Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 May 2001 10:56:24 -0700 (PDT)
From:      Peter Losher <Peter.Losher@nominum.com>
To:        <freebsd-questions@freebsd.org>
Subject:   Krb5 libs (MIT & Heimdal) | SSH2 & etc. (fwd)
Message-ID:  <Pine.NEB.4.33.0105211055170.2773-100000@shell1.nominum.com>

next in thread | raw e-mail | index | archive | help

(Originally posted to -stable yesterday, thought I should pass it on here
for more input)

Hi,

I recently started to work on installing a couple of FreeBSD v4.3-STABLE
(as of last week) servers.  As a part of that installation, I added MIT
Kerberos V from ports (in /usr/local/krb5/), and compiled SSH2 (SSH Inc. -
I would rather use OpenSSH, but it doen't yet support Krb5 and
Krb5TgtPassing, so it's SSH 2.4.0) with Krb5 support.  That was fine, until
I tried to run sshd:

-=-
# ./sshd
sshd: SSH Secure Shell 2.4.0 (non-commercial version) on
i386-unknown-freebsd4.3

/usr/libexec/ld-elf.so.1:/usr/lib/libkrb5.so: Undefined symbol
"initialize_asn1_error_table_r"
-=-

I suspect this is a case of "lib crashing" between the Heimdal Krb5 libs in
/usr/lib and the MIT Krb5 libs in /usr/local/krb5/lib.  Is there any way to
have the MIT Kerberos libraries take precedence in this case?  (recompile
make buildworld with MAKE_KERBEROS5=NO perhaps?).  This is going to become
a major problem as (at last check) all the programs that we use for
authentication require MIT Kerberos (UW_IMAP, SSH2, etc) and I can't have
the integrated Heimdal libs come in and interfere like this.

Has anyone faced this situation and how have they dealt with it?

<rant>
Integrating Kerberos into the core system in the first place was a bad
idea.  Doing this on 3.x (like the other FreeBSD servers I administer here)
was a LOT easier, since I could pick which Krb5 suite I would intstall (MIT or
Heimdal), and not have these lib conflicts.  With Heimdal integrated in
4.x, that choice (as I see it so far) has been taken away from me.
</rant>

Best Wishes - Peter
-- 
Peter.Losher@nominum.com - [ Systems Admin. | Nominum, Inc. ]




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.33.0105211055170.2773-100000>