Confirmed - it appears to be linked into libgssapi_krb5.so and libkrb5.so, which in Debian is provided by libgssapi-krb5-2 and libkrb5-3, which are both direct dependency of the openssh-server package. The link chain goes like so sshd <- libkrb5.so <- libkeyutils.so It's in RHEL as far back at least 5.4 (while it exists in 4.6 it's not linked into ssh), keyutils-libs is a dependency of krb5-libs - so it's still an indirect dependency of the openssh-server package. On Fri, Mar 21, 2014 at 7:04 AM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>wrote: > On Fri 2014-03-21 03:35:20 -0400, Damien Miller <djm@xxxxxxxxxxx> wrote: > > What is libkeyutils.so? Is it linked to by some vendor patch? AFAIK > > pristine OpenSSH never links to it. > > It's for the Linux kernel's stored-key API. > > From debian: > > Package: libkeyutils1 > Source: keyutils > Version: 1.5.6-1 > Installed-Size: 20 > Maintainer: Luk Claes <luk@xxxxxxxxxx> > Architecture: amd64 > Depends: libc6 (>= 2.14) > Pre-Depends: multiarch-support > Description-en: Linux Key Management Utilities (library) > Keyutils is a set of utilities for managing the key retention facility in > the > kernel, which can be used by filesystems, block devices and more to gain > and > retain the authorization and encryption keys required to perform secure > operations. > . > This package provides a wrapper library for the key management facility > system > calls. > Description-md5: 5c4d88a0a818e5ef897f2a9fa5c3ac2d > Multi-Arch: same > Homepage: http://people.redhat.com/~dhowells/keyutils/ > Tag: implemented-in::c, role::shared-lib > Section: libs > Priority: standard > Filename: pool/main/k/keyutils/libkeyutils1_1.5.6-1_amd64.deb > Size: 8758 > MD5sum: cec68a56387ef750ca89716761f59ed2 > SHA1: fd7b6baa5aca294775ef8f9c51e65e003d641ed9 > SHA256: b8f0d88776c44d59d30528d8ef81dba3a2519a53b71c8fe915a406f2e7a49bf1 > > It is a reverse dependency of libkrb5-3 and other k5 libraries, so it's > brought in by the gssapi vendor patchset, i think. > > hth, > > --dkg > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev