Bug 151251

Summary: rpcsvcgss depends on /usr/lib/libgssapi_krb5.so (krb5-devel)?
Product: [Fedora] Fedora Reporter: Charles Lopes <tjarls>
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: jukka.lehtonen, k.georgiou, mail, notting
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-24 23:56:37 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 171113    
Attachments:
Description Flags
change to spec file to compile a gssapi application against the krb5 gssapi libraries, and read the dependency from the result none

Description Charles Lopes 2005-03-16 07:57:23 EST
Description of problem:
rpc.svcgss tries to load /usr/lib/libgssapi_krb5.so which is part of krb5-devel.
Should this link be part of krb5-libs or should rpc.svcgss load
/usr/lib/libgssapi_krb5.so.3 instead.

Version-Release number of selected component (if applicable):
nfs-utils-1.0.6-52

How reproducible:
always

Steps to Reproduce:
1. SECURE_NFS=yes in /etc/sysconfig/nfs
2. no krb5-devel
3. rpc.svcgss -f -v
  
Actual results:
can't open /usr/lib/libgssapi_krb5.so: /usr/lib/libgssapi_krb5.so: cannot open
shared object file: No such file or directory
gss_initialize fatal error: no mechanisms loaded!

Expected results:
WARNING: unable to locate function krb5_gss_internal_release_oid in krb5
mechanism library: there will be problems if multiple mechanisms are used!
entering poll
Comment 1 Charles Lopes 2005-05-19 12:49:25 EDT
This is still hapening in FC3test3
Comment 2 Charles Lopes 2005-05-19 12:50:31 EDT
I meant "this is still happening in FC4test3"
Comment 5 Steve Dickson 2005-05-23 13:38:40 EDT
Well actually /usr/lib/libgssapi_krb5.so part of the krb5-libs rpms which 
should be installed by default... could you please check to see 
if krb5-libs is installed. If not please do a 'yum install krb5-libs'
Comment 6 Bill Nottingham 2005-05-23 13:58:08 EDT
$ rpm -qf /usr/lib/libgssapi_krb5.so
krb5-devel-1.4-3

It shows up as part of -devel.
Comment 7 Steve Dickson 2005-05-24 08:47:02 EDT
Ok so the symbolic link shows up in -devel but the acutal library 
show up in -libs

$ rpm -qf /usr/lib/libgssapi_krb5.so.2.2
krb5-libs-1.3.6-5
Comment 8 Charles Lopes 2005-05-24 09:21:51 EDT
Note that it was linked with "libgssapi_krb5.so.2" and yet it tries to load
"libgssapi_krb5.so". Maybe it's being dlopen'ed, that would explained why the
dependency was missed by rpmbuild.

# ldd /usr/sbin/rpc.svcgssd
..
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00c35000)
..
Comment 9 Steve Dickson 2005-05-24 10:43:16 EDT
Since this is an FC4 bug, try upgrading to nfs-utils-1.0.7-6. 
I removed the krb5-devel rpm on my FC4 machine and 
rpc.svcgssd continue to work. 
Comment 10 Charles Lopes 2005-05-25 05:35:33 EDT
Still the same. Maybe you need to be part of a kerberos realm to trigger this
problem. I looked deeper into it and found out that "libgssapi_krb5.so" is
defined in the default /etc/gssapi_mech.conf. Editing the file fixes the problem.
The problem affects FC3 as well. If you decide to fix it, will a FC3 errata be
available too?
Comment 11 Nalin Dahyabhai 2005-06-23 15:12:20 EDT
If the initializer function is listed as "mechglue_internal_krb5_init", then the
gssapi code in nfs-utils 1.0.7 actually ignores the shared library name, which
is why it works.  In case we want to fix the cosmetic problem, I'm attaching a
somewhat hackish change to the .spec file which should work.
Comment 12 Nalin Dahyabhai 2005-06-23 15:13:18 EDT
Created attachment 115892 [details]
change to spec file to compile a gssapi application against the krb5 gssapi libraries, and read the dependency from the result
Comment 13 Kostas Georgiou 2005-06-29 04:08:23 EDT
Note that under x86_64 rpc.svcgssd doesn't work even with the devel rpm installed
since /etc/gssapi_mech.conf has a 32bit lib. RHEL4 has the same problem btw :)




Comment 14 Jukka Lehtonen 2005-07-15 02:50:27 EDT
Explicit dlopen.  Seeing that the file '/etc/gssapi_mech.conf' has a line:

# The MIT K5 gssapi library, use special function for initialization.
/usr/lib/libgssapi_krb5.so     mechglue_internal_krb5_init
#

Unfortunately, this is same both nfs-util.i386-RHEL4 and nfs-util.x86_64-RHEL4

A change to:
/usr/lib64/libgssapi_krb5.so.2     mechglue_internal_krb5_init
would solve the problem for x86_64 without krb5-devel present.

Thus, the /etc/gssapi_mech.conf should match the installed gss-library,
which may not always be the krb5-libs in the future.  Manual configuration
is probably required.  However, the x86_64 version should default to
the krb5-libs.x86_64 rather than to the *.i386.
Comment 17 Joachim Selke 2006-04-05 15:21:58 EDT
This bug seems to be fixed in Fedora Core 5.