From robert@fledge.watson.org  Fri Mar 13 22:42:51 1998
Received: from fledge.watson.org (robert@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA21365
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 13 Mar 1998 22:42:50 -0800 (PST)
          (envelope-from robert@fledge.watson.org)
Received: (from robert@localhost) by fledge.watson.org (8.8.8/8.6.10) id BAA27335; Sat, 14 Mar 1998 01:42:51 -0500 (EST)
Message-Id: <199803140642.BAA27335@fledge.watson.org>
Date: Sat, 14 Mar 1998 01:42:51 -0500 (EST)
From: robert@cyrus.watson.org
Reply-To: robert+freebsd@cyrus.watson.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: kadmin bug -- crypt not linked correctly, fails to work
X-Send-Pr-Version: 3.2

>Number:         5999
>Category:       bin
>Synopsis:       kadmin incorrectly linked in 2.2-STABLE
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    markm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 13 22:50:01 PST 1998
>Closed-Date:    Sun Mar 15 12:19:27 PST 1998
>Last-Modified:  Sun Mar 15 12:21:04 PST 1998
>Originator:     Robert Watson
>Release:        FreeBSD 2.2.5-STABLE i386
>Organization:
>Environment:
2.2-STABLE, KerberosIV

Using the KTH Kerberos4 recently added to FreeBSD.  KERBEROS4 defined in
/etc/make.conf.  Many machines.

>Description:

On attempting to use kadmin, get a linking error.  Specifically, DES is not
linked, so crypt cannot be used by Kerberos.  This is a serious error as
it is now not possible to create/delete/modify kerberos identities using the
kadmin administrative tool.  This is not ideal if you want to add a user, say.

>How-To-Repeat:

cyrus:~> kadmin
Welcome to the Kerberos Administration Program, version 2
Type "help" if you need it.
kadmin: get robert
/usr/libexec/ld.so: Undefined symbol "_crypt" called from kadmin:/usr/lib/libkrb.so.3.0 at 0x200412f8
cyrus:~> 

Any command that requires authentication fails.

>Fix:
	
In src/kerberosIV/usr.bin/kadmin/Makefile,

LDADD=          -L${ROKENOBJDIR} -lroken -L${SLOBJDIR} -lsl \
                -L${ACLOBJDIR} -lacl -L${KADMOBJDIR} -lkadm \
                -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \
                -ldes -lcom_err -lreadline

should read:

LDADD=          -L${ROKENOBJDIR} -lroken -L${SLOBJDIR} -lsl \
                -L${ACLOBJDIR} -lacl -L${KADMOBJDIR} -lkadm \
                -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \
                -ldes -lcrypt -lcom_err -lreadline

I have compiled and tested this change on my own machines.
I believe that -CURRENT also suffers from this problem, but have not
verified it on a recent version of -CURRENT (only until 980107).

>Release-Note:
>Audit-Trail:

From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
To: robert+freebsd@cyrus.watson.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/5999: kadmin bug -- crypt not linked correctly, fails to work 
Date: Sat, 14 Mar 1998 03:25:48 -0800

 > Using the KTH Kerberos4 recently added to FreeBSD.  KERBEROS4 defined in
 > /etc/make.conf.  Many machines.
 
 Known problem and several anguished emails to Mark Murray are
 outstanding without reply.  If I don't hear something back from him by
 Wednesday and no one else has an obvious fix, I'll back all of the K4
 changes out of -stable.  Due to a name change in make.conf, this was
 mistakenly not caught until fairly recently or I'd have dealt with it
 even before code freeze.
 
 					Jordan

From: Robert Watson <robert@cyrus.watson.org>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/5999: kadmin bug -- crypt not linked correctly, fails to work 
Date: Sat, 14 Mar 1998 09:35:20 -0500 (EST)

 On Sat, 14 Mar 1998, Jordan K. Hubbard wrote:
 
 > > Using the KTH Kerberos4 recently added to FreeBSD.  KERBEROS4 defined in
 > > /etc/make.conf.  Many machines.
 > 
 > Known problem and several anguished emails to Mark Murray are
 > outstanding without reply.  If I don't hear something back from him by
 > Wednesday and no one else has an obvious fix, I'll back all of the K4
 > changes out of -stable.  Due to a name change in make.conf, this was
 > mistakenly not caught until fairly recently or I'd have dealt with it
 > even before code freeze.
 
