GSSAPI support in Cyrus SASL 2.x broken on FreeBSD

Hajimu UMEMOTO ume at mahoroba.org
Wed Apr 28 01:37:36 EDT 2010


Hi,

>>>>> On Mon, 26 Apr 2010 15:44:06 -0400
>>>>> Gerard Seibert <gerard at seibercom.net> said:

gerard> [1  <text/plain; US-ASCII (quoted-printable)>]
gerard> On Tue, 27 Apr 2010 02:16:11 +0900
gerard> Hajimu <ume at mahoroba.org> articulated:

> Hi,
> 
> >>>>> On Mon, 26 Apr 2010 12:21:13 -0400
> >>>>> Gerard Seibert <gerard at seibercom.net> said:
> 
> gerard> On Mon, 26 Apr 2010 11:43:44 -0400
> gerard> xenophon\\+cyrus-sasl <xenophon+cyrus-sasl at irtnog.org>
> gerard> articulated:
> 
> > Hey everybody,
> > 
> > Whenever I try to build Cyrus SASL (from FreeBSD's ports tree) with
> > GSSAPI enabled, autoconf returns the following errors.  I don't know
> > whether these are due to problems with FreeBSD, with FreeBSD's
> > package, or with Cyrus SASL.  Would someone point me in the right
> > direction?
> > 
> > configure:10594: checking for res_search in -lresolv
> > /usr/bin/ld: cannot find -lresolv
> > configure:10646: result: no
> 
> It should be okay.  FreeBSD doesn't have libresolv.
>  
> > configure:10674: checking for gss_unwrap in -lgssapi
> > /usr/lib/libhx509.so: undefined reference to `MD2_Init'
> > /usr/lib/libhx509.so: undefined reference to `MD2_Final'
> > /usr/lib/libhx509.so: undefined reference to `MD2_Update'
> > configure:10726: result: no
> > 
> > configure:11111: WARNING: Disabling GSSAPI - specified library not
> > found
> > 
> > I posted config.log to http://pastebin.com/fcBEqJN0 and
> > config.status to http://pastebin.com/hRabJUST.  The error about
> > res_search makes me suspect a problem with the configure script, as
> > res_search exists in libc on FreeBSD - there is no separate
> > resolver library.
> > 
> > I'd appreciate any help.
> 
> gerard> OK, I am running FreeBSD-8 /amd64 and have not experienced
> gerard> any problems.
> 
> gerard> I would strongly suggest that you contact the port maintainer:
> 
> gerard> 	ume at FreeBSD.org
> 
> gerard> Inform him of your problem, including the output of "uname
> gerard> -a" and any other relevant information that he might need.
> 
> No need to send me this issue.  I'm on this list. :-)

gerard> Sorry :-(

No problem.

> I cannot reproduce this issue, here.  Actually, I'm using GSSAPI, in
> usual.
> I found --with-openssl=/usr/local in your config log.  I suspect you
> are not using base version of OpenSSL but using ports one.  I don't
> try the ports version yet but it was updated to 1.0 recently.  There
> might be compatibility issue of OpenSSL.

gerard> I have the following in my "/etc/make.conf" file:

gerard> 	WITH_OPENSSL_PORT=yes

gerard> I am using the port version of OpenSSL.

gerard> $ openssl version
gerard> OpenSSL 1.0.0 29 Mar 2010

gerard> I have not experienced any problems.

It seems OpenSSL from ports was changed to not provide MD2 functions
by default, recently.

http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssl/Makefile#rev1.169

Perhaps, you are enabling MD2 by OPTIONS menu.
It means that OpenSSL from ports cannot be used with Heimdal in base
by default, anymore.  It seems bad idea, IMHO.
I've CC'ed to the maintainer of OpenSSL port.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/


More information about the Cyrus-sasl mailing list