From owner-freebsd-stable Sun May 20 17:42:17 2001 Delivered-To: freebsd-stable@freebsd.org Received: from shell1.nominum.com (shell1.nominum.com [204.152.187.163]) by hub.freebsd.org (Postfix) with ESMTP id D330A37B43F for ; Sun, 20 May 2001 17:42:11 -0700 (PDT) (envelope-from Peter.Losher@nominum.com) Received: by shell1.nominum.com (Postfix, from userid 10188) id BD9FA22641; Sun, 20 May 2001 17:41:44 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by shell1.nominum.com (Postfix) with ESMTP id B849320F01 for ; Sun, 20 May 2001 17:41:44 -0700 (PDT) Date: Sun, 20 May 2001 17:41:44 -0700 (PDT) From: Peter Losher To: Subject: Krb5 libs (MIT & Heimdal) | SSH2 & etc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I recently started to work on installing a couple of FreeBSD v4.3-STABLE (as of last week) servers. As a part of that installation, I added MIT Kerberos V from ports (in /usr/local/krb5/), and compiled SSH2 (SSH Inc. - I would rather use OpenSSH, but it doen't yet support Krb5 and Krb5TgtPassing, so it's SSH 2.4.0) with Krb5 support. That was fine, until I tried to run sshd: -=- # ./sshd sshd: SSH Secure Shell 2.4.0 (non-commercial version) on i386-unknown-freebsd4.3 /usr/libexec/ld-elf.so.1:/usr/lib/libkrb5.so: Undefined symbol "initialize_asn1_error_table_r" -=- I suspect this is a case of "lib crashing" between the Heimdal Krb5 libs in /usr/lib and the MIT Krb5 libs in /usr/local/krb5/lib. Is there any way to have the MIT Kerberos libraries take precedence in this case? (recompile make buildworld with MAKE_KERBEROS5=NO perhaps?). This is going to become a major problem as (at last check) all the programs that we use for authentication require MIT Kerberos (UW_IMAP, SSH2, etc) and I can't have the integrated Heimdal libs come in and interfere like this. Has anyone faced this situation and how have they dealt with it? Integrating Kerberos into the core system in the first place was a bad idea. Doing this on 3.x (like the other FreeBSD servers I administer here) was a LOT easier, since I could pick which Krb5 suite I would intstall (MIT or Heimdal), and not have these lib conflicts. With Heimdal integrated in 4.x, that choice (as I see it so far) has been taken away from me. Best Wishes - Peter -- Peter.Losher@nominum.com - [ Systems Admin. | Nominum, Inc. ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message