Bug 151251 - rpcsvcgss depends on /usr/lib/libgssapi_krb5.so (krb5-devel)?
Summary: rpcsvcgss depends on /usr/lib/libgssapi_krb5.so (krb5-devel)?
Alias: None
Product: Fedora
Classification: Fedora
Component: nfs-utils (Show other bugs)
(Show other bugs)
Version: 4
Hardware: All Linux
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Ben Levenson
Depends On:
Blocks: 171113
TreeView+ depends on / blocked
Reported: 2005-03-16 12:57 UTC by Charles Lopes
Modified: 2007-11-30 22:11 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-25 03:56:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
change to spec file to compile a gssapi application against the krb5 gssapi libraries, and read the dependency from the result (1.68 KB, patch)
2005-06-23 19:13 UTC, Nalin Dahyabhai
no flags Details | Diff

Description Charles Lopes 2005-03-16 12:57:23 UTC
Description of problem:
rpc.svcgss tries to load /usr/lib/libgssapi_krb5.so which is part of krb5-devel.
Should this link be part of krb5-libs or should rpc.svcgss load
/usr/lib/libgssapi_krb5.so.3 instead.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. SECURE_NFS=yes in /etc/sysconfig/nfs
2. no krb5-devel
3. rpc.svcgss -f -v
Actual results:
can't open /usr/lib/libgssapi_krb5.so: /usr/lib/libgssapi_krb5.so: cannot open
shared object file: No such file or directory
gss_initialize fatal error: no mechanisms loaded!

Expected results:
WARNING: unable to locate function krb5_gss_internal_release_oid in krb5
mechanism library: there will be problems if multiple mechanisms are used!
entering poll

Comment 1 Charles Lopes 2005-05-19 16:49:25 UTC
This is still hapening in FC3test3

Comment 2 Charles Lopes 2005-05-19 16:50:31 UTC
I meant "this is still happening in FC4test3"

Comment 5 Steve Dickson 2005-05-23 17:38:40 UTC
Well actually /usr/lib/libgssapi_krb5.so part of the krb5-libs rpms which 
should be installed by default... could you please check to see 
if krb5-libs is installed. If not please do a 'yum install krb5-libs'

Comment 6 Bill Nottingham 2005-05-23 17:58:08 UTC
$ rpm -qf /usr/lib/libgssapi_krb5.so

It shows up as part of -devel.

Comment 7 Steve Dickson 2005-05-24 12:47:02 UTC
Ok so the symbolic link shows up in -devel but the acutal library 
show up in -libs

$ rpm -qf /usr/lib/libgssapi_krb5.so.2.2

Comment 8 Charles Lopes 2005-05-24 13:21:51 UTC
Note that it was linked with "libgssapi_krb5.so.2" and yet it tries to load
"libgssapi_krb5.so". Maybe it's being dlopen'ed, that would explained why the
dependency was missed by rpmbuild.

# ldd /usr/sbin/rpc.svcgssd
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00c35000)

Comment 9 Steve Dickson 2005-05-24 14:43:16 UTC
Since this is an FC4 bug, try upgrading to nfs-utils-1.0.7-6. 
I removed the krb5-devel rpm on my FC4 machine and 
rpc.svcgssd continue to work. 

Comment 10 Charles Lopes 2005-05-25 09:35:33 UTC
Still the same. Maybe you need to be part of a kerberos realm to trigger this
problem. I looked deeper into it and found out that "libgssapi_krb5.so" is
defined in the default /etc/gssapi_mech.conf. Editing the file fixes the problem.
The problem affects FC3 as well. If you decide to fix it, will a FC3 errata be
available too?

Comment 11 Nalin Dahyabhai 2005-06-23 19:12:20 UTC
If the initializer function is listed as "mechglue_internal_krb5_init", then the
gssapi code in nfs-utils 1.0.7 actually ignores the shared library name, which
is why it works.  In case we want to fix the cosmetic problem, I'm attaching a
somewhat hackish change to the .spec file which should work.

Comment 12 Nalin Dahyabhai 2005-06-23 19:13:18 UTC
Created attachment 115892 [details]
change to spec file to compile a gssapi application against the krb5 gssapi libraries, and read the dependency from the result

Comment 13 Kostas Georgiou 2005-06-29 08:08:23 UTC
Note that under x86_64 rpc.svcgssd doesn't work even with the devel rpm installed
since /etc/gssapi_mech.conf has a 32bit lib. RHEL4 has the same problem btw :)

Comment 14 Jukka Lehtonen 2005-07-15 06:50:27 UTC
Explicit dlopen.  Seeing that the file '/etc/gssapi_mech.conf' has a line:

# The MIT K5 gssapi library, use special function for initialization.
/usr/lib/libgssapi_krb5.so     mechglue_internal_krb5_init

Unfortunately, this is same both nfs-util.i386-RHEL4 and nfs-util.x86_64-RHEL4

A change to:
/usr/lib64/libgssapi_krb5.so.2     mechglue_internal_krb5_init
would solve the problem for x86_64 without krb5-devel present.

Thus, the /etc/gssapi_mech.conf should match the installed gss-library,
which may not always be the krb5-libs in the future.  Manual configuration
is probably required.  However, the x86_64 version should default to
the krb5-libs.x86_64 rather than to the *.i386.

Comment 17 Joachim Selke 2006-04-05 19:21:58 UTC
This bug seems to be fixed in Fedora Core 5.

Note You need to log in before you can comment on or make changes to this bug.