From ohartman@edda.physik.uni-mainz.de  Sat Dec 28 04:33:49 2002
Return-Path: <ohartman@edda.physik.uni-mainz.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 40B8637B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 28 Dec 2002 04:33:49 -0800 (PST)
Received: from edda.physik.uni-mainz.de (edda.Physik.Uni-Mainz.DE [134.93.180.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D62143ED4
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 28 Dec 2002 04:33:48 -0800 (PST)
	(envelope-from ohartman@edda.physik.uni-mainz.de)
Received: from edda.physik.uni-mainz.de (localhost [127.0.0.1])
	by edda.physik.uni-mainz.de (8.12.6/8.12.5) with ESMTP id gBSCXlSx054983
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 28 Dec 2002 13:33:47 +0100 (CET)
	(envelope-from ohartman@edda.physik.uni-mainz.de)
Received: (from ohartman@localhost)
	by edda.physik.uni-mainz.de (8.12.6/8.12.6/Submit) id gBSCXkE6054982;
	Sat, 28 Dec 2002 13:33:46 +0100 (CET)
Message-Id: <200212281233.gBSCXkE6054982@edda.physik.uni-mainz.de>
Date: Sat, 28 Dec 2002 13:33:46 +0100 (CET)
From: "O. Hartmann" <ohartman@edda.physik.uni-mainz.de>
Reply-To: "O. Hartmann" <ohartman@edda.physik.uni-mainz.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: KERBEROS IV and KERBEROS V makes PicoBSD broken
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         46575
>Category:       misc
>Synopsis:       KERBEROS IV and KERBEROS V makes PicoBSD broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-small
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 28 04:40:09 PST 2002
>Closed-Date:    Tue Jul 22 00:50:34 PDT 2003
>Last-Modified:  Tue Jul 22 00:50:34 PDT 2003
>Originator:     O. Hartmann
>Release:        FreeBSD 4.7-RELEASE-p2 i386
>Organization:
IPA - Institut fuer Physik der Atmosphaere/Institute for Physics of the Atmosphere
		Johannes Gutenberg Universitaet, Mainz, BRD
>Environment:
System: FreeBSD edda.physik.uni-mainz.de 4.7-RELEASE-p2 FreeBSD 4.7-RELEASE-p2 #124: Fri Nov 22 19:32:36 CET 2002 root@edda.physik.uni-mainz.de:/usr/local/obj/usr/src/sys/EDDA i386


	
>Description:
	Enabling both "MAKE_KERBEROS4= yes" and "MAKE_KERBEROS5= yes"
	in /etc/make.conf results in a broken PicoBSD build process. While
	only "MAKE_KERBEROS5= yes" is enabled an no KERBEROS IV libraries 
	are present, PicoBSD builds well as known (both custom environment and
	prepared examples in /usr/src/releaese/picobsd, e.g. bridge).
	When enabling both Kerberos tags in /etc/make.conf to get full Kerberos
	functionality, it is not possible to build either a custom PicoBSD
	environment or one of the prepared examples.
	After the kernel has been built the binary, crunched image of all
	configured utilities is built an at this point an error occurs.
	The error depends on the used config. I use bridge, commenting
	out 'telnet' and 'ssh1' in crunch.conf, remove commnets on the
	cd9660 stuff, that's all. The error says pwd.o lacks in some
	functions not found and I guess several libraries do not get included.
	This is the error while compiling a PicoBSD environment from 'bridge':

