother experience if you can also provide a working ebuild.  However, looking at a randomly chosen example (dev-python/awscli:2 new ebuild for the official branch "2", from AWS with all dependencies inside), it looks like the preference has changed to submitting the new ebuild through a Github pull request.

----------

## alamahant

Dear Hu,

I need some help.

I created an ebuild for "mod_auth_gssapi", I installed a localrepo etc and everything went nicely.

I managed to install it with no problems whatsoever.

Here is my ebuild

```

EAPI="5"

inherit apache-module eutils

DESCRIPTION="GSSAPI authentication for Apache"

HOMEPAGE="https://github.com/gssapi/mod_auth_gssapi"

SRC_URI="https://github.com/gssapi/mod_auth_gssapi/releases/download/v${PV}/${PF}.tar.gz"

LICENSE="Apache-2.0"

KEYWORDS="~amd64"

SLOT="0"

IUSE=""

APACHE2_MOD_FILE=".libs/mod_auth_gssapi.so"

APACHE2_MOD_DEFINE="AUTH_GSSAPI"

need_apache2

src_prepare() {

autoreconf -fi

}

src_compile() {

   apache-module_src_compile

}

src_install() {

   apache-module_src_install

}

pkg_postinst() {

[ -f /etc/apache2/modules.d/13_mod_auth_gssapi.conf ] && rm /etc/apache2/modules.d/13_mod_auth_gssapi.conf

cat >> /etc/apache2/modules.d/13_mod_auth_gssapi.conf << EOF

<IfDefine AUTH_GSSAPI>

LoadModule auth_gssapi_module modules/mod_auth_gssapi.so

</IfDefine>

EOF

chown apache. /etc/apache2/modules.d/13_mod_auth_gssapi.conf

}

```

Plz be kind this is my first ever ebuild and my first ever localrepo.

I did it.

BUT the "mod_auth_gssapi.so" that gets installed in the apache modules directory(/usr/lib64/apache2/modules) gives me an ERROR when trying to start apache:

```

restart apache2

 * apache2 has detected an error in your setup:

apache2: Syntax error on line 153 of /etc/apache2/httpd.conf: Syntax error on line 2 of /etc/apache2/modules.d/13_mod_auth_gssapi.conf: Cannot load modules/mod_auth_gssapi.so into server: /usr/lib64/apache2/modules/mod_auth_gssapi.so: undefined symbol: gss_mech_krb5_wrong

 * ERROR: apache2 failed to stop

```

This HOWEVER does NOT happen with the one I "stole" from Debian.

In their website the installation is very simple:

```

autoreconf -fi

./configure

make

make install

```

and the dependencies only are:

```

MIT krb5 (>=1.11)

Apache httpd (>=2.4.11)

```

So why might this be happening????

I took a peek at an arch AUR build and it mentions 

```

makedepends=('gss-ntlmssp')

```

I cant find any similar package for Gentoo...

How should I proceed pleeeasee.....?

 :Smile: 

----------

## Hu

 *alamahant wrote:*   

> 
> 
> ```
> inherit apache-module eutils
> 
> ...

 I think you can omit this functions and let the package manager call the eclass-provided method for you.

 *alamahant wrote:*   

> 
> 
> ```
> 
> pkg_postinst() {
> ...

 That looks like a bad idea for a general purpose ebuild.  What if that file had useful content in it?  It would be better for you to use src_install to write your proposed text to $D/path/to/file and let Portage report it as a configuration file update. *alamahant wrote:*   

> So why might this be happening????
> 
> I took a peek at an arch AUR build and it mentions 
> 
> ```
> ...

 It looks like the library depends on a symbol not provided by any library to which it is linked.  If the Debian file works correctly on Gentoo, then Debian is not depending on that symbol.  Perhaps they statically linked it, or perhaps they found a configure switch to disable the dependency.  Please post the full output of ldd on both the Debian and Gentoo versions of that module.  Also, try to obtain the deb-src that built the Debian package, and inspect whether it passed any options to configure or make that could have influenced what was built.

