From owner-freebsd-current@FreeBSD.ORG Fri Sep 18 21:32:41 2009 Return-Path: <owner-freebsd-current@FreeBSD.ORG> Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41FF11065670; Fri, 18 Sep 2009 21:32:41 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id D88FF8FC0C; Fri, 18 Sep 2009 21:32:40 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEALeYs0qDaFvI/2dsb2JhbADPOoQbBYFY X-IronPort-AV: E=Sophos;i="4.44,411,1249272000"; d="scan'208";a="48553794" Received: from darling.cs.uoguelph.ca ([131.104.91.200]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 18 Sep 2009 17:32:39 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by darling.cs.uoguelph.ca (Postfix) with ESMTP id E046C940119; Fri, 18 Sep 2009 17:32:39 -0400 (EDT) X-Virus-Scanned: amavisd-new at darling.cs.uoguelph.ca Received: from darling.cs.uoguelph.ca ([127.0.0.1]) by localhost (darling.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mXzaVlSNxSo; Fri, 18 Sep 2009 17:32:38 -0400 (EDT) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by darling.cs.uoguelph.ca (Postfix) with ESMTP id B70EF9400EA; Fri, 18 Sep 2009 17:32:38 -0400 (EDT) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id n8ILc9M28104; Fri, 18 Sep 2009 17:38:10 -0400 (EDT) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Fri, 18 Sep 2009 17:38:09 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: John Marshall <john.marshall@riverwillow.com.au> In-Reply-To: <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> Message-ID: <Pine.GSO.4.63.0909181722270.23193@muncher.cs.uoguelph.ca> References: <4AB27FB6.4010806@eng.auth.gr> <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-stable <freebsd-stable@freebsd.org>, freebsd-current@freebsd.org, George Mamalakis <mamalos@eng.auth.gr> Subject: Re: SASL problems with spnego on 8.0-BETA4 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current> List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 18 Sep 2009 21:32:41 -0000 On Fri, 18 Sep 2009, John Marshall wrote: > On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote: >> Dear all, >> >> I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I >> run ldapsearch to see if I can authenticate via GSSAPI I keep getting >> the following error: >> >> [root@ldap root]# ldapsearch -H "ldap://ldap.example.com/" -b >> "dc=example,dc=com" >> SASL/GSSAPI authentication started >> dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol >> "GSS_C_NT_HOSTBASED_SERVICE" >> ldap_sasl_interactive_bind_s: Local error (-2) >> I don't know if you guys feel like experimenting, but here's what little I know about the heimdal/gssapi setup. When cyrus-sasl2 builds, it uses the little shell script /usr/bin/krb5-config with the args. "--libs gssapi" to get the list of libraries to link against. This doesn't return "-lgssapi_spnego" in the list. (The list can be changed by editting line #96 of /usr/bin/krb5-config.) Nothing seems to link against "-lgssapi_spnego", so it's a mystery to me how it ends up using it? (Maybe others with knowledge on how FreeBSD loads libraries can explain it. The library is listed in /etc/gss/mech.) GSS_C_NT_HOSTBASED_SERVICE is defined in the file gss_names.o in "-lgssapi", which is at the beginning of the list of libraries returned by "krb5-config --libs gssapi". I'm hoping that someone who understands how libraries get loaded can solve the puzzle, but barring that, you could try added "-lgssapi_spnego" to line #96 of /usr/bin/krb5-config in front of "-lgssapi" and see if that gets things to load properly? Not much help, but I don't know how to test this stuff, rick