krb5 "Error Code 52" - UDP packet size - TCP fallback
Uli Schröder
uli.schroeder at gmx.net
Thu Jun 12 19:34:36 EDT 2003
> ...
> > doesn't come up with any messages. Still if I activate the
> module for
> > pam.d, authentication doesn't work. I get the following
> messages in my
> > syslog:
> >
> > Jun 12 10:03:21 rh9test login: PAM unable to
> > dlopen(/lib/security/$ISA/pam_krb5.so)
> > Jun 12 10:03:21 rh9test login: PAM [dlerror:
> > /lib/security/../../lib/security/pam_krb5.so: undefined symbol:
> > krb_mk_in_tkt_preauth] Jun 12 10:03:21 rh9test login: PAM adding
> > faulty module: /lib/security/$ISA/pam_krb5.so
>
> That's a krb4 library routine -- did it link against -lkrb4?
I realized that. pam_krb5 was linked against -lkrb4. Even though the
include paths were correct and I only have on set of kerberos libraries
on my system. I managed to get the RedHat version to compile against it.
Unfortunately, like the distribution from SourceForge, it comes up with
an error. Not exactly the same one. The RedHat version tells me that it
cannot find libkrb4.so.2. The file is in /usr/kerberos/lib. This path is
configured in ld.so.conf. To make sure the system knows it's there I
even created a symbolic link to the appropriate file in my lib
directory. Didn't work either.
After that I tried to remove all the "ifdefs" for krb4 stuff from the
sources of pam_krb5. Compilation worked great. No more error messages in
the system log because of missing files. Somehow the pam_krb5 module
doesn't send out anything to the AD server anymore. In the system logs I
can see that authentication is running. The kerberos module tells me
that uid and gid cannot be found. Ethereal tells me that 0 packets are
sent to or from the domain controller.
Cheers,
Uli
More information about the Kerberos
mailing list