[sudo-users] sudo, kerb5 and Heimdal on FreeBSD 7.0

john bender fafaforza at yahoo.com
Tue Oct 21 14:48:10 EDT 2008

Hi there,

so I'm trying to install sudo on FreeBSD 7.0-RELEASE. 
When I try a make against the kerberos libs that the
system comes with under /usr/lib, I get this error:

undefined reference to 'krb5_get_init_creds_opt_alloc'

So I compile Heimdal from ports and libs are installed
under /usr/local/lib.  Running a 'strings' on these I
see that the krb5_get_init_creds_opt_alloc function is
there, and not presend under the libs in /usr/lib. 
I'm not sure whether the /usr/lib libraries are from
the MIT release, but was under the impression that due
to crypt export laws, FBSD came with Heimdal by
default.  But anyway...

Moving forward, I configure with --with-kerb5, and
'export LDFLAGS=-L/usr/local/lib', but when running
'make', I get:

../auth/kerb5.c: In function 'kerb5_verify':
../auth/kerb5.c:224: warning: passing argument 1 of
'krb5_get_init_creds_opt_free' from incompatible
pointer type
../auth/kerb5.c:224: error: too few arguments to
function 'krb5_get_init_creds_opt_free'

In auth/kerb5.c on line 223 I see


If I remove the defines, and the 1 argument function,
IE: only leave
"krb5_get_init_creds_opt_free(sudo_context, opts);"
from the above block, it compiles fine and a sudo
command authenticates properly against my kerberos

I looked the function up in the Heimdal source, and
all instances reference two arguments:

krb5_get_init_creds_opt_free(context, options);

Running 'strings' on the /usr/lib libraries did not
return a match for krb5_get_init_creds_opt_free, so it
looks to be present only in Heimdal libraries.

Is this something that needs to be changed in sudo's

- Darek


More information about the sudo-users mailing list