krb5_init_ets on Mac OS X?
Alexandra Ellwood
lxs at MIT.EDU
Fri Jun 14 10:10:01 EDT 2002
>I eventually got it to build, with one exception. In
>auth-krb5.c there is the section:
>
> if (authctxt->krb5_ctx == NULL) {
> problem = krb5_init_context(&authctxt->krb5_ctx);
> if (problem)
> return (problem);
> krb5_init_ets(authctxt->krb5_ctx);
> }
>
>But at link time I get:
>
>gcc -o sshd sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o
>auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o
>auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o
>sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o
>groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o
>gss-serv.o -L. -Lopenbsd-compat/ -L/sw/lib -L/usr/lib -L/usr/lib
>-lssh -lopenbsd-compat -lz -lcrypto -lkrb5 -lk5crypto -lcom_err
>
>/usr/bin/ld: Undefined symbols:
>_krb5_init_ets
Kerberos for Macintosh performs error table initialization when the
library loads. As a result, you don't need to call krb5_init_ets
from your application. Commenting out this line will produce the
correct error table behavior.
>Any ideas why this isn't defined on OS X? If I comment out this line,
>I get an error trying to log in:
>
>debug1: Kerberos password authentication failed: Unknown credential cache type
This problem is unrelated to krb5_init_ets. Kerberos for Macintosh
(and Kerberos for Windows) use an in-memory ticket cache instead of
the Unix-style file in /tmp. Perhaps OpenSSH is trying to manipulate
the ticket cache and doesn't expect the in-memory cache.
At this point I'll defer to one of the other people on this list who
is more familiar with OpenSSH Kerberos patches.
Hope this helps,
--lxs
--
-----------------------------------------------------------------------------
Alexandra Ellwood <lxs at mit.edu>
MIT Information Systems http://mit.edu/lxs/www/
-----------------------------------------------------------------------------
--
More information about the krbdev
mailing list