Problem compiling pam_krb5 on Solaris 8

Josef Kelbler kelbler at vumscomp.cz
Mon Nov 18 08:43:05 EST 2002 

Hi,

> gcc -shared -o
pam_krb5.so.1 -Wl,-rpath -Wl,/usr/kerberos/lib -Wl,-rpath -Wl,/usr/kerberos/
lib pam_krb5_auth.o pam_krb5_pass.o pam_krb5_acct.o pam_krb5_sess.o
support.o -L/usr/kerberos/lib -lkrb5 -lk5crypto -lcom_err -lpam -lsocket -ln
sl

ld: fatal: file /usr/kerberos/lib: unknown file type

ld: fatal: File processing errors. No output written to pam_krb5.so.1

-------------------------

I had the same error.

The "ld" linker at Solaris does not know option "-rpath <path_to_some
library>". Gcc options "-Wl,-rpath" and "-Wl,/usr/kerberos/lib" only passes
these options as "-rpath /usr/kerberos/lib" to linker "ld".

(A GNU linker "ld" knows the option).

Before "./configure .." and "make" set shell variable:

LD_LIBRARY_PATH=/usr/kerberos/lib; export LD_LIBRARY_PATH

Do "./configure ... "

Edit generated Makefile:

LDFLAGS = -Wl,-rpath -Wl,/usr/kerberos/lib

change to only:

LDFLAGS =

And do "make"

"ld" takes path for its work from variable LD_LIBRARY_PATH.

-------------------------

In my case I configured only with: "--with-krb5=/usr/local" and done what I
said.

During "make" I had got several warnings:

gcc -c -I/usr/local/include -fpic -g -O2 pam_krb5_auth.c

cc1: warning: changing search order for system directory
"/usr/local/include"

cc1: warning: as it has already been specified as a non-system directory

In the end the library pam_krb5.so.1 was placed in /usr/lib/security.

I tested this library for good connection on other shared libraries:

ldd /usr/lib/security/pam_krb5.so.1

It seemed to be OK.

Then I tested it under PAM, but with critical problems:

Telnet PAM gave me log in /var/adm/messages:

login [...auth.error] load_modules: can not open module
/usr/lib/security/pam_krb5.so.1

Sshd PAM gave me log in /var/adm/messages:

sshd [...auth.crit] fatal: PAM secret failed[3]: Error in underlying service
module

It is necessary to say that during ssh test, pam_krb5 took TGT and ticket
for host/<hostname> from KDC. I know this event from KDC log.

So it seems to me, that collaboration between PAM subsystem and pam_krb5
does not work in my installation.

------------------------

Can enybody give me an advice?

Cheers

Josef Kelbler

More information about the Kerberos mailing list