From owner-freebsd-current@FreeBSD.ORG Mon Dec 1 10:10:35 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C4CA16A4E4; Mon, 1 Dec 2003 10:10:35 -0800 (PST) Received: from ms-smtp-03-eri0.socal.rr.com (ms-smtp-03-qfe0.socal.rr.com [66.75.162.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A3FE43FE3; Mon, 1 Dec 2003 10:10:23 -0800 (PST) (envelope-from sean@mcneil.com) Received: from blue.mcneil.com (cpe-66-75-176-109.socal.rr.com [66.75.176.109])hB1IALmB027786; Mon, 1 Dec 2003 10:10:21 -0800 (PST) Received: from [66.75.176.109] (mcneil.com [66.75.176.109]) by blue.mcneil.com (8.12.10/8.12.10) with ESMTP id hB1IAKWd020059; Mon, 1 Dec 2003 10:10:20 -0800 (PST) (envelope-from sean@mcneil.com) From: Sean McNeil To: "Jacques A. Vidrine" In-Reply-To: <20031201132536.GA99018@madman.celabo.org> References: <1070260627.23876.2.camel@blue.mcneil.com> <20031201132536.GA99018@madman.celabo.org> Content-Type: text/plain Organization: Sean McNeil Consulting Message-Id: <1070302220.19999.5.camel@blue.mcneil.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 01 Dec 2003 10:10:20 -0800 Content-Transfer-Encoding: 7bit X-DCC-Servercave-Metrics: blue.mcneil.com 1183; Body=2 Fuz1=2 Fuz2=2 X-Virus-Scanned: Symantec AntiVirus Scan Engine cc: freebsd-current@FreeBSD.org Subject: Re: problem with kerberos startup and LDAP X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 18:10:35 -0000 This was with Heimdal from an installation of -CURRENT. I am using LDAP functionality, so option (a) below is not an option. Option (b) below sounds more difficult than the change I made to /etc/rc.d/kerberos :) I hadn't thought kerberos would get linked in such a manner, but now that you mentioned it here is what it ended up using: /usr/libexec/kdc: libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2807e000) libhdb.so.7 => /usr/lib/libhdb.so.7 (0x280ba000) libroken.so.7 => /usr/lib/libroken.so.7 (0x280ca000) libasn1.so.7 => /usr/lib/libasn1.so.7 (0x280d8000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x280fe000) libcrypt.so.2 => /lib/libcrypt.so.2 (0x28208000) libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28221000) libldap.so.2 => /usr/local/lib/libldap.so.2 (0x28223000) liblber.so.2 => /usr/local/lib/liblber.so.2 (0x28254000) libc.so.5 => /lib/libc.so.5 (0x28260000) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28337000) libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2834a000) libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x2837b000) It only complained about libldap.so.2, so I would guess kerberos is using the -rpath for the others? Thanks, Sean On Mon, 2003-12-01 at 05:25, Jacques A. Vidrine wrote: > On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote: > > Hello All, > > > > I was having trouble with startup and kdc/kadmin5 failing. Turns out > > that they were trying to access a shared library in /usr/local/lib > > (libldap.so.2). Unfortunately, both were getting started before > > ldconfig. > > > > I added ldconfig to the REQUIRE: for kerberos and now all is well. > > > > What should be the correct solution? > > Let's see: What implementation of Kerberos? (Heimdal, MIT?) > Installed as part of the base system, from the Ports Collection, or by > hand? > > The correct solutions are: > > (a) Do not build Kerberos against OpenLDAP if you do not use > LDAP functionality. > > (b) When building Kerberos, make certain that the linker flags > include an appropriate setting for RPATH, e.g. > `-rpath /usr/local/lib'. > > Cheers,