Re: [PATCH] rpc.gssd: Links directly with libgssapi_krb5 which not needed.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 26, 2012 at 4:50 PM, Steve Dickson <SteveD@xxxxxxxxxx> wrote:
>
>
> On 01/26/2012 03:30 PM, J. Bruce Fields wrote:
>> On Thu, Jan 26, 2012 at 03:07:41PM -0500, Steve Dickson wrote:
>>> rpc.gssd and rpc.svcgssd both link with the libgssapi_krb5 and
>>> libgssglue libraries which is not needed since libgssglue
>>> will dynamically load the gssapi interface defined in the
>>> /etc/gssapi_mech.conf. Most likely the libgssapi_krb5 library.
>>>
>>> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
>>> ---
>>>  aclocal/kerberos5.m4 |    2 +-
>>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4
>>> index dfa5738..7574e2d 100644
>>> --- a/aclocal/kerberos5.m4
>>> +++ b/aclocal/kerberos5.m4
>>> @@ -31,7 +31,7 @@ AC_DEFUN([AC_KERBEROS_V5],[
>>>      fi
>>>      if test "$K5CONFIG" != ""; then
>>>        KRBCFLAGS=`$K5CONFIG --cflags`
>>> -      KRBLIBS=`$K5CONFIG --libs gssapi`
>>> +      KRBLIBS=`$K5CONFIG --libs`
>>
>> OK, so that's gathering krb5-config output which gives us the list of -l
>> switches we need to link in kerberos libraries, and removing the
>> "gssapi" argument has the effect of removing "-lgssapi_krb5" from the
>> output.
> Right...
>
>>
>> Ack, I guess, except: I'm a little confused why we want to link with
>> *any* kerberos libraries, if rpc.gssd and rpc.svcgssd are supposed to
>> themselves be completely mechanism-independent and are supposed to
>> dlopen() aything they need for kerberos.
> Well when they are not liked with any kerberos libs the following
> are undefined http://fpaste.org/rWOR/
>
> I'm treading on a thin ice here but I'm thinking those undefines are
> not part the gssapi. Only the gssapi routines are dynamically linked.
>
> Thanks for the time!

Most of those functions are dealing with finding credentials caches
and keytabs and examining them.  (Trying to pick the right credential
cache to use, and trying to find the right keytab entry to use...)  As
Steve said, those are strictly Kerberos functions, not GSSAPI.

K.C.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux