OpenSSH/kerberos compile problem.

From: Mark Hannessen (mark_at_nperfection.com)
Date: 07/06/05

  • Next message: Mojito Jones: "RE: shutting down dictionary attacks" 
    To: secureshell@securityfocus.com
Date: Wed, 6 Jul 2005 19:58:51 +0200

    hi list,

    I am trying to compile openssh (4.1p1) with kerberos5 support.
    ./configure --prefix=/usr --with-kerberos5

    I am running the following system:
    LFS linux 5.0
    gcc (GCC) 3.4.3
    glibc 2.3.2
    MIT Kerberos 1.4.1

    configure runs fine, no errors, but sometime after running "make" it dies with
    the following error.

    gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
    sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
    auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o
    auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o
    auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o
    auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o
    auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o -L. -Lopenbsd-compat/  
    -L/usr/local/lib -lssh -lopenbsd-compat   -lresolv -lcrypto -lutil -lz -lnsl  
    -lcrypt -lgssapi -lkrb5 -lk5crypto -lcom_err
    gss-serv.o: In function `ssh_gssapi_getclient':
    /tmp/openssh-4.0p1/gss-serv.c:218: undefined reference to `gss_export_name'
    gss-serv-krb5.o: In function `ssh_gssapi_krb5_storecreds':
    /tmp/openssh-4.0p1/gss-serv-krb5.c:183: undefined reference to
    `gss_krb5_copy_ccache'
    collect2: ld returned 1 exit status
    make: *** [sshd] Error 1

    anyone any idea what might cause this problem?
    I already tries reinstalling the kerberos library's and updating them to the
    latest version. but it didn't seem to help.

    Mark Hannessen.

  • Next message: Mojito Jones: "RE: shutting down dictionary attacks"

    Relevant Pages

    • Re: pam_krb5-3.5 on AIX / gcc: -b must come at the start of the command line
      ... compiler used to build Kerberos. ... build on gcc I opted to struggle through the build using gcc. ... maintain my own branch of kerberos libraries my boxen. ... want to minimize the dependencies of the resulting binaries. ...
      (comp.protocols.kerberos)
    • Re: pam_krb5-3.5 on AIX / gcc: -b must come at the start of the command line
      ... compiler used to build Kerberos. ... I built kerberos with IBM C and used gcc for the pam_krb5 module. ... maintain my own branch of kerberos libraries my boxen. ... want to minimize the dependencies of the resulting binaries. ...
      (comp.protocols.kerberos)
    • pam_krb5-3.5 on AIX / gcc: -b must come at the start of the command line
      ... gcc: '-b' must come at the start of the command line ... I've found various references to this issue on other applications that ... resolved in kerberos around version 1.3 or so; ... kerberos server, only the AD gives it troubles. ...
      (comp.protocols.kerberos)
    • pam_krb5-3.5 on AIX / gcc: -b must come at the start of the command line
      ... I am attempting to build pam_krb5-3.5 on AIX 5.3 with gcc 4.0.0 and I'm running into some type of gcc error: ... I've found various references to this issue on other applications that pointed to errors with linker flags and what-not, nothing I found seemed applicable to my problem. ... From what I have read it appears this was a known issue with AD switching from udp to tcp for users with large numbers of groups and was resolved in kerberos around version 1.3 or so; my older libraries would seem to be suspect. ... Otherwise it does work when talking to a native kerberos server, only the AD gives it troubles. ...
      (comp.protocols.kerberos)
    • Re: Windows 2008 Trust To MIT Kerberos Server
      ... What method did you use to point your client to the MIT realm? ... However my point is that there is no traffic happening between my Active Directory Server and the MIT Kerberos Server. ... I can connect between the AD and MIT Kerberos server using other protocols like RDP and SSH as well as ping both directions but Windows is never requesting a TGT from the MIT Kerberos Server. ...
      (microsoft.public.windows.server.active_directory)