[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: conflict between heimdal and umich gssapi library and their consequences

"Kevin Coffman" <kwc@citi.umich.edu> writes:
> On 9/1/07, Russ Allbery <rra@stanford.edu> wrote:

>> I'm fairly sure that for right now Debian is just living with the
>> problem and conflicting the libraries.  That makes Heimdal almost
>> unusable in Debian since the UMich GSS-API indirection layer gets
>> pulled in by the NFSv4 support, which is part of standard.

>> I'm still of the opinion that UMich was at fault here and they need to
>> rename their GSS-API library to something else.  Heimdal was using that
>> library name first, and regardless of how much more "generic" they
>> think their indirection layer is, taking a shared library name that's
>> already in use is frankly rather rude.  Picking a different SONAME
>> version to start with clearly isn't sufficient, as we now see.

> I regret any inconvenience our libgssapi library has caused.  We used
> the obvious name and had no malicious intent.

Since I'm one of the people who have been particularly vocal in
complaining here, let me say publicly that I never thought there was any
malicious intent here at all, or anything other than an unfortunate
choice.  The name *is* an obvious one to use, and the Heimdal library had
a different SONAME originally, so they didn't conflict to start with.

Dealing with multiple libraries that implement the same API is difficult.
To some extent, although this is water way under the bridge at this point,
I have the same complaint about whichever was second between MIT Kerberos
and Heimdal (I think Heimdal, but I'm not positive and don't want to
assume) and the naming of libkrb5.  It would be nice if there were a
libkrb5_mit and libkrb5_heimdal or the like, although in that case at
least the SONAME versions are so far apart that they can be reasonably
expected to co-exist for a long time.

This sort of library name conflict looks relatively harmless from the
perspective that I had about five years ago, when I was compiling a lot of
software for different platforms locally and we were only using one
library or the other on a given system.  It turns out to make life rather
painful for distributions, though, and forces them to make unfortunate

> I will rename our library to libgssglue which will require a change in
> librpcsecgss and will require nfs-utils to be reconfigured and
> recompiled (no source changes required).  I will put out new versions on
> Tuesday.

Thank you very much for this.  I think this is the right solution in the
long run.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>