krb5.conf and 32 vs 64-bit plugins

Tomas Kuthan tomas.kuthan at
Fri Aug 14 08:43:57 EDT 2015

Hi team,

in Solaris we deliver 32-bit Kerberos libraries under /usr/lib and 
64-bit libraries under /usr/lib/64. The same holds for plugins, which 
reside in /usr/lib/krb5/plugins and /usr/lib/64/krb5/plugins respectively.

Specifying a plugin in krb5.conf works fine when relative paths and 
default plugin_base_dir are used. The plugin_base_dir defaults  to 
/usr/lib/krb5/plugins on 32-bit and to /usr/lib/64/krb5/plugins on 
64-bit and plugins with the correct ISA are used.

Things start falling apart, when user would like to either specify full 
path to the plugin or set a non-default plugin_base_dir in their 
krb5.conf. In that case only one of the paths can be specified in 
krb5.conf, meaning plugins would fail dlopen-ing on the other architecture.

We would like to solve that by supporting $ISA place holder in the path, 
that would translate to '/64/' on 64-bit and to '/' on 32-bit. Hence the 
following (artificial) example would work fine for both:

     module = pkinit:/lib/$ISA/site/preauth/

Would MIT be willing to accept a patch implementing something along 
these lines?

If yes, I would prepare a platform-independent fix.
FYI, attached is a quick unix-only patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: plugins_isa.patch
Type: text/x-patch
Size: 1626 bytes
Desc: not available
Url :

More information about the krbdev mailing list