 Jordan,
 
 I believe I attached a patch to the email; it appears to work correctly
 here, as it just adds a -lcrypt to the kadmin Makefile.  When you say back
 out the K4 changes, do you mean pull out on the KTH upgrade for 2.2.6?  A
 better course of action would probably be to fix the Makefile.  A number
 of libraries and include files have changed in KTH, and are now in fact in
 a *standard* place unlike previous versions of FreeBSD :).  So many more
 things compile cleanly under KTH that it seems extremely worthwhile. :)
 The old Kerberos was also quite broken for multi-homed hosts due to a bug
 in the kerberos client libraries.  I believe the new libraries actually
 function correctly in that environment, which is quite a plus :).  Putting
 in -lcrypt seems a reasonable fix; it certainly breaks nothing, regardless
 of the code freeze.  Of course, you have no doubt heard *that* one before.
 
   Robert N Watson 
 
 Carnegie Mellon University http://www.cmu.edu/
 SafePort Network Services  http://www.safeport.com/
 robert@fledge.watson.org   http://www.watson.org/~robert/
 

From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/5999: kadmin bug -- crypt not linked correctly, fails to work 
Date: Sat, 14 Mar 1998 07:53:25 -0800

 > I believe I attached a patch to the email; it appears to work correctly
 > here, as it just adds a -lcrypt to the kadmin Makefile.  When you say back
 > out the K4 changes, do you mean pull out on the KTH upgrade for 2.2.6?  A
 
 Yes, I mean pull them out completely.  kadmin is only *one* of the
 multiple targets that fall over when I enabled this option in
 2.2-stable and, in fact, a good many things don't even _build_ much
 less link! :-(
 
 					Jordan

From: Robert Watson <robert@cyrus.watson.org>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/5999: kadmin bug -- crypt not linked correctly, fails to work 
Date: Sat, 14 Mar 1998 13:02:18 -0500 (EST)

 On Sat, 14 Mar 1998, Jordan K. Hubbard wrote:
 
 > > I believe I attached a patch to the email; it appears to work correctly
 > > here, as it just adds a -lcrypt to the kadmin Makefile.  When you say back
 > > out the K4 changes, do you mean pull out on the KTH upgrade for 2.2.6?  A
 > 
 > Yes, I mean pull them out completely.  kadmin is only *one* of the
 > multiple targets that fall over when I enabled this option in
 > 2.2-stable and, in fact, a good many things don't even _build_ much
 > less link! :-(
 
 Jordan,
 
 I don't seem to have any problems building that part of world here.  Could
 you provide me with the details and I can take a look?  I think it is in
 everyone's best interest to have KTH in 2.2.6.  Not as a default build, of
 course, but as a make.conf option, etc.
 
   Robert N Watson 
 
 Carnegie Mellon University http://www.cmu.edu/
 SafePort Network Services  http://www.safeport.com/
 robert@fledge.watson.org   http://www.watson.org/~robert/
 

From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/5999: kadmin bug -- crypt not linked correctly, fails to work 
Date: Sat, 14 Mar 1998 16:09:11 -0800

 Currently working this problem with Mark.  Now that he's reappeared, I
 feel a lot better about the chances of getting this resolved! :)
 
Responsible-Changed-From-To: freebsd-bugs->markm 
Responsible-Changed-By: markm 
Responsible-Changed-When: Sun Mar 15 10:23:13 PST 1998 
Responsible-Changed-Why:  
Kerberos is my baby. 
State-Changed-From-To: open->closed 
State-Changed-By: markm 
State-Changed-When: Sun Mar 15 12:19:27 PST 1998 
State-Changed-Why:  
Fixed. Thanks! 
>Unformatted:
