kerberos 1.3.1 compile failure on Mac OS X Server 10.2.6

Alexandra Ellwood lxs at MIT.EDU
Mon Aug 11 16:23:57 EDT 2003

>Content-Type: multipart/signed; micalg=pgp-sha1;
>	protocol="application/pgp-signature"; boundary="=-XpZY/wF3MBSAA38UaRRv"
>I'm attempting to compile kerberos 1.3.1 on a Mac OS X Server system.
>I did a clean configure with no special flags, and then did a make.
>The compile fails with the following error.  What am I doing wrong?
>making all in lib/rpc/unit-test...
>gcc -L../../../lib -g -O2 -Wall -Wmissing-prototypes -Wcast-qual
>-Wcast-align -Wconversion -Wshadow -Wno-comment -pedantic  -o client
>client.o rpc_test_clnt.o \
>         -lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
>ld: Undefined symbols:
>make[3]: *** [client] Error 1
>make[2]: *** [all-recurse] Error 1
>make[1]: *** [all-recurse] Error 1
>make: *** [all-recurse] Error 1

This is not really a problem with the MIT Kerberos build system.  The 
problem is that Apple's ld behaves differently than ld on most other 
Unix platforms.  On Mac OS X, shared libraries are always chosen over 
static libraries even if there is a static library in an earlier 
search path than the shared library.  This causes the Kerberos which 
ships with Mac OS X to interfere with the MIT krb5 build system's use 
of the -l option.

There are two workarounds:

1) When running configure, pass the option: 
"LDFLAGS=-Wl,-search_paths_first"  This option turns on the more 
common library search order for Mac OS X's ld and is only supported 
in Panther.

2) Move the following symlinks out of the way (to another directory), 
build, and then move them back.  This works on both Jaguar and 


Note that a stock krb5-1.3 build will not be able to share 
credentials with the Kerberos that ships with Mac OS X (KfM) because 
it does not support the in-memory credentials cache used by the Mac 
and Windows MIT Kerberos releases.

Hope this helps,

Alexandra Ellwood                                               <lxs at>
MIT Information Systems                     

More information about the Kerberos mailing list