----------

## alamahant

Dear Hu,

HUGE difference between the two modules.

Debian:

```

lddtree /usr/lib64/apache2/modules/mod_auth_gssapi.so

mod_auth_gssapi.so => /usr/lib64/apache2/modules/mod_auth_gssapi.so (interpreter => none)

    libkrb5.so.3 => /usr/lib64/libkrb5.so.3

        libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0

            libdl.so.2 => /lib64/libdl.so.2

                ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2

        libkeyutils.so.1 => /lib64/libkeyutils.so.1

        libresolv.so.2 => /lib64/libresolv.so.2

    libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3

    libcom_err.so.2 => /lib64/libcom_err.so.2

    libssl.so.1.1 => /usr/lib64/libssl.so.1.1

    libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1

        libz.so.1 => /lib64/libz.so.1

    libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2

    libpthread.so.0 => /lib64/libpthread.so.0

    libc.so.6 => /lib64/libc.so.6

```

Mine:

```

lddtree /usr/lib64/apache2/modules/mod_auth_gssapi.so

mod_auth_gssapi.so => /usr/lib64/apache2/modules/mod_auth_gssapi.so (interpreter => none)

    libc.so.6 => /lib64/libc.so.6

        ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2

```

I did search which packages provide the binaries that are linked to the debian module and they are the following:

```

sys-libs/glibc

sys-libs/e2fsprogs-libs

dev-libs/openssl

sys-apps/keyutils

app-crypt/mit-krb5

```

As to how debian team built it I cant find any switches or flags in the Debian site.

https://packages.debian.org/sid/libapache2-mod-auth-gssapi

I however emailed the maintainer.Maybe he will share how to configure it.

I FOUND something.

Gentoo uses /usr/lib64.

All the binaries that mod_auth_gssapi minks to are found in /usr/lib64.

HOWEVER maybe during compile phase one should declare that /usr/lib64 MUST be used(how you call this?--libdir???) and NOT use /usr/lib as is the case in debian.

So how should I modify the ./configure?

What is the name of the flag for declaring /usr/lib64?

Am i onto something?

 :Smile: 

----------

## Hu

Depending on the invocation of the linker, a shared library may not have DT_NEEDED entries referencing the libraries that provide the symbols it needs.  When it doesn't, the calling program needs to preload libraries to support those symbols.  Generally, omitting DT_NEEDED entries is only advisable when there are multiple compatible backends that provide the symbols, and the builder wants to let the caller choose.  (For example, one might be optimized for speed, another for debugging.)

According to your output, the Debian package has DT_NEEDED entries for a variety of seemingly relevant libraries.  The Gentoo package does not.  Therefore, we need to the Gentoo package to explicitly link to those libraries.  To do that, we need to understand how the linker is invoked in each of the two builds.  The Gentoo build is more important in that regard, since we know from the Debian output what libraries we need.  It would be nice to know how Debian gets the right linker line, rather than deriving that line on our own.

----------

## masc

I'm running into similar issue here

```

apache2: Syntax error on line 156 of /etc/apache2/httpd.conf: Syntax error on line 2 of /etc/apache2/modules.d/11_mod_auth_kerb.conf: Cannot load modules/mod_auth_kerb.so into server: /usr/lib64/apache2/modules/mod_auth_kerb.so: undefined symbol: krb5_rc_resolve_full

```

wouldn't it make sense to resurrect app-crypt/mit-krb5-1.17.+ until this issue is resolved, as it worked well with mod_auth_kerb?

----------

## masc

temporary resolution via (inofficial) repo for 1.17

```
layman -a salfter
```

/etc/portage/package.mask

```
# masc202101. 1.18 breaks apache mod_auth_kerb

>=app-crypt/mit-krb5-1.18

```

----------

