PAM / krb5 shared library problems
Williams, Jacob A CTR USA 116th (QSS)
jawill1 at mi.army.mil
Fri Jan 12 09:55:37 EST 2007
I built MIT Kerberos 1.5.1 and pam_krb5.so (3.1) on RHEL 3 and I am
getting the following errors with PAM. I strongly suspect there is
something misconfigured on my system that is making the symbols in
pam_krb5.so not match those in /usr/local/lib/libkrb5.so.3. I tried
configuring pam with and without krb5-config (no change). Any ideas
what I am doing wrong or how to fix this? Sorry if this is a little too
verbose, I just wanted to include the needed information. It appears
that the krb5_cc_store_cred symbol referenced in pam is in a different
namespace than the one in libkrb5.so.
Any help is greatly appreciated.
Jan 12 14:28:05 workstation1 sshd[20010]: PAM unable to
dlopen(/lib/security/$ISA/pam_krb5.so)
Jan 12 14:28:05 workstation1 sshd[20010]: PAM [dlerror:
/lib/security/../../lib/security/pam_krb5.so: symbol krb5_cc_store_cred,
version krb5_3_MIT not defined in file libkrb5.so.3 with link time
reference]
Jan 12 14:28:05 workstation1 sshd[20010]: PAM adding faulty module:
/lib/security/$ISA/pam_krb5.so
[root at workstation1 local]# nm /lib/security/pam_krb5.so
U access@@GLIBC_2.0
00007484 A __bss_start
000025fc t build_ccache_name
00002200 t cache_init
00001e60 t call_gmon_start
U calloc@@GLIBC_2.0
000022d8 t canonicalize_name
U chown@@GLIBC_2.1
U close@@GLIBC_2.0
00007484 b completed.1
00002778 t create_session_context
0000732c d __CTOR_END__
00007328 d __CTOR_LIST__
w __cxa_finalize@@GLIBC_2.1.3
00004714 t default_boolean
00004690 t default_number
00004624 t default_string
0000474c t default_time
00005984 t __do_global_ctors_aux
00001e84 t __do_global_dtors_aux
00007240 d __dso_handle
00007334 d __DTOR_END__
00007330 d __DTOR_LIST__
00007248 A _DYNAMIC
00007484 A _edata
0000623c r __EH_FRAME_BEGIN__
00007488 A _end
U __errno_location@@GLIBC_2.0
U error_message@@com_err_3_MIT
U fclose@@GLIBC_2.1
U fgets@@GLIBC_2.0
U fileno@@GLIBC_2.0
000059b8 T _fini
U fopen@@GLIBC_2.1
00001eec t frame_dummy
0000623c r __FRAME_END__
U free@@GLIBC_2.0
U __fxstat@@GLIBC_2.0
U getenv@@GLIBC_2.0
000020dc t get_krb5ccname
00002ee0 t get_new_password
U getpid@@GLIBC_2.0
U getpwnam@@GLIBC_2.0
0000733c A _GLOBAL_OFFSET_TABLE_
w __gmon_start__
00001998 T _init
00007338 d __JCR_END__
00007338 d __JCR_LIST__
w _Jv_RegisterClasses
00003604 t k5login_password_auth
U krb5_aname_to_localname@@krb5_3_MIT
U krb5_appdefault_boolean@@krb5_3_MIT
U krb5_appdefault_string@@krb5_3_MIT
U krb5_cc_close@@krb5_3_MIT
U krb5_cc_default_name@@krb5_3_MIT
U krb5_cc_destroy@@krb5_3_MIT
U krb5_cc_end_seq_get@@krb5_3_MIT
U krb5_cc_get_name@@krb5_3_MIT
U krb5_cc_get_principal@@krb5_3_MIT
U krb5_cc_initialize@@krb5_3_MIT
U krb5_cc_next_cred@@krb5_3_MIT
U krb5_cc_resolve@@krb5_3_MIT
U krb5_cc_start_seq_get@@krb5_3_MIT
U krb5_cc_store_cred@@krb5_3_MIT
U krb5_change_password@@krb5_3_MIT
U krb5_free_context@@krb5_3_MIT
U krb5_free_cred_contents@@krb5_3_MIT
U krb5_free_data_contents@@krb5_3_MIT
