bugzilla-daemon at mindrot.org
2007-Jan-17 16:59 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276 Summary: Link stage fails when gssapi exists Product: Portable OpenSSH Version: v4.5p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket at mindrot.org ReportedBy: jengelh at gmx.de Hello, there is a problem with OpenSSH 4.5p1 (dates back to 4.2 IIRC) where configure, if called with `configure --enable-kerberos5=/usr`, will incorrectly determine the libraries to be linked into the final binaries on openSUSE 10.2 (and before) when /usr/lib/libgssapi* exists, i.e. the libgssapi.rpm package is installed. krb5 and krb5-devel are installed to. I suppose this problem also surfaces on other distributions. configure output is: checking for gss_init_sec_context in -lgssapi... yes but actually compiling and linking the program suite yields: gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat/ -L/usr/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt -lgssapi -lkrb5 -lk5crypto -lcom_err gss-serv-krb5.o: In function `ssh_gssapi_krb5_storecreds': /usr/src/packages/BUILD/openssh-4.5p1/gss-serv-krb5.c:164: undefined reference to `gss_krb5_copy_ccache' collect2: ld returned 1 exit status make: *** [sshd] Error 1 This missing function is defined in libgssapi_krb5. I think the problem behind this is that gss_init_sec_context, which is used in the configure{,.ac} test is present in both: $ readelf -a /usr/lib/libgssapi.so | grep init_sec 73: 00003cb0 551 FUNC GLOBAL DEFAULT 11 gss_init_sec_context@@libgssapi_CITI_2 $ readelf -a /usr/lib/libgssapi_krb5.so | grep init_sec ... 183: 00009b00 617 FUNC GLOBAL DEFAULT 11 gss_init_sec_context@@gssapi_krb5_2_MIT While gss_krb5_copy_cache is only in the latter: $ readelf -a /usr/lib/libgssapi.so | grep gss_krb5_copy_ccache $ readelf -a /usr/lib/libgssapi_krb5.so | grep gss_krb5_copy_ccache 196: 0001d680 136 FUNC GLOBAL DEFAULT 11 gss_krb5_copy_ccache@@gssapi_krb5_2_MIT Googling turns up http://marc2.theaimsgroup.com/?l=secure-shell&m=112109538913024&w=2 but I doubt my gssapi is "old", as this is a default openSUSE install and I am quite "clean" (gssapi _is_ under rpm control). Here is a patch that "fixes" it for me: <attachment> ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Jan-17 17:00 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276 ------- Comment #1 from jengelh at gmx.de 2007-01-18 04:00 ------- Created an attachment (id=1226) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1226&action=view) proposed fix ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Jan-22 01:39 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276 ------- Comment #2 from djm at mindrot.org 2007-01-22 12:39 ------- (From update of attachment 1226) from the patch:>- K5LIBS="-lgssapi $K5LIBS"; echo SCREW THE WORLD; ],On some days I agree with this sentiment, but I'm not certain that this is a pristine OpenSSH source :) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2007-Jan-22 11:04 UTC
[Bug 1276] Link stage fails when gssapi exists
http://bugzilla.mindrot.org/show_bug.cgi?id=1276 jengelh at gmx.de changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1226 is|0 |1 obsolete| | ------- Comment #3 from jengelh at gmx.de 2007-01-22 22:04 ------- Created an attachment (id=1233) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1233&action=view) - ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5)
- SNAP-20040216 configure mangles krb5-config output
- OpenSSH 4.7p1, AIX 5.2, with IBM Kerberos = No Joy.
- [Bug 2080] New: Add debug statements for gss_krb5_copy_ccache
- [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5)