Date: Fri, 18 Sep 2009 23:46:31 +0100 From: Sam Leffler <sam@freebsd.org> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: freebsd-stable <freebsd-stable@freebsd.org>, freebsd-current@freebsd.org, John Marshall <john.marshall@riverwillow.com.au>, George Mamalakis <mamalos@eng.auth.gr> Subject: Re: SASL problems with spnego on 8.0-BETA4 Message-ID: <4AB40DC7.2060808@freebsd.org> In-Reply-To: <Pine.GSO.4.63.0909181722270.23193@muncher.cs.uoguelph.ca> References: <4AB27FB6.4010806@eng.auth.gr> <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> <Pine.GSO.4.63.0909181722270.23193@muncher.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Rick Macklem wrote: > > > On Fri, 18 Sep 2009, John Marshall wrote: > >> On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote: >>> Dear all, >>> >>> I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I >>> run ldapsearch to see if I can authenticate via GSSAPI I keep getting >>> the following error: >>> >>> [root@ldap root]# ldapsearch -H "ldap://ldap.example.com/" -b >>> "dc=example,dc=com" >>> SASL/GSSAPI authentication started >>> dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol >>> "GSS_C_NT_HOSTBASED_SERVICE" >>> ldap_sasl_interactive_bind_s: Local error (-2) >>> > I don't know if you guys feel like experimenting, but here's what little > I know about the heimdal/gssapi setup. > > When cyrus-sasl2 builds, it uses the little shell script > /usr/bin/krb5-config with the args. "--libs gssapi" to get the list of > libraries to link against. This doesn't return "-lgssapi_spnego" in the > list. (The list can be changed by editting line #96 of > /usr/bin/krb5-config.) > > Nothing seems to link against "-lgssapi_spnego", so it's a mystery to > me how it ends up using it? (Maybe others with knowledge on how FreeBSD > loads libraries can explain it. The library is listed in /etc/gss/mech.) > > GSS_C_NT_HOSTBASED_SERVICE is defined in the file gss_names.o in > "-lgssapi", which is at the beginning of the list of libraries returned > by "krb5-config --libs gssapi". > > I'm hoping that someone who understands how libraries get loaded can > solve the puzzle, but barring that, you could try added "-lgssapi_spnego" > to line #96 of /usr/bin/krb5-config in front of "-lgssapi" and see if that > gets things to load properly? > > Not much help, but I don't know how to test this stuff, rick FWIW I hit the same problem (I think) with cyrus imap and saslauthd. I am running HEAD and tried building w/ and w/o kerberos enabled but cyradm aborts on startup complaining about the missing symbol. I started digging because I couldn't get cyrus imap to authenticate users. Feels like one or more of these ports are busted. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AB40DC7.2060808>