Kerberos V5 installation guide lists requirements and installing steps for MIT Kerberos on UNIX platform. Howerver, when I followed it on AIX 5.3, several issues were encountered. Here is a recap what happened and how I fixed it.
The steps to build
– Extract the source into the following folder:
<kerberos>/krb5-1.8.2
where <kerberos> is a folder to which the login user has full access.
– Run the following command as stated in the installation guide:
cd <kerberos>/krb5-1.8.2/src ./configure make
The error
The make process ran successfully for many folders, but it eventually failed and stopped with the following error:
making all in lib/rpc/unit-test...
Target "all" is up to date.
cc -I../../../include -I../../../include -I. -DKRB5_DEPRECATED=1 \
-g -qhalt=e -O -D_THREAD_SAFE -c client.c
cc -I../../../include -I../../../include -I. -DKRB5_DEPRECATED=1 \
-g -qhalt=e -O -D_THREAD_SAFE -c rpc_test_clnt.c
cc -L../../../lib -blibpath:/usr/local/lib::/usr/lib:/lib -g -qhalt=e \
-O -D_THREAD_SAFE -o client client.o rpc_test_clnt.o \
-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
ld: 0706-006 Cannot find or open library file: -l gssrpc
ld:open(): No such file or directory
ld: 0706-006 Cannot find or open library file: -l gssapi_krb5
ld:open(): No such file or directory
ld: 0706-006 Cannot find or open library file: -l krb5
ld:open(): No such file or directory
ld: 0706-006 Cannot find or open library file: -l k5crypto
ld:open(): No such file or directory
ld: 0706-006 Cannot find or open library file: -l com_err
ld:open(): No such file or directory
ld: 0706-006 Cannot find or open library file: -l krb5support
ld:open(): No such file or directory
make: The error code from the last command is 255.
Stop.
make: The error code from the last command is 1.
Stop.
make: The error code from the last command is 1.
Stop.
make: The error code from the last command is 1.
Stop.
The fix to ld: 0706-006 Cannot find or open library file
After searching the Internet, I found the problem was reported several times, but it seemed no definitive fix to it until I saw the following one KRB5 1.5 or 1.6 compiled on AIX 5.2/5.3, where Matthew Andrews stated “the real reason the link step is failing without -brtl”. Taking Matthew’s advice and I modified a bit Makefile under <kerberos>/krb5-1.8.2/src/lib/rpc/unit-test from
KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) \
$(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
to
KRB5_BASE_LIBS = -brtl $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) \
$(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
Then the error was gone!
Extra errors
With the fix in place, the make process could move on for many folders. However, similar errors occurred within other folders as well. Totally I have found the following folders would give the trouble:
<kerberos>/krb5-1.8.2/src/lib/rpc/unit-test/ <kerberos>/krb5-1.8.2/src/appl/sample/sclient/ <kerberos>/krb5-1.8.2/src/appl/sample/sserver/ <kerberos>/krb5-1.8.2/src/appl/simple/server/ <kerberos>/krb5-1.8.2/src/appl/simple/client/ <kerberos>/krb5-1.8.2/src/appl/gss-sample/ <kerberos>/krb5-1.8.2/src/appl/user_user/ <kerberos>/krb5-1.8.2/src/kdc/ <kerberos>/krb5-1.8.2/src/clients/ksu/ <kerberos>/krb5-1.8.2/src/clients/kdestroy/ <kerberos>/krb5-1.8.2/src/clients/klist/ <kerberos>/krb5-1.8.2/src/clients/kpasswd/ <kerberos>/krb5-1.8.2/src/clients/kvno/ <kerberos>/krb5-1.8.2/src/clients/kinit/ <kerberos>/krb5-1.8.2/src/tests/resolve/ <kerberos>/krb5-1.8.2/src/tests/asn.1/ <kerberos>/krb5-1.8.2/src/tests/gss-threads/ <kerberos>/krb5-1.8.2/src/tests/gssapi/ <kerberos>/krb5-1.8.2/src/tests/misc/ <kerberos>/krb5-1.8.2/src/tests/create/ <kerberos>/krb5-1.8.2/src/tests/verify/ <kerberos>/krb5-1.8.2/src/tests/hammer/ <kerberos>/krb5-1.8.2/src/kadmin/dbutil/ <kerberos>/krb5-1.8.2/src/kadmin/server/ <kerberos>/krb5-1.8.2/src/kadmin/cli/ <kerberos>/krb5-1.8.2/src/kadmin/ktutil/ <kerberos>/krb5-1.8.2/src/slave/
Apparently it would be great to have a easy fix to address all those folders that created trouble (Believe me, I manually modifyed all the Makefiles for above folders to reach the result). From the Makefile under <kerberos>/krb5-1.8.2/src/lib/rpc/unit-test, the reference of KRB5_BASE_LIBS leads to the use of CC_LINK, which in turn reveals that LDFLAGS might be a better parameter that should be inserted with the fix. Checking the MIT kerberos installation guide (krb5-install.html), LDFLAGS was explained as a way to specify optional arguments to the linker. That’s what exactly we need to do. Following the example in the installation guide, I came up with the following fix:
Link flag
$ ./configure LDFLAGS=-brtl
With the flag provided, Makefiles will be re-created by the above command. Checking each Makefile under any of those folder, the resulting Makefile was created with the needed ‘-brtl’ option. Then those folders passed the make procedure without complaining.
