After I got
mod_auth_kerb compiled, I had issues with
Apache 2.2.0 and it's
new authentication scheme.
Any configuration I tried would result in:
configuration error: couldn't check access. No groups file?: /
After spending some time trying to find the configuration that works, I gave up. I went and edited
Apache 2.2.0 source code to remove this check.
in
server/request.c file I removed the following code(lines 202-208):
if (((access_status = ap_run_auth_checker(r)) != 0)
|| !ap_auth_type(r)) {
return decl_die(access_status, ap_auth_type(r)
? "check access. No groups file?"
: "perform authentication. AuthType not set!",
r);
}
recompiled
Apache and it now works great with
mod_auth_kerb-5.0-rc6 with the following configuration.
<Directory some_directory>
AuthType Kerberos
Krb5Keytab path_to_keytab
KrbAuthRealm EXAMPLE.COM
KrbMethodNegotiate off
KrbSaveCredentials off
KrbVerifyKDC off
Require valid-user
AuthName "some_auth_name"
</Directory>
I'm not sure what guys from
Apache meant by(taken from "
Upgrading to 2.2 from 2.0" page):
Third Party Modules
Many third-party modules designed for version 2.0 will work unchanged with the the Apache HTTP Server version 2.2. But all modules must be recompiled before being loaded.
Nothing mentioned about compatibility headers missing,
APR API change etc. Very frustrating. A lot of time wasted.
