version krb5support_0_MIT not defined
Jeff Blaine
jblaine at kickflop.net
Tue Feb 7 17:28:18 EST 2012
On 2/7/2012 1:51 PM, Greg Hudson wrote:
> On 02/07/2012 11:07 AM, Jeff Blaine wrote:
>> /usr/rcf-krb5/lib/libcom_err.so.3: symbol krb5int_strlcpy,
>> version krb5support_0_MIT not defined in file
>> libkrb5support.so.0 with link time reference
>
> Is LD_LIBRARY_PATH set in the environment in the case where you see
> these PAM failures, and if so, what value is it set to?
Not set that I can see. I've not touched "LD_LIBRARY_PATH"
for ~10 years in any environment. Grepping around shows
nothing.
The environment is "Stock RHEL 5.7 sshd calling (our)
pam_krb5.so, which has only runtime linker path info
for /usr/rcf-krb5/lib in it, ... for authentication".
Here's my understanding of what is happening:
sshd --> pam_krb5.so (*)
|
|--> /usr/rcf-krb5/lib/libcom_err.so.3 (**)
|
|--> /usr/lib64/libkrb5support.so.0 (***)
All built with LDFLAGS="-Xlinker -rpath -Xlinker /usr/rcf-krb5/lib"
* Our module, not stock RHEL.
** Being found properly as /usr/rcf-krb5/lib/libcom_err.so.3,
according to syslog line above.
*** WTF
I just spent another hour on this, and it just makes no
sense to me. I can see all of the proper runtime linker
path info right in the output of make for both MIT
Kerberos 1.9.2 and the PAM module. It all shows up in
'readelf -d' output too.
For some reason I cannot begin to explain, the MIT
libcom_err.so.3 is seeking libkrb5support.so.0 and
refuses to find it sitting right where it was told
to look.
The only thing that works toward this simple (or
so I thought) goal is putting "/usr/rcf-krb5/lib"
into /etc/ld.so.conf.d/krb5.conf and running ldconfig.
Everything works perfectly then.
More information about the Kerberos
mailing list