Re: problem with kerberos startup and LDAP

From: Sean McNeil <sean_at_mcneil.com> Date: Mon, 01 Dec 2003 10:10:20 -0800 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:32 UTC

This was with Heimdal from an installation of -CURRENT.  I am using LDAP
functionality, so option (a) below is not an option.  Option (b) below
sounds more difficult than the change I made to /etc/rc.d/kerberos :)

I hadn't thought kerberos would get linked in such a manner, but now
that you mentioned it here is what it ended up using:

/usr/libexec/kdc:
        libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x2807e000)
        libhdb.so.7 => /usr/lib/libhdb.so.7 (0x280ba000)
        libroken.so.7 => /usr/lib/libroken.so.7 (0x280ca000)
        libasn1.so.7 => /usr/lib/libasn1.so.7 (0x280d8000)
        libcrypto.so.3 => /lib/libcrypto.so.3 (0x280fe000)
        libcrypt.so.2 => /lib/libcrypt.so.2 (0x28208000)
        libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28221000)
        libldap.so.2 => /usr/local/lib/libldap.so.2 (0x28223000)
        liblber.so.2 => /usr/local/lib/liblber.so.2 (0x28254000)
        libc.so.5 => /lib/libc.so.5 (0x28260000)
        libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28337000)
        libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2834a000)
        libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x2837b000)

It only complained about libldap.so.2, so I would guess kerberos is
using the -rpath for the others?

Thanks,
Sean

On Mon, 2003-12-01 at 05:25, Jacques A. Vidrine wrote:
> On Sun, Nov 30, 2003 at 10:37:08PM -0800, Sean McNeil wrote:
> > Hello All,
> > 
> > I was having trouble with startup and kdc/kadmin5 failing.  Turns out
> > that they were trying to access a shared library in /usr/local/lib
> > (libldap.so.2).  Unfortunately, both were getting started before
> > ldconfig.
> > 
> > I added ldconfig to the REQUIRE: for kerberos and now all is well.
> > 
> > What should be the correct solution?
> 
> Let's see:  What implementation of Kerberos?  (Heimdal, MIT?)
> Installed as part of the base system, from the Ports Collection, or by
> hand?
> 
> The correct solutions are:
> 
>   (a) Do not build Kerberos against OpenLDAP if you do not use
>       LDAP functionality.
> 
>   (b) When building Kerberos, make certain that the linker flags
>       include an appropriate setting for RPATH, e.g.
>       `-rpath /usr/local/lib'.
> 
> Cheers,