OpenSSH and kerberos - bug in instructions

Hai Zaar haizaar at
Wed Nov 2 08:18:03 PST 2005

Hi, all!

As far as I see, there is a bug in OpenSSH+Heimdal instructions (charter 21):

Its saying:
If you use Heimdal as your Kerberos5 implementation and you linked the
Heimdal libraries into the build using the --with-kerberos5 parameter,
you'll need to modify the Makefile or the build will fail. Use the
following command:
    sed -i -e "s/lkrb5 -ldes/lkrb5/" Makefile

Actually you should patch 'configure' and the Makefile. Here the explanation:
Suppose you do as the book says:
* you run ./configure --with-kerberos5
* configure runs, but checks for gssapi libraries fail - nevertheless
configure just warns you that build may fail.
* If you run `make' now, it will fail on '-ldes not found' - that's
why book says you should `sed' the Makefile. Ok, you patch the
Makefile, run make again and compilation passes.
* Now the problem is that sshd __is not linked against libgssapi__!
So, enabling GSSAPIAuthentication in sshd_conf will cause error
messages on sshd startup that complain about GSSAPIAuthentication
option is not being supported.

Now, if you patch the configure and _not_ the Makefile by using the same `sed':
    sed -i -e "s/lkrb5 -ldes/lkrb5/" configure
then configure locates libgssapi correctly, and you do _not_ need to
patch Makefile anymore, and everything compiles and works correctly.

P.S. I'm not on the list, so please CC me.

More information about the blfs-dev mailing list