From owner-freebsd-current@FreeBSD.ORG Mon Dec 1 10:23:45 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E8F016A4CF for ; Mon, 1 Dec 2003 10:23:45 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id E566E43FD7 for ; Mon, 1 Dec 2003 10:23:37 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 76CA55482B; Mon, 1 Dec 2003 12:23:37 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 179006D455; Mon, 1 Dec 2003 12:23:37 -0600 (CST) Date: Mon, 1 Dec 2003 12:23:37 -0600 From: "Jacques A. Vidrine" To: Sean McNeil Message-ID: <20031201182336.GA728@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Sean McNeil , freebsd-current@FreeBSD.org References: <1070260627.23876.2.camel@blue.mcneil.com> <20031201132536.GA99018@madman.celabo.org> <1070302220.19999.5.camel@blue.mcneil.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1070302220.19999.5.camel@blue.mcneil.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: freebsd-current@FreeBSD.org Subject: Re: problem with kerberos startup and LDAP X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 18:23:45 -0000 On Mon, Dec 01, 2003 at 10:10:20AM -0800, Sean McNeil wrote: > This was with Heimdal from an installation of -CURRENT. I am using LDAP > functionality, so option (a) below is not an option. Option (b) below > sounds more difficult than the change I made to /etc/rc.d/kerberos :) > > I hadn't thought kerberos would get linked in such a manner, but now > that you mentioned it here is what it ended up using: > > /usr/libexec/kdc: > libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2807e000) > libhdb.so.7 => /usr/lib/libhdb.so.7 (0x280ba000) > libroken.so.7 => /usr/lib/libroken.so.7 (0x280ca000) > libasn1.so.7 => /usr/lib/libasn1.so.7 (0x280d8000) > libcrypto.so.3 => /lib/libcrypto.so.3 (0x280fe000) > libcrypt.so.2 => /lib/libcrypt.so.2 (0x28208000) > libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28221000) > libldap.so.2 => /usr/local/lib/libldap.so.2 (0x28223000) > liblber.so.2 => /usr/local/lib/liblber.so.2 (0x28254000) > libc.so.5 => /lib/libc.so.5 (0x28260000) > libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28337000) > libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2834a000) > libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x2837b000) > > It only complained about libldap.so.2, so I would guess kerberos is > using the -rpath for the others? Oh, you must be using `WITH_OPENLDAP'--- an option that I did not even realize was available in the base system until I looked just now :-) Yes, I believe the build is broken and I will correct it after the code freeze. In the meantime, you might try the following patch and rebuild the KDC (`make clean' first). Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se Index: kerberos5/Makefile.inc =================================================================== RCS file: /home/ncvs/src/kerberos5/Makefile.inc,v retrieving revision 1.19 diff -c -r1.19 Makefile.inc *** kerberos5/Makefile.inc 18 Jul 2003 13:21:55 -0000 1.19 --- kerberos5/Makefile.inc 1 Dec 2003 18:21:23 -0000 *************** *** 16,22 **** OPENLDAPBASE?= /usr/local LDAPLIBS=-lldap -llber LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1 ! LDAPLDADD=-L${OPENLDAPBASE}/lib ${LDAPLIBS} .endif .if exists(${.OBJDIR}/../../include) --- 16,22 ---- OPENLDAPBASE?= /usr/local LDAPLIBS=-lldap -llber LDAPCFLAGS=-I${OPENLDAPBASE}/include -DOPENLDAP=1 ! LDAPLDADD=-L${OPENLDAPBASE}/lib -Wl,-rpath,${OPENLDAPBASE}/lib ${LDAPLIBS} .endif .if exists(${.OBJDIR}/../../include)