Red Hat Bugzilla – Bug 167537
Undefined symbol "krb5_init_ets" with MIT Kerberos v1.4
Last modified: 2007-11-30 17:07:20 EST
Description of problem:
OpenSSH in RHEL4 calls krb5_init_ets(). That function is no longer part of the
public API and hasn't been for many many years. In Kerberos v1.3 shipped with
RHEL4 the function just returns true without doing anything. The OpenSSH in
RHEL4 is still calling the function anyway.
In Kerberos v1.4 the function was removed entirely. The soname wasn't changed as
krb5_init_ets() isn't part of the public API.
Security policy in our environment dictates that must use Kerberos v1.4 on
RHEL4. Since OpenSSH sshd is calling that function it crashes.
It would be very helpful if the next errata release of OpenSSH for RHEL4 didn't
Please use the Support Issue tracker to report such feature requests for Red Hat
When you report it, mention this bugzilla bug number.
We have purchased RHEL4 ES. I don't believe the support issue tracker is
available to us.
With Standard Edition subscription type you should have access to it (probably
not with the Basic Edition).
I'm sorry but we don't support installing newer MIT Kerberos on existing RHEL
releases. Removing the function call would be probably trivial however all
updates done in RHEL must be properly requested, justified and tested by QE. If
you are installing a different/unsupported krb5 packages anyway it shouldn't be
a too big difference for you if you patched the openssh packages as well.