[5423] in Release_7.7_team
Notes on building with RHEL 4 native Kerberos
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Mar 7 18:21:30 2006
Date: Tue, 7 Mar 2006 18:20:41 -0500
Message-Id: <200603072320.k27NKfoA011681@egyptian-gods.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-team@MIT.EDU
X-Spam-Score: 1.217
X-Spam-Level: * (1.217)
X-Spam-Flag: NO
I set up an Athena build and removed third/krb5 from the packages
list. For good measure, I took out third/cyrus-sasl. Here are my
notes:
* We would need to install cyrus-sasl-gssapi, cyrus-sasl-devel,
krb5-workstation, and krb5-devel, of course.
* We would need to add -I/usr/include/kerberosIV and
-L/usr/lib/kerberosIV in config.site for stuff using krb4.
* The native Kerberos headers include <et/com_err.h>, which gets the
native com_err headers from e2fsprogs-devel. This header
conflicts with the Athena com_err header, so anything which
includes <krb5.h> and <com_err.h> breaks. We could install a
/usr/athena/include/et -> . symlink, but in the interests of going
further down the rabbit hole, I removed athena/lib/et and
athena/lib/ss from the packages file.
* Several programs (xlogin, cleanup, quota, attach, delete) couldn't
build because they picked up the afsws com_err with the Athena one
missing. Most of these build issues could be resolved by
performing the AFS check after the krb5 check and adding -lafsrpc
-lpthread to the AFS library list, so that the afsws com_err would
work. However, delete wouldn't build in this fashion because the
native compile_et makes use of _et_list, which is a private symbol
in the afsws com_err library.
Another workaround is to link explicitly with
/usr/lib/libcom_err.so, or to add -L/usr/lib to the link line.
Either of those is ugly at best and problematic at worst, but I
think the first may be a better answer than using the AFS com_err
because of the _et_list issue.
* athena/bin/discuss lost due to the prototypes in the native
com_err.h. I've already submitted fixes for this, as there were
some genuine bugs in there.
* third/afs-krb5 had its own definition of add_to_error_table as a
workaround, but this conflicts with the add_to_error_table in the
native com_err library, so I had to disable it.
* third/xscreensaver and third/openssh needed configure.athena
adjustments.
So, nothing too major. I didn't do any runtime testing of the
resulting build, figuring I could fold that into the 9.9 work. I do
need to inventory our local changes to krb5 (like the "any" keytab
type) to figure out what we'll have to do differently.