Bug 167537 - Undefined symbol "krb5_init_ets" with MIT Kerberos v1.4
Undefined symbol "krb5_init_ets" with MIT Kerberos v1.4
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2005-09-04 16:32 EDT by Dax Kelson
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-06 05:11:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dax Kelson 2005-09-04 16:32:20 EDT
Description of problem:

OpenSSH in RHEL4 calls krb5_init_ets(). That function is no longer part of the
public API and hasn't been for many many years. In Kerberos v1.3 shipped with
RHEL4 the function just returns true without doing anything. The OpenSSH in
RHEL4 is still calling the function anyway.

In Kerberos v1.4 the function was removed entirely. The soname wasn't changed as
krb5_init_ets() isn't part of the public API.

Security policy in our environment dictates that must use Kerberos v1.4 on
RHEL4. Since OpenSSH sshd is calling that function it crashes.

It would be very helpful if the next errata release of OpenSSH for RHEL4 didn't
call krb5_init_ets().
Comment 1 Tomas Mraz 2005-09-05 04:11:55 EDT
Please use the Support Issue tracker to report such feature requests for Red Hat
Enterprise Linux.

When you report it, mention this bugzilla bug number.
Comment 2 Dax Kelson 2005-09-05 22:22:53 EDT
We have purchased RHEL4 ES. I don't believe the support issue tracker is
available to us.
Comment 3 Tomas Mraz 2005-09-06 05:11:51 EDT
With Standard Edition subscription type you should have access to it (probably
not with the Basic Edition).

I'm sorry but we don't support installing newer MIT Kerberos on existing RHEL
releases. Removing the function call would be probably trivial however all
updates done in RHEL must be properly requested, justified and tested by QE. If
you are installing a different/unsupported krb5 packages anyway it shouldn't be
a too big difference for you if you patched the openssh packages as well.

Note You need to log in before you can comment on or make changes to this bug.