Kerberos4, tcp-wrappers, afs, and pam support on RH7.0

Fri Mar 23 09:44:38 EST 2001

I'm not using rpms, I am doing some work using kerberos authentication and
want to use OpenSSH to interface to kerberos. It's the damnedest thing
though, when I configure, no matter WHERE the krb.h file lives, it won't
get read in by the configure script. Has anyone run into this before?
Also, on RH7, tcpwrappers is a static lib, the src rpm seems to find it if
I rebuild, but the actual source doesn't seem to find it. The same goes
for libpam.so, that stuff exists in /usr/lib and ld.so.cache is updated, I
updated again it just to make sure.  Any pointers are much appreciated!

-- 
Austin Gonyou
Systems Architect
Coremetrics, Inc.
Phone: 512-796-9023
email: austin at coremetrics.com

On Thu, 22 Mar 2001, Loomis, Rip wrote:

> Well, I've finally gotten around to compiling
> and testing OpenSSH 2.5.2p1, in order to update
> the contrib/solaris packaging scripts.
>
> Somehow on my test system, I'm getting errors
> that indicate that I've still got some old copy
> of OpenSSL being found somewhere...but I can't
> for the life of me tell where.  The compile went
> fine (it found the OpenSSL 0.9.5a libraries that
> I had compiled and installed in /usr/local/ssl),
> but I get the error below with text indicating
> that I've still got some other random version.
>
> The screwy thing is that I'm rather sure that I
> don't...in fact, I even downloaded, compiled,
> and installed OpenSSL 0.9.6 in hopes that it
> would fix it (no joy).  Then I did multiple
> global finds looking for any crypto or ssl-related
> libraries that might have been dangling (no joy).
> Finally, I commented out the check in entropy.c
> and re-compiled, and ssh/sshd run fine.  This
> implies to me that the check possibly doesn't work
> properly?
>
> Any other hints as to a filename to look for, or
> an alternate installation location?  It seems
> particularly odd to me that the compile runs fine,
> but on *the same box* it picks up a different
> library version at run-time.
>
> contrib/solaris updates to follow ASAP.
>
> Rip Loomis		Voice Number: (410) 953-6874
> --------------------------------------------------------
> Senior Security Engineer
> Center for Information Security Technology
> Science Applications International Corporation
> http://www.cist.saic.com
>
>
>
> > -----Original Message-----
> > From: Damien Miller [mailto:djm at mindrot.org]
> > Sent: Monday, February 26, 2001 4:38 PM
> > To: mouring at etoh.eviladmin.org
> > Cc: Christophe GRENIER; openssh-unix-dev at mindrot.org
> > Subject: Re: OpenSSH_2.5.1p1 - RH 6.2
> >
> >
> > On Tue, 27 Feb 2001, Damien Miller wrote:
> >
> > > How about we put something like:
> > >
> > > if (SSLeay() != OPENSSL_VERSION_NUMBER)
> > > 	fatal("OpenSSL version mismatch. Built against %x, you have %x",
> > > 	    OPENSSL_VERSION_NUMBER, SSLeay());
> > >
> > > at the start of every executable to kill this thing once
> > and for all.
> >
> > I might put this in init_rng() so we get it without any more
> > disruption.
> >
> > -d
> >
> > --
> > | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are
> > the poor man's
> > | http://www.mindrot.org          /   distributed
> > filesystem'' - Dan Geer
> >
> >
>