pam_krb5-3.5 on AIX / gcc: '-b' must come at the start of the command line
dosman
dosman at packetsniffers.org
Mon Jun 18 15:27:38 EDT 2007
Hi again,
I am attempting to build pam_krb5-3.5 on AIX 5.3 with gcc 4.0.0 and I'm
running into some type of gcc error:
export CC=gcc
export
LIBPATH=/usr/local/krb5-1.6.1/lib:/opt/freeware/lib:/usr/local/lib:/usr/lib
./configure --with-kerberos=/usr/local/krb5-1.6.1
...
gmake
...
gcc -o pam_krb5.so -shared api-account.o api-auth.o api-password.o
api-session.o auth.o compat.o context.o logging.o options.o prompting.o
support.o -lpam -L/usr/local/krb5-1.6.1/lib
-blibpath:/usr/local/krb5-1.6.1/lib::/usr/lib:/lib -brtl -lkrb5
-lk5crypto -lcom_err -lpthreads
gcc: '-b' must come at the start of the command line
gmake: *** [pam_krb5.so] Error 1
When running gcc manually with -blibpath as the first argument and we
get this error instead:
gcc: couldn't run
'libpath:/usr/local/krb5-1.6.1/lib:/usr/lib:/lib-gcc-4.0.0': No such
file or directory
I've found various references to this issue on other applications that
pointed to errors with linker flags and what-not, nothing I found seemed
applicable to my problem.
<real problem>
It's worth noting that this problem does not occur when compiling
against an older kerberos library (~2003 version unknown). However the
pam_krb5.so module I end up with gives me an error when authenticating
against a Windows 2003 AD server:
(pam_krb5): userid: krb5_get_init_creds_password: KRB5 error code 52
From what I have read it appears this was a known issue with AD
switching from udp to tcp for users with large numbers of groups and was
resolved in kerberos around version 1.3 or so; my older libraries would
seem to be suspect. Otherwise it does work when talking to a native
kerberos server, only the AD gives it troubles.
</real problem>
Thanks!
More information about the Kerberos
mailing list