Solaris, SEAM krb5, and com_err

[Michael Bacon]

This is not so much a problem with Cyrus but a cautionary tale about using 
Solaris's SEAM implementation of com_err.  I'd be curious if anyone else 
has run into the same problem.

After building it in initially and designing our new murder cluster to use 
GSSAPI for all inter-host communication, catastrophically bad performance 
on the part of the krb5 authorization module when built with SEAM caused us 
to abandon it for PLAIN+TLS for now.  However, I still had the krb5 code 
built into the binaries.  On these builds, everything worked properly, 
except that our error codes didn't work right -- at the successful 
completion of a command, we'd get "<tag> OK Unknown code 54" and so forth.

This drove me crazy trying to debug, before I finally realized that while 
autoconf had built everything using the Cyrus com_err distribution, Sun, in 
their infinite wisdom, put a partial, broken version of com_err directly 
into libkrb5.so.  I'm not sure why the linker didn't catch the multiple 
versions of com_err and error_message (perhaps because one was dynamic and 
one was static).  However, the result is that while the error tables were 
generated to the Cyrus com_err spec, functions like error_message were 
getting overridden by the ghost versions in libkrb5.

Is anyone successfully using Solaris 10+SEAM for krb5?

Thanks,
Michael Bacon
ITS Messaging
UNC Chapel Hill