[sudo-users] Make fails when configured with --with-SecurID and --with-pam
Mike Nguyen
moozoo+sudo at gmail.com
Wed Jul 26 17:48:17 EDT 2006
Hello,
I'm having some trouble compiling sudo after doing a:
./configure --with-SecurID=/tmp/rsa --with-pam
Separately, both options seem to work fine and make is able to go through
without any issue, but combined, I get:
gcc -o sudo check.o env.o getspwuid.o gettime.o goodpath.o
fileops.ofind_path.o
interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o
tgetpass.ozero_bytes.o sudo_auth.o
securid5.o sudo.tab.o lex.yy.o alloc.o defaults.o err.o fnmatch.o
closefrom.o snprintf.o getprogname.o -L/tmp/rsa -R/tmp/rsa -lpam -ldl
-laceclnt -lpthread -lsocket -lnsl
Undefined first referenced
symbol in file
pam_cleanup sudo_auth.o
pam_prep_user set_perms.o
pam_verify sudo_auth.o
pam_init sudo_auth.o
ld: fatal: Symbol referencing errors. No output written to sudo
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `sudo'
Should I just not be combining both? Or perhaps preferably use SecurID
through PAM (Which seems to work fine actually)?
-----
Additionally, I had alot of trouble getting the --with-SecurID option to
work and had to do a bit of mucking around, at least based on the provided
instructions in the README (Or maybe I was just tired).
If anyone needs to get it compiling (Using SecurID Version 5):
- Make sure to grab the ACEAgentSDK5032.zip file from RSA's site (Login
required).
- Once uncompressed, copy all the header files from the inc/ directory to a
location of your choice (say, /tmp/rsa/). There should be 8 files.
acclnt.h acexport.h sd_types.h sdacmvls.h sdi_athd.h sdi_defs.h
sdi_size.h sdi_type.h
- Also copy the library files from the platform of your choice, lib/sol/, to
this same directory (say, /tmp/rsa/) There should be 2 files.
libaceclnt.a libaceclnt.so
- Once that is done, a ./configure --with-SecurID=/tmp/rsa should work
accordingly, find all the files it needs, and also detect that the SecurID
version you're using is 5, and not any previous one.
- Near the end of the ./configure output, if you get:
checking for SD_Init in -laceclnt... yes
...then SecurID version 5 has been correctly detected.
-----
But, although the compile seems to work fine using --with-SecurID...
It still seems as though something isn't working properly.
As I try a:
# sudo -s
I get:
sudo: failed to initialise the ACE API library
And in /var/adm/messages, appears:
sudo[7091]: [ID 940004 user.error] ACEAGENT: The message entry does not
exist for Message ID: 1001
The VAR_ACE variable has been defined in /etc/profile and the username
trying to sudo has it defined.
Might this be because we are using RSA 5.2, and not 5.0?
-----
OS: Solaris 8
GCC: 3.3.2
Sudo: 1.6.8p12
RSA: 5.2
Regards,
--
- Mike Nguyen
- mailto:moozoo at gmail.com
More information about the sudo-users
mailing list