Missing symbolic link for libdb.so
However, the following error happend to folder
<kerberos>/krb5-1.8.2/src/plugins/kdb/db2/
with the following error:
+ /bin/ld -o db2.so kdb_xdr.o adb_openclose.o adb_policy.o kdb_db2.o kdb_ext.o pol_xdr.o db2_exp.o lockout.o libdb2/hash/hash.o libdb2/hash/hash_bigkey.o libdb2/hash/hash_debug.o libdb2/hash/hash_func.o libdb2/hash/hash_log2.o libdb2/hash/hash_page.o libdb2/hash/hsearch.o libdb2/hash/dbm.o libdb2/btree/bt_close.o libdb2/btree/bt_conv.o libdb2/btree/bt_debug.o libdb2/btree/bt_delete.o libdb2/btree/bt_get.o libdb2/btree/bt_open.o libdb2/btree/bt_overflow.o libdb2/btree/bt_page.o libdb2/btree/bt_put.o libdb2/btree/bt_search.o libdb2/btree/bt_seq.o libdb2/btree/bt_split.o libdb2/btree/bt_utils.o libdb2/db/db.o libdb2/mpool/mpool.o libdb2/recno/rec_close.o libdb2/recno/rec_delete.o libdb2/recno/rec_get.o libdb2/recno/rec_open.o libdb2/recno/rec_put.o libdb2/recno/rec_search.o libdb2/recno/rec_seq.o libdb2/recno/rec_utils.o -H512 -T512 -bnoentry -bgcbypass:1 -bnodelcsect -bfilelist -bM:SRE -bE:./db2.exports -bernotok -brtl -L../../../lib -lgssrpc -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lkadm5srv_mit -lkdb5 -lgssrpc -lgssapi_krb5 -lgssrpc -lgssapi_krb5 -lkrb5support -lpthreads -ldb -brtl -lc
ld: 0706-026 The -b filelist option is ignored.
ld: 0706-006 Cannot find or open library file: -l db
ld:open(): No such file or directory
make: The error code from the last command is 255.
Apparently, this time resorting to ‘-brtl’ would not help, since the option was already there. After checking the library files created under <kerberos>/krb5-1.8.2/src/lib, I could not find a library name as libdb.so. Searching files under folder <myproject>/kerberos/krb5-1.8.2/src/plugins/kdb/db2/, file libdb.so.1.1 and a symbolic link, libdb.so were found under <myproject>/kerberos/krb5-1.8.2/src/plugins/kdb/db2/libdb2. Given the fact that all the library files are saved under <myproject>/kerberos/krb5-1.8.2/src/lib, it looks like the symbolic link libdb.so should be put into that folder as well. As a testing, I ran the following command under <myproject>/kerberos/krb5-1.8.2/lib/:
ln -s <myproject>/kerberos/krb5-1.8.2/src/plugins/kdb/db2/libdb2/libdb.so libdb.so
After the symbolic link was created, the make procedure passed all the folders!
Since we have many symbolic links under <kerberos>/krb5-1.8.2/src/lib created correctly, definitly the symbolic link for libdb.so could be achieved by modifying Makefile or the configuration file.
Documentum DAA 