SASL problems with spnego on 8.0-BETA4

Rick Macklem rmacklem at
Mon Sep 21 15:21:13 UTC 2009

On Mon, 21 Sep 2009, George Mamalakis wrote:

[stuff snipped]
>> So, this fix obviates THAT reason for installing the Heimdal port.  If
>> George meets with similar success adding -lgssapi_spnego for his spnego
>> problem, I suggest that both libraries be added to the list in line 96
>> of /usr/bin/krb5-config prior to release of FreeBSD 8.0.
>> It doesn't look like this fix is as simple as submitting a patch to
>> krb5-config.  It looks like magic needs to happen somewhere in the base
>> kerberos build system.
>> I notice that the Heimdal port doesn't build the separate libraries and
>> everything seems to be included in libgssapi (which explains why sasl2
>> "works" when linked against the Heimdal port).
> Guys,
> I changed my /usr/bin/krb5-config's line 96 to include -lgssapi_spnego and 
> -lgssapi_krb5, and ever since both client and server work correctly!! Of 
> course I get some other error, but at least this must be a configuration 
> error :).
> So, to sum up:
> Still running on fbsd.8-BETA4, changed krb5-config to include the missing 
> libraries, recompiled cyrus-sasl-2.1.23 after I changed the krb5-config, 
> restarted openldap-sasl-server-2.4.18_1 and after performing an ldapsearch, 
> the client does not complain (and exits) about missing libraries, NOR does 
> the server crash on sasl authentication.
> Great job guys, thank you all very very much for your help! I posted my query 
> on the 17th of Sep. and in four days (weekend inclusive!) someone came up 
> with an answer that resolves my issue! Great job, once more, and thank you 
> all again!
Now, hopefully someone who understands enough about dynamic linking will
know if this is the correct fix for 8.0? (I'm going on a couple of weeks
vacation at the end of this week, so I won't be around to commit anything
and don't understand it well enough to know if this is the correct way
to fix it.)

So, hopefully someone else can pick this one up?

Thanks for testing it, rick

More information about the freebsd-stable mailing list