head	1.1;
access;
symbols;
locks; strict;
comment	@# @;


1.1
date	2026.05.16.03.47.29;	author riastradh;	state Exp;
branches;
next	;
commitid	wFjx2WockSgdsZFG;


desc
@@


1.1
log
@ap24-auth-gssapi: Import apache2.4 module mod_auth_gssapi-1.6.5

This is a modern replacement for mod_auth_kerb (www/ap-auth-kerb),
built with the standardized GSSAPI rather than with the not-quite-so
standardized libkrb5.
@
text
@$NetBSD$

1. Don't load mod_suexec.so, which we don't need and which is optional
   in the pkgsrc www/apache24 build.

2. Use a ./-relative path for mod_auth_gssapi.so; otherwise Apache
   doesn't try the working directory (under some circumstances,
   perhaps) and fails to load it.

3. Use a local mime.types so we don't need to pull in more deps.

4. Set GssapiAcceptorName as needed; otherwise Heimdal doesn't find any
   credentials.

--- tests/httpd.conf.orig	2020-11-30 18:30:59.759815268 +0000
+++ tests/httpd.conf
@@@@ -61,7 +61,7 @@@@ LoadModule socache_memcache_module modul
 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule status_module modules/mod_status.so
 LoadModule substitute_module modules/mod_substitute.so
-LoadModule suexec_module modules/mod_suexec.so
+#LoadModule suexec_module modules/mod_suexec.so
 LoadModule unique_id_module modules/mod_unique_id.so
 <IfModule !unixd_module>
     LoadModule unixd_module modules/mod_unixd.so
@@@@ -75,7 +75,7 @@@@ LoadModule mpm_prefork_module modules/mo
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
 
-LoadModule auth_gssapi_module mod_auth_gssapi.so
+LoadModule auth_gssapi_module ./mod_auth_gssapi.so
 
 Mutex file:{HTTPROOT}
 
@@@@ -120,7 +120,7 @@@@ ErrorLog "logs/error_log"
 LogLevel debug
 
 <IfModule mime_module>
-    TypesConfig /etc/mime.types
+    TypesConfig ./mime.types
     AddType application/x-compress .Z
     AddType application/x-gzip .gz .tgz
     AddType text/html .shtml
@@@@ -194,6 +194,7 @@@@ CoreDumpDirectory "{HTTPROOT}"
   GssapiCredStore ccache:{HTTPROOT}/tmp/httpd_krb5_ccache
   GssapiCredStore client_keytab:{HTTPROOT}/http.keytab
   GssapiCredStore keytab:{HTTPROOT}/http.keytab
+  GssapiAcceptorName {{HOSTNAME}}
   GssapiBasicAuth On
   GssapiBasicAuthMech krb5
   GssapiConnectionBound On
@@@@ -312,6 +313,7 @@@@ CoreDumpDirectory "{HTTPROOT}"
     GssapiCredStore ccache:{HTTPROOT}/tmp/httpd_krb5_ccache
     GssapiCredStore client_keytab:{HTTPROOT}/http.keytab
     GssapiCredStore keytab:{HTTPROOT}/http.keytab
+    GssapiAcceptorName {{HOSTNAME}}
     GssapiBasicAuth On
     Require valid-user
   </Proxy>
@@@@ -356,6 +358,7 @@@@ CoreDumpDirectory "{HTTPROOT}"
   GssapiCredStore ccache:{HTTPROOT}/tmp/httpd_krb5_ccache
   GssapiCredStore client_keytab:{HTTPROOT}/http.keytab
   GssapiCredStore keytab:{HTTPROOT}/http.keytab
+  GssapiAcceptorName {{HOSTNAME}}
   GssapiBasicAuth On
   GssapiBasicAuthMech krb5
   GssapiPublishMech On
@