[Bug 1276] Link stage fails when gssapi exists
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 18 03:59:39 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1276
Summary: Link stage fails when gssapi exists
Product: Portable OpenSSH
Version: v4.5p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket at mindrot.org
ReportedBy: jengelh at gmx.de
Hello,
there is a problem with OpenSSH 4.5p1 (dates back to 4.2 IIRC) where
configure, if called with `configure --enable-kerberos5=/usr`, will
incorrectly determine the libraries to be linked into the final
binaries
on openSUSE 10.2 (and before) when /usr/lib/libgssapi* exists, i.e. the
libgssapi.rpm package is installed. krb5 and krb5-devel are installed
to. I suppose this problem also surfaces on other distributions.
configure output is:
checking for gss_init_sec_context in -lgssapi... yes
but actually compiling and linking the program suite yields:
gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o
auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o
monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o
gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o
md5crypt.o audit.o audit-bsm.o platform.o -L. -Lopenbsd-compat/
-L/usr/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz
-lnsl -lcrypt -lgssapi -lkrb5 -lk5crypto -lcom_err
gss-serv-krb5.o: In function `ssh_gssapi_krb5_storecreds':
/usr/src/packages/BUILD/openssh-4.5p1/gss-serv-krb5.c:164: undefined
reference to `gss_krb5_copy_ccache'
collect2: ld returned 1 exit status
make: *** [sshd] Error 1
This missing function is defined in libgssapi_krb5. I think the problem
behind this is that gss_init_sec_context, which is used in
the configure{,.ac} test is present in both:
$ readelf -a /usr/lib/libgssapi.so | grep init_sec
73: 00003cb0 551 FUNC GLOBAL DEFAULT 11
gss_init_sec_context@@libgssapi_CITI_2
$ readelf -a /usr/lib/libgssapi_krb5.so | grep init_sec
...
183: 00009b00 617 FUNC GLOBAL DEFAULT 11
gss_init_sec_context@@gssapi_krb5_2_MIT
While gss_krb5_copy_cache is only in the latter:
$ readelf -a /usr/lib/libgssapi.so | grep gss_krb5_copy_ccache
$ readelf -a /usr/lib/libgssapi_krb5.so | grep gss_krb5_copy_ccache
196: 0001d680 136 FUNC GLOBAL DEFAULT 11
gss_krb5_copy_ccache@@gssapi_krb5_2_MIT
Googling turns up
http://marc2.theaimsgroup.com/?l=secure-shell&m=112109538913024&w=2
but I doubt my gssapi is "old", as this is a default openSUSE install
and I am quite "clean" (gssapi _is_ under rpm control).
Here is a patch that "fixes" it for me:
<attachment>
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list