U krb5_free_principal@@krb5_3_MIT
U krb5_get_default_realm@@krb5_3_MIT
U krb5_get_init_creds_opt_init@@krb5_3_MIT
U krb5_get_init_creds_opt_set_forwardable@@krb5_3_MIT
U krb5_get_init_creds_opt_set_renew_life@@krb5_3_MIT
U krb5_get_init_creds_opt_set_tkt_life@@krb5_3_MIT
U krb5_get_init_creds_password@@krb5_3_MIT
U krb5_init_context@@krb5_3_MIT
U krb5_kt_resolve@@krb5_3_MIT
U krb5_kuserok@@krb5_3_MIT
U krb5_parse_name@@krb5_3_MIT
U krb5_set_default_realm@@krb5_3_MIT
U krb5_string_to_deltat@@krb5_3_MIT
U krb5_unparse_name@@krb5_3_MIT
U krb5_verify_init_creds@@krb5_3_MIT
U krb5_verify_init_creds_opt_init@@krb5_3_MIT
U malloc@@GLIBC_2.0
U memcpy@@GLIBC_2.0
U memset@@GLIBC_2.0
U mkstemp@@GLIBC_2.0
00007244 d p.0
U pam_get_data
U pam_getenv
U pam_get_item
U pam_get_user
0000453c T pamk5_args_free
000044c8 t pamk5_args_new
000047f8 T pamk5_args_parse
00005864 T pamk5_authorized
00003e1c T pamk5_compat_free_data_contents
00003ef0 T pamk5_compat_free_realm
00003e40 T pamk5_compat_get_err_text
00003e60 T pamk5_compat_set_realm
00004164 T pamk5_context_destroy
00004054 T pamk5_context_fetch
000040a4 T pamk5_context_free
00003f38 T pamk5_context_new
000052ac T pamk5_conv
000041f4 T pamk5_credlist_append
00004244 T pamk5_credlist_copy
000041a0 T pamk5_credlist_free
00004190 T pamk5_credlist_new
000042dc T pamk5_credlist_store
0000439c T pamk5_debug
00004460 T pamk5_debug_krb5
00004420 T pamk5_debug_pam
00004324 T pamk5_error
0000506c T pamk5_get_password
00003930 T pamk5_password_auth
000053cc T pamk5_prompter_krb5
000057d8 T pamk5_should_ignore
U pam_putenv
U pam_set_data
U pam_set_item
00001f28 T pam_sm_acct_mgmt
000023a4 T pam_sm_authenticate
00003218 T pam_sm_chauthtok
000034a0 T pam_sm_close_session
00003478 T pam_sm_open_session
00002908 T pam_sm_setcred
U pam_strerror
000034cc t parse_name
000030a0 t password_change
0000359c t set_credential_options
0000211c t set_krb5ccname
U snprintf@@GLIBC_2.0
U sprintf@@GLIBC_2.0
U strchr@@GLIBC_2.0
U strcmp@@GLIBC_2.0
U strcpy@@GLIBC_2.0
U __strdup@@GLIBC_2.0
U strerror@@GLIBC_2.0
U strncat@@GLIBC_2.0
U strncpy@@GLIBC_2.0
U __strtol_internal@@GLIBC_2.0
U syslog@@GLIBC_2.0
U vsnprintf@@GLIBC_2.0
[root at workstation1 local]# ldd -r /lib/security/pam_krb5.so
libpam.so.0 => /lib/libpam.so.0 (0x004ae000)
libkrb5.so.3 => /usr/local/lib/libkrb5.so.3 (0x00156000)
libcom_err.so.3 => /usr/local/lib/libcom_err.so.3 (0x0072d000)
libc.so.6 => /lib/tls/libc.so.6 (0x00d9c000)
libdl.so.2 => /lib/libdl.so.2 (0x00799000)
liblaus.so.1 => /lib/liblaus.so.1 (0x00111000)
libk5crypto.so.3 => /usr/local/lib/libk5crypto.so.3 (0x00c4f000)
libkrb5support.so.0 => /usr/local/lib/libkrb5support.so.0
(0x003dc000)
libresolv.so.2 => /lib/libresolv.so.2 (0x005d6000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00667000)
[root at workstation1 local]# nm /usr/local/lib/libkrb5.so.3|grep
krb5_cc_store
000399cc T krb5_cc_store_cred
Jacob Williams
Systems Engineer (QSS Group Inc.)
116th MI GP; Fort Gordon, GA
706-791-0344 DSN 780-0344
More information about the Kerberos
mailing list