Re: pam_krb5.so.1 on Solaris 7

On Wed, 2001-12-05 at 04:51, Ivan Popov wrote:
> On Wed, 5 Dec 2001, Shaun McCullagh,,, wrote:
> > I've put this at the top of my login stack in pam.conf:
> >
> > 	login	auth	required /usr/lib/security/pam_krb5.so.1 debug
> Shouldn't it be
>   	login	auth	required pam_krb5.so.1 debug
> instead?

No it shouldn't.  The syntax that Shaun lists is correct.

Are you sure that what you compiled is a shared library?  When you do
"file /usr/lib/security/pam_krb5.so.1" it should say "dynamic lib" in
the output...

$ file  /usr/lib/security/pam_krb5_freeware.so.1 
/usr/lib/security/pam_krb5_freeware.so.1:	ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped

Next verify that it is finding all the other libraries that it needs. 
This verifies that LD_LIBRARY_PATH is unset, just as it is when login

$ env LD_LIBRARY_PATH= ldd pam_krb5_freeware.so.1 
	libgssapi_krb5.so.2 =>	 /opt/MITkrb5/lib/libgssapi_krb5.so.2
	libgssrpc.so.3 =>	 /opt/MITkrb5/lib/libgssrpc.so.3
	libkrb4.so.2 =>	 /opt/MITkrb5/lib/libkrb4.so.2
	libdes425.so.3 =>	 /opt/MITkrb5/lib/libdes425.so.3
	libkrb5.so.3 =>	 /opt/MITkrb5/lib/libkrb5.so.3
	libk5crypto.so.3 =>	 /opt/MITkrb5/lib/libk5crypto.so.3
	libcom_err.so.3 =>	 /opt/MITkrb5/lib/libcom_err.so.3
	libdl.so.1 =>	 /usr/lib/libdl.so.1
	libcrypt_i.so.1 =>	 /usr/lib/libcrypt_i.so.1
	libresolv.so.2 =>	 /usr/lib/libresolv.so.2
	libnsl.so.1 =>	 /usr/lib/libnsl.so.1
	libsocket.so.1 =>	 /usr/lib/libsocket.so.1
	libc.so.1 =>	 /usr/lib/libc.so.1
	libpam.so.1 =>	 /usr/lib/libpam.so.1
	libdyn.so.1 =>	 /opt/MITkrb5/lib/libdyn.so.1
	libgen.so.1 =>	 /usr/lib/libgen.so.1
	libmp.so.2 =>	 /usr/lib/libmp.so.2

If ldd does not list out the paths to all the libraries that it needs,
you will need to relink pam_krb5 using the -R flag to tell the linker to
use an alternative runtime link path.  With pam_krb5 1.31, I simply ran
configure as:

    ./configure --with-krb5=/opt/MITkrb5


