Re: [Gábor Gombás] Bug#564566: libkadm5clnt7: SONAME conflict with Heimdal

Jeffrey Hutzelman jhutz at
Mon Jan 11 17:11:58 EST 2010

--On Monday, January 11, 2010 05:00:45 PM -0500 Tom Yu <tlyu at> wrote:

> Sam Hartman <hartmans at MIT.EDU> writes:
>>>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at> writes:
>>     Jeffrey> Of course, if the symbol versions also don't match, symbol
>>     Jeffrey> resolution will just fail and things will not work at all.
>>     Jeffrey> Symbol versioning, especially of the rich variety provided
>>     Jeffrey> by glibc, can be used here to prevent the wrong thing from
>>     Jeffrey> happening, but it can't make the right thing happen.
>> No, that's not true.
>> If glibc finds krb5_init_context at krb5_3_mit and
>>  krb5_init_context at krb5_17_heimdal and the code was looking
>>  for krb5_init_context at krb5_3_mit, the right thing will
>>  happen regardless of which is found first.
>> I have test code to demonstrate this that I can dig up if needed.
>> However a number of cases in PAM, NSS and LDAP backends as well as
>>  things like openssh demonstrate this in Debian.
>>     Jeffrey> I'm with Russ; clearly, the best answer is to coordinate
>>     Jeffrey> with Heimdal and agree to partition the soname version
>>     Jeffrey> space in a reasonable way.
>> I agree with this as well.  If we add something like _mit, I think
>> minimal coordination is needed.  If we split the natural numbers, more
>> coordination is required.
> I have seen a mailing list posting that claimed that non-numeric
> SONAME suffixes cause problems for libtool; I have not confirmed this,
> and for that matter, it may no longer be a problem.

I don't believe there's any sane way to cause libtool to generate 
non-numeric soname suffixes.  And in fact, getting libtool to generate the 
version you want is a bit of an art, in any event.  However, linking 
against libraries with non-numeric suffixes does not pose a problem, in my 
experience.  We have a fair number of libraries with such suffixes, 
including all of our Kerberos libraries, and haven't had a problem in the 
several years we've done things that way.

That said, Linux and Solaris are not the only platforms in question, and 
some of the others may be more picky.  Sticking with a numeric version is 
probably best.

-- Jeff

More information about the krbdev mailing list