two kerberos impls are used by samba now
Michael Tokarev
mjt at tls.msk.ru
Sun Sep 10 20:12:28 UTC 2023
10.09.2023 22:48, Andrew Bartlett wrpte:
> On Fri, 2023-09-08 at 22:04 +0300, Michael Tokarev via samba-technical wrote:
>> FWIW.
>>
>> Just noticed that all samba executables on debian (built with
>> internal heimdal) are linked with *two* sets of kerberos libs.
>>
>> This is due to libtirpc, which is a replacement for the former
>> in-glibc RPC code, which uses libgssapi-krb5.
>>
>> This should not be specific to debian but rather specific to
>> glibc.
>>
>> Wonder how common symbols from two krb5 don't clash...
>
> This is related to your other post, due to the symbol versions, as I understand it :-)
Unfortunately it is not. Only symbols from public libraries with
stable ABI are versioned in samba. Symbols in private libraries,
including internal copy of heimdal, are not versioned. This is
why we had named crashing due to some dns function name clash.
And two krb5 implementations are using quite a lot of common symbols.
It looks like no one come across a good crash yet because tirpc is
rarely used with nfs + kerberos together with samba. I guess once
someone will try to use it with krb5+nfs, it will crash left and
right.
/mjt
More information about the samba-technical
mailing list