version krb5support_0_MIT not defined
Jeffrey Hutzelman
jhutz at cmu.edu
Sun Feb 19 13:13:07 EST 2012
On Tue, 2012-02-14 at 12:23 -0600, Nico Williams wrote:
> On Tue, Feb 14, 2012 at 12:13 PM, Carson Gaspar <carson at taltos.org> wrote:
> > On 2/14/12 7:35 AM, Jeff Blaine wrote:
> >> On 2/14/2012 2:41 AM, Carson Gaspar wrote:
> >>> [ much DLL hell deleted ]
> >>>
> >>> In general, it is death to link any PAM module against non-system
> >>> libraries. Just try it on Solaris, and you'll see different (but still
> >>> fatal) errors (yes, the Solaris linker is better, but GIGO still applies).
> >>
> >> Carson, we've had MIT Kerberos built in /usr/rcf-krb5 for
> >> 2 years now on Solaris 10 SPARC. Our pam_krb5 and pam_afs_session
> >> modules link to it and work fine. Our OpenAFS client builds
> >> against it as well.
> >
> > When I tried it (long ago, back when Solaris was missing krb5 headers,
> > so it may behave differently now), I was trying to link sshd against MIT
> > GSSAPI libs. If the Solaris kerberos pam module was in my pam stack, it
> > crashed. (Note I was doing the opposite of what you were - app with
> > self-built libs, system pam with system libs).
>
> See the blog entry that Tom linked. You must have been using Solaris
> 8. The Solaris linker has changed quite a bit since then.
... but last I checked, the PAM stack still does not use RTLD_GROUP, so
you still end up with this sort of problem if an application and PAM
module use different, incompatible versions of libraries that provide
the same symbols. Unless you go to some effort to isolate them.
More information about the Kerberos
mailing list