openssh unix dev - Jan 2005 - Compiling openssh-3.9p1 Without Kerberos

I'm trying to compile openssh-3.9p1 for an embedded Linux distro without 
kerberos support.  I pass the flag --without-kerberos5 to configure and 
the script output indicates that I've chosen to not link against the 
kerberos libs:

OpenSSH has been configured with the following options:
                     User binaries: /usr/local/bin
                   System binaries: /usr/local/sbin
               Configuration files: /usr/local/etc
                   Askpass program: /usr/local/libexec/ssh-askpass
                      Manual pages: /usr/local/man/manX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: 
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
                    Manpage format: doc
                       PAM support: no
                 KerberosV support: no
                 Smartcard support: no
                     S/KEY support: no
              TCP Wrappers support: yes
              MD5 password support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: yes
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY

              Host: i686-pc-linux-gnu
          Compiler: gcc
    Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags:
      Linker flags:
         Libraries: -lwrap  -lcrypto -lutil -lz -lnsl  -lcrypt

However, when built, it is linked against the kerberos libs:

scottspc: /usr/local/src/openssh-3.9p1 # ldd ./sftp-server
        libcrypto.so.4 => /lib/libcrypto.so.4 (0x4002e000)
        libutil.so.1 => /lib/libutil.so.1 (0x4011f000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40122000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40130000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40145000)
        libc.so.6 => /lib/i686/libc.so.6 (0x40172000)
        libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 
(0x402ac000)
        libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x402bf000)
        libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4031d000)
        libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4031f000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x4032f000)
        libdl.so.2 => /lib/libdl.so.2 (0x40341000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

How do I disable kerberos support?

Thanks.

-- 

Regards,

Scott Dudley

Scott Dudley wrote:
> I'm trying to compile openssh-3.9p1 for an embedded Linux distro
without
> kerberos support.  I pass the flag --without-kerberos5 to configure and 
> the script output indicates that I've chosen to not link against the 
> kerberos libs:
[...]
> However, when built, it is linked against the kerberos libs:
Your system libcrypto is probably linked against the kerberos libs. 
This is from a redhat9 box:

$ ldd /usr/lib/libcrypto.so |grep libkrb
         libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x40120000)
> How do I disable kerberos support?
Download the OpenSSL source, build it, put it somewhere other than the 
system libcrypto (the default /usr/local/ssl is fine) then point 
OpenSSH's configure at it by with "--with-ssl-dir=/path/to/ssl"

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.