[sudo-users] sudo, kerb5 and Heimdal on FreeBSD 7.0
tmclaugh at gmail.com
Tue Oct 21 21:21:16 EDT 2008
john bender wrote:
> Hi there,
> so I'm trying to install sudo on FreeBSD 7.0-RELEASE.
> When I try a make against the kerberos libs that the
> system comes with under /usr/lib, I get this error:
> undefined reference to 'krb5_get_init_creds_opt_alloc'
The port for sudo in the ports tree builds just fine. What version are
you using? Are you using the ports tree?
> So I compile Heimdal from ports and libs are installed
> under /usr/local/lib. Running a 'strings' on these I
> see that the krb5_get_init_creds_opt_alloc function is
> there, and not presend under the libs in /usr/lib.
> I'm not sure whether the /usr/lib libraries are from
> the MIT release, but was under the impression that due
> to crypt export laws, FBSD came with Heimdal by
> default. But anyway...
FreeBSD ships Heimdal 0.6.3 in 7.0. HEAD has 1.1.0. As the port
maintainer for sudo I'll just say this, unless you know you need a
kerberos implementation from ports then don't install it and just use
the base version. I don't bother testing mix-and-matched kerberos
setups because it has a tendency to explode. (This isn't just the case
with sudo but many other applications as well.)
> Moving forward, I configure with --with-kerb5, and
> 'export LDFLAGS=-L/usr/local/lib', but when running
> 'make', I get:
> ../auth/kerb5.c: In function 'kerb5_verify':
> ../auth/kerb5.c:224: warning: passing argument 1 of
> 'krb5_get_init_creds_opt_free' from incompatible
> pointer type
> ../auth/kerb5.c:224: error: too few arguments to
> function 'krb5_get_init_creds_opt_free'
> In auth/kerb5.c on line 223 I see
> #ifdef HAVE_HEIMDAL
> If I remove the defines, and the 1 argument function,
> IE: only leave
> "krb5_get_init_creds_opt_free(sudo_context, opts);"
> from the above block, it compiles fine and a sudo
> command authenticates properly against my kerberos
> I looked the function up in the Heimdal source, and
> all instances reference two arguments:
> krb5_get_init_creds_opt_free(context, options);
> Running 'strings' on the /usr/lib libraries did not
> return a match for krb5_get_init_creds_opt_free, so it
> looks to be present only in Heimdal libraries.
> Is this something that needs to be changed in sudo's
> - Darek
More information about the sudo-users