[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Smbk5pwd and Heimdal 0.7 not playing nice?
Perry Nguyen wrote:
>> -----Original Message-----
>> From: Howard Chu [mailto:firstname.lastname@example.org]
>> Sent: Tuesday, August 02, 2005 11:41 AM
>> To: Perry Nguyen
>>> While running smbk5pwd through gdb, I'm not able to step through
>>> krb5_init_context, but if I run add_random_users, I am able
>> to step through,
>>> (am I missing any gdb options?)
>> Most likely you're not linking against the same library in
>> both cases.
>> There are no gdb options to control this, it all just depends
>> on whether
>> or not the object file has debug symbols.
> That's an interesting point. My slapd executable is linked against
> libkrb5.so.3 in /usr/lib, while I am linking smbk5pwd against heimdal in
> /usr/heimdal/lib/libkrb5.so.17. Of course, krb5_init_context is also
> defined in libkrb5.so.3. Perhaps this causes some amount of
> incompatibility? Do I need to rebuild slapd without linking in the MIT krb5
> libraries? Change the Heimdal soname to be compatible with MIT? Compile
> slapd without krb5 support at all? (In this case, SASL should handle
> anything krb5 related, yes?)
You cannot use two different Kerberos libraries in the same program.
As a general rule, the MIT Kerberos libraries are unsafe for use in
threaded programs. They are known to cause memory leaks and SEGVs when
linked into slapd. These problems do not occur when using the Heimdal
libraries. The OpenLDAP project recommends against using the MIT libraries.
Furthermore, slapd doesn't call any Kerberos library functions itself.
There should be no reason for any Kerberos libraries to be directly
linked to slapd. The only supported use of Kerberos with slapd is
through the SASL GSSAPI mechanism, and that is all handled by Cyrus
SASL, slapd never touches any Kerberos APIs.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/