Red Hat Bugzilla – Bug 151251
rpcsvcgss depends on /usr/lib/libgssapi_krb5.so (krb5-devel)?
Last modified: 2007-11-30 17:11:01 EST
Description of problem:
rpc.svcgss tries to load /usr/lib/libgssapi_krb5.so which is part of krb5-devel.
Should this link be part of krb5-libs or should rpc.svcgss load
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. SECURE_NFS=yes in /etc/sysconfig/nfs
2. no krb5-devel
3. rpc.svcgss -f -v
can't open /usr/lib/libgssapi_krb5.so: /usr/lib/libgssapi_krb5.so: cannot open
shared object file: No such file or directory
gss_initialize fatal error: no mechanisms loaded!
WARNING: unable to locate function krb5_gss_internal_release_oid in krb5
mechanism library: there will be problems if multiple mechanisms are used!
This is still hapening in FC3test3
I meant "this is still happening in FC4test3"
Well actually /usr/lib/libgssapi_krb5.so part of the krb5-libs rpms which
should be installed by default... could you please check to see
if krb5-libs is installed. If not please do a 'yum install krb5-libs'
$ rpm -qf /usr/lib/libgssapi_krb5.so
It shows up as part of -devel.
Ok so the symbolic link shows up in -devel but the acutal library
show up in -libs
$ rpm -qf /usr/lib/libgssapi_krb5.so.2.2
Note that it was linked with "libgssapi_krb5.so.2" and yet it tries to load
"libgssapi_krb5.so". Maybe it's being dlopen'ed, that would explained why the
dependency was missed by rpmbuild.
# ldd /usr/sbin/rpc.svcgssd
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00c35000)
Since this is an FC4 bug, try upgrading to nfs-utils-1.0.7-6.
I removed the krb5-devel rpm on my FC4 machine and
rpc.svcgssd continue to work.
Still the same. Maybe you need to be part of a kerberos realm to trigger this
problem. I looked deeper into it and found out that "libgssapi_krb5.so" is
defined in the default /etc/gssapi_mech.conf. Editing the file fixes the problem.
The problem affects FC3 as well. If you decide to fix it, will a FC3 errata be
If the initializer function is listed as "mechglue_internal_krb5_init", then the
gssapi code in nfs-utils 1.0.7 actually ignores the shared library name, which
is why it works. In case we want to fix the cosmetic problem, I'm attaching a
somewhat hackish change to the .spec file which should work.
Created attachment 115892 [details]
change to spec file to compile a gssapi application against the krb5 gssapi libraries, and read the dependency from the result
Note that under x86_64 rpc.svcgssd doesn't work even with the devel rpm installed
since /etc/gssapi_mech.conf has a 32bit lib. RHEL4 has the same problem btw :)
Explicit dlopen. Seeing that the file '/etc/gssapi_mech.conf' has a line:
# The MIT K5 gssapi library, use special function for initialization.
Unfortunately, this is same both nfs-util.i386-RHEL4 and nfs-util.x86_64-RHEL4
A change to:
would solve the problem for x86_64 without krb5-devel present.
Thus, the /etc/gssapi_mech.conf should match the installed gss-library,
which may not always be the krb5-libs in the future. Manual configuration
is probably required. However, the x86_64 version should default to
the krb5-libs.x86_64 rather than to the *.i386.
This bug seems to be fixed in Fedora Core 5.