	cc -static -o crunch1 crunch1.o init.lo fsck.lo ifconfig.lo sh.lo echo.lo pwd.lo mkdir.lo rmdir.lo chmod.lo chown.lo mv.lo
	ln.lo mount.lo minigzip.lo cp.lo rm.lo ls.lo kill.lo df.lo ps.lo ns.lo vm.lo cat.lo test.lo tr.lo time.lo hostname.lo
	login.lo getty.lo stty.lo w.lo msg.lo reboot.lo sysctl.lo swapon.lo pwd_mkdb.lo dev_mkdb.lo umount.lo mount_std.lo du.lo
	tail.lo tee.lo passwd.lo sleep.lo basename.lo expr.lo route.lo ee.lo arp.lo disklabel.lo fdisk.lo vnconfig.lo grep.lo
	date.lo mount_nfs.lo ping.lo ipfw.lo traceroute.lo -L/usr/lib -lncurses -ledit -lutil -lmd -lcrypt -lmp -lgmp -lm -lkvm
	-lmytinfo -lipx -lz -lpcap -lwrap -ltermcap -lgnuregex
	passwd.lo: In function `main':
	passwd.lo(.text+0x5f1): undefined reference to `krb_get_lrealm'
	passwd.lo: In function `krb_passwd':
	passwd.lo(.text+0x1549): undefined reference to `tkt_string'
	passwd.lo(.text+0x154f): undefined reference to `krb_get_tf_fullname'
	passwd.lo(.text+0x15a3): undefined reference to `krb_get_lrealm'
	passwd.lo(.text+0x15b2): undefined reference to `krb_get_default_realm'
	passwd.lo(.text+0x15d7): undefined reference to `kname_parse'
	passwd.lo(.text+0x15ea): undefined reference to `krb_err_txt'
	passwd.lo(.text+0x1616): undefined reference to `krb_get_lrealm'
	passwd.lo(.text+0x1625): undefined reference to `krb_get_default_realm'
	passwd.lo(.text+0x163c): undefined reference to `k_isname'
	passwd.lo(.text+0x1675): undefined reference to `k_isinst'
	passwd.lo(.text+0x16b2): undefined reference to `k_isrealm'
	passwd.lo(.text+0x179b): undefined reference to `krb_set_tkt_string'
	passwd.lo(.text+0x17d6): undefined reference to `kadm_init_link'
	passwd.lo(.text+0x17fb): undefined reference to `kadm_change_pw'
	passwd.lo(.text+0x1817): undefined reference to `com_err'
	passwd.lo(.text+0x1849): undefined reference to `dest_tkt'
	passwd.lo: In function `get_pw_new_key':
	passwd.lo(.text+0x1884): undefined reference to `krb_get_lrealm'
	passwd.lo(.text+0x18f3): undefined reference to `des_read_pw_string'
	passwd.lo(.text+0x193f): undefined reference to `krb_get_pw_in_tkt'
	passwd.lo(.text+0x196e): undefined reference to `krb_err_txt'
	passwd.lo(.text+0x1a0d): undefined reference to `des_read_pw_string'
	passwd.lo(.text+0x1a75): undefined reference to `des_string_to_key'
	passwd.lo: In function `go_home':
	passwd.lo(.text+0x1ab0): undefined reference to `dest_tkt'
	*** Error code 1

	The same I get after doing slight modifications to bridge an rename
	it to 'bastion'. Trying to add libraries by adding a line in crunch.conf
	like
	libs -ldes -lkrb -lkrb5 -lcom_err -lpam -lrpcsvc -lcrypto -lkadm -lkadm5clnt -lkadm5srv
	results also in errors (strnlen seems to be not found but this is
	in libc, curious ....).
>How-To-Repeat:
	Take a fresh installation of FreeBSD 4.7-RELEASE-p2 without Kerberos.
	Compile 'world' with "MAKE_KERBEROS5= yes" enabled in /etc/make.conf.
	Then try to compile /usr/src/release/picobsd/bridge with
	'picobsd -v -n bridge' after you have done modifications to crunch.conf
	in ./bridge/crunch.conf (comment out ssh stuff).

	Then make world when "MAKE_KERBEROS5= yes" and "MAKE_KERBEROS4= yes"
	are enabled in /etc/make.conf and try again building PicoBSD using
	'bridge'. It should now not work.
>Fix:

	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-small 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Jul 14 03:47:35 PDT 2003 
Responsible-Changed-Why:  
Assign to PicoBSD developers 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46575 
State-Changed-From-To: open->closed 
State-Changed-By: luigi 
State-Changed-When: Tue Jul 22 00:48:32 PDT 2003 
State-Changed-Why:  
picobsd has several limitations, you just hit one of them. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=46575 
>Unformatted:
