Proper way to do logging (KDC) from preauth plugin?
Greg Hudson
ghudson at MIT.EDU
Thu Apr 15 18:18:21 EDT 2010
On Thu, 2010-04-15 at 15:16 -0400, Jeff Blaine wrote:
> Hmm. I'm at a loss.
It worked for me... once I correctly got my preauth module linked
against the same libkadm5srv_mit as the KDC. If you manage to load in
two different libraries, the one used by the preauth module won't have a
filled-in log_control structure.
If you attach to the krb5kdc process with gdb, you should be able to
recognize improper linkage by staring at the "Reading symbols from"
lines. When I had it wrong, mine looked like:
[...]
Reading symbols from /me/krb5/build/lib/libkadm5srv_mit.so.7...done.
Loaded symbols for /me/krb5/build/lib/libkadm5srv_mit.so.7
[...]
Reading symbols from /me/krb5/build/util/fakedest/me/inst/lib/krb5/plugins/preauth/encrypted_challenge.so...done.
Loaded symbols for /me/krb5/build/util/fakedest/me/inst/lib/krb5/plugins/preauth/encrypted_challenge.so
Reading symbols from /usr/lib/libkadm5srv.so.5...done.
Loaded symbols for /usr/lib/libkadm5srv.so.5
[...]
(See also Nico's recent discussion of library global state and DLL hell.
Here's a place where we use library global state and it can bite
people.)
More information about the krbdev
mailing list