[sudo-users] sudo, kerb5 and Heimdal on FreeBSD 7.0

Tom McLaughlin tmclaugh at gmail.com
Tue Oct 21 21:21:16 EDT 2008 

john bender wrote:
> Hi there,
> 
> so I'm trying to install sudo on FreeBSD 7.0-RELEASE. 
> When I try a make against the kerberos libs that the
> system comes with under /usr/lib, I get this error:
> 
> undefined reference to 'krb5_get_init_creds_opt_alloc'

The port for sudo in the ports tree builds just fine.  What version are 
you using?  Are you using the ports tree?

> 
> So I compile Heimdal from ports and libs are installed
> under /usr/local/lib.  Running a 'strings' on these I
> see that the krb5_get_init_creds_opt_alloc function is
> there, and not presend under the libs in /usr/lib. 
> I'm not sure whether the /usr/lib libraries are from
> the MIT release, but was under the impression that due
> to crypt export laws, FBSD came with Heimdal by
> default.  But anyway...

FreeBSD ships Heimdal 0.6.3 in 7.0.  HEAD has 1.1.0.  As the port 
maintainer for sudo I'll just say this, unless you know you need a 
kerberos implementation from ports then don't install it and just use 
the base version.  I don't bother testing mix-and-matched kerberos 
setups because it has a tendency to explode.  (This isn't just the case 
with sudo but many other applications as well.)

tom

> Moving forward, I configure with --with-kerb5, and
> 'export LDFLAGS=-L/usr/local/lib', but when running
> 'make', I get:
> 
> ../auth/kerb5.c: In function 'kerb5_verify':
> ../auth/kerb5.c:224: warning: passing argument 1 of
> 'krb5_get_init_creds_opt_free' from incompatible
> pointer type
> ../auth/kerb5.c:224: error: too few arguments to
> function 'krb5_get_init_creds_opt_free'
> 
> In auth/kerb5.c on line 223 I see
> 
> #ifdef HAVE_HEIMDAL
>         krb5_get_init_creds_opt_free(opts);
> #else
>         krb5_get_init_creds_opt_free(sudo_context,
> opts);
> #endif
> 
> If I remove the defines, and the 1 argument function,
> IE: only leave
> "krb5_get_init_creds_opt_free(sudo_context, opts);"
> from the above block, it compiles fine and a sudo
> command authenticates properly against my kerberos
> server.
> 
> I looked the function up in the Heimdal source, and
> all instances reference two arguments:
> 
> krb5_get_init_creds_opt_free(context, options);
> 
> Running 'strings' on the /usr/lib libraries did not
> return a match for krb5_get_init_creds_opt_free, so it
> looks to be present only in Heimdal libraries.
> 
> Is this something that needs to be changed in sudo's
> source?
> 
> - Darek
>

More information about the sudo-users mailing list