krb5.conf and 32 vs 64-bit plugins
tomas.kuthan at oracle.com
Fri Aug 14 08:43:57 EDT 2015
in Solaris we deliver 32-bit Kerberos libraries under /usr/lib and
64-bit libraries under /usr/lib/64. The same holds for plugins, which
reside in /usr/lib/krb5/plugins and /usr/lib/64/krb5/plugins respectively.
Specifying a plugin in krb5.conf works fine when relative paths and
default plugin_base_dir are used. The plugin_base_dir defaults to
/usr/lib/krb5/plugins on 32-bit and to /usr/lib/64/krb5/plugins on
64-bit and plugins with the correct ISA are used.
Things start falling apart, when user would like to either specify full
path to the plugin or set a non-default plugin_base_dir in their
krb5.conf. In that case only one of the paths can be specified in
krb5.conf, meaning plugins would fail dlopen-ing on the other architecture.
We would like to solve that by supporting $ISA place holder in the path,
that would translate to '/64/' on 64-bit and to '/' on 32-bit. Hence the
following (artificial) example would work fine for both:
module = pkinit:/lib/$ISA/site/preauth/pkinit.so
Would MIT be willing to accept a patch implementing something along
If yes, I would prepare a platform-independent fix.
FYI, attached is a quick unix-only patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1626 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20150814/e7a4b757/attachment.bin
More information about the krbdev