Proper way to do logging (KDC) from preauth plugin?

Jeff Blaine jblaine at kickflop.net
Mon Apr 19 17:45:48 EDT 2010 

No love.  kadm5srv_mit shows up once.

Reading symbols from /usr/mykrb/lib/libkadm5srv_mit.so.7...done.
Loaded symbols for /usr/mykrb/lib/libkadm5srv_mit.so.7
...
Reading symbols from /usr/mykrb/lib/krb5/plugins/preauth/myplugin.so...done.
Loaded symbols for /usr/mykrb/lib/krb5/plugins/preauth/myplugin.so
Reading symbols from /lib/libpthread.so.0...done.
[Thread debugging using libthread_db enabled]
[New Thread 0xb7fa28d0 (LWP 14022)]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libssl.so.6...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
0x0015d402 in __kernel_vsyscall ()
(gdb)

% sudo ldd /usr/krbattest/lib/krb5/plugins/preauth/myplugin.so | grep kadm
ldd: warning: you do not have execution permission for 
`/usr/krbattest/lib/krb5/plugins/preauth/myplugin.so'
         libkadm5srv_mit.so.7 => /usr/mykrb/lib/libkadm5srv_mit.so.7 
(0x00647000)
%

On 4/15/2010 6:18 PM, Greg Hudson wrote:
> On Thu, 2010-04-15 at 15:16 -0400, Jeff Blaine wrote:
>> Hmm.  I'm at a loss.
>
> It worked for me... once I correctly got my preauth module linked
> against the same libkadm5srv_mit as the KDC.  If you manage to load in
> two different libraries, the one used by the preauth module won't have a
> filled-in log_control structure.
>
> If you attach to the krb5kdc process with gdb, you should be able to
> recognize improper linkage by staring at the "Reading symbols from"
> lines.  When I had it wrong, mine looked like:
>
> [...]
> Reading symbols from /me/krb5/build/lib/libkadm5srv_mit.so.7...done.
> Loaded symbols for /me/krb5/build/lib/libkadm5srv_mit.so.7
> [...]
> Reading symbols from /me/krb5/build/util/fakedest/me/inst/lib/krb5/plugins/preauth/encrypted_challenge.so...done.
> Loaded symbols for /me/krb5/build/util/fakedest/me/inst/lib/krb5/plugins/preauth/encrypted_challenge.so
> Reading symbols from /usr/lib/libkadm5srv.so.5...done.
> Loaded symbols for /usr/lib/libkadm5srv.so.5
> [...]
>
> (See also Nico's recent discussion of library global state and DLL hell.
> Here's a place where we use library global state and it can bite
> people.)
>
>
>

More information about the krbdev mailing list