[sudo-users] Make fails when configured with --with-SecurID and --with-pam

Mike Nguyen moozoo+sudo at gmail.com
Wed Jul 26 17:48:17 EDT 2006


I'm having some trouble compiling sudo after doing a:

./configure --with-SecurID=/tmp/rsa --with-pam

Separately, both options seem to work fine and make is able to go through
without any issue, but combined, I get:

gcc -o sudo check.o env.o getspwuid.o gettime.o goodpath.o
interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o
tgetpass.ozero_bytes.o  sudo_auth.o
securid5.o sudo.tab.o lex.yy.o alloc.o defaults.o err.o fnmatch.o
closefrom.o snprintf.o getprogname.o -L/tmp/rsa -R/tmp/rsa  -lpam -ldl
-laceclnt -lpthread   -lsocket -lnsl
Undefined                       first referenced
 symbol                             in file
pam_cleanup                         sudo_auth.o
pam_prep_user                       set_perms.o
pam_verify                          sudo_auth.o
pam_init                            sudo_auth.o
ld: fatal: Symbol referencing errors. No output written to sudo
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `sudo'

Should I just not be combining both?  Or perhaps preferably use SecurID
through PAM (Which seems to work fine actually)?


Additionally, I had alot of trouble getting the --with-SecurID option to
work and had to do a bit of mucking around, at least based on the provided
instructions in the README (Or maybe I was just tired).

If anyone needs to get it compiling (Using SecurID Version 5):

- Make sure to grab the ACEAgentSDK5032.zip file from RSA's site (Login

- Once uncompressed, copy all the header files from the inc/ directory to a
location of your choice (say, /tmp/rsa/).  There should be 8 files.

acclnt.h    acexport.h  sd_types.h  sdacmvls.h  sdi_athd.h  sdi_defs.h
sdi_size.h  sdi_type.h

- Also copy the library files from the platform of your choice, lib/sol/, to
this same directory (say, /tmp/rsa/)  There should be 2 files.

libaceclnt.a   libaceclnt.so

- Once that is done, a ./configure --with-SecurID=/tmp/rsa should work
accordingly, find all the files it needs, and also detect that the SecurID
version you're using is 5, and not any previous one.

- Near the end of the ./configure output, if you get:

checking for SD_Init in -laceclnt... yes

...then SecurID version 5 has been correctly detected.


But, although the compile seems to work fine using --with-SecurID...

It still seems as though something isn't working properly.

As I try a:

# sudo -s

I get:

sudo: failed to initialise the ACE API library

And in /var/adm/messages, appears:

sudo[7091]: [ID 940004 user.error] ACEAGENT: The message entry does not
exist for Message ID: 1001

The VAR_ACE variable has been defined in /etc/profile and the username
trying to sudo has it defined.

Might this be because we are using RSA 5.2, and not 5.0?


OS:  Solaris 8
GCC:  3.3.2
Sudo:  1.6.8p12
RSA:  5.2


-  Mike Nguyen
-  mailto:moozoo at gmail.com

More information about the sudo-users mailing list