I'm trying to compile openssh-3.9p1 for an embedded Linux distro without
kerberos support. I pass the flag --without-kerberos5 to configure and
the script output indicates that I've chosen to not link against the
kerberos libs:
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
KerberosV support: no
Smartcard support: no
S/KEY support: no
TCP Wrappers support: yes
MD5 password support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags:
Linker flags:
Libraries: -lwrap -lcrypto -lutil -lz -lnsl -lcrypt
However, when built, it is linked against the kerberos libs:
scottspc: /usr/local/src/openssh-3.9p1 # ldd ./sftp-server
libcrypto.so.4 => /lib/libcrypto.so.4 (0x4002e000)
libutil.so.1 => /lib/libutil.so.1 (0x4011f000)
libz.so.1 => /usr/lib/libz.so.1 (0x40122000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40130000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40145000)
libc.so.6 => /lib/i686/libc.so.6 (0x40172000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2
(0x402ac000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x402bf000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4031d000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4031f000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4032f000)
libdl.so.2 => /lib/libdl.so.2 (0x40341000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
How do I disable kerberos support?
Thanks.
--
Regards,
Scott Dudley
Scott Dudley wrote:> I'm trying to compile openssh-3.9p1 for an embedded Linux distro without > kerberos support. I pass the flag --without-kerberos5 to configure and > the script output indicates that I've chosen to not link against the > kerberos libs:[...]> However, when built, it is linked against the kerberos libs:Your system libcrypto is probably linked against the kerberos libs. This is from a redhat9 box: $ ldd /usr/lib/libcrypto.so |grep libkrb libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x40120000)> How do I disable kerberos support?Download the OpenSSL source, build it, put it somewhere other than the system libcrypto (the default /usr/local/ssl is fine) then point OpenSSH's configure at it by with "--with-ssl-dir=/path/to/ssl" -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.