On Mon, 21 Apr 2008, Russ Allbery wrote:
I spent an hour this evening tracking this down. The problem is that Heimdal isn't using symbol versioning in its shared libraries. libpam-heimdal therefore binds to unversioned symbols, which works fine if the calling program doesn't load any other Kerberos library. However, OpenSSH is linked with MIT Kerberos, and therefore at run time the unversioned libpam-heimdal symbols are bound to the MIT Kerberos version of libkrb5 which is already loaded in memory and chaos ensues. valgrind was the debugging tool that finally gave me the necessary clue. The segfault kept showing up with backtraces inside libkrb5.3.3 instead of libkrb5.24.0.0.
Thanks for the effort - and the education, I've used valgrind, but never for something like this
This is a bug in the Debian Heimdal packages, I believe. They used to use symbol versioning precisely because of this problem; see Bug#205592 which was closed in 0.6-4. It looks like that was lost or dropped somewhere along the way.
Most likely with the recent bump to the 1.x series - looks like a big source and packaging change; I ran into another fallout of the packaging change (already fixed)
I'm copying Brian May on this. I think the bug should probably be reassigned to the heimdal source package.
Reassigned... Fortunately, there aren't that many packages that depend upon Heimdal, as they'll all need rebuilding after Heimdal is updated. -- Rick Nelson Life'll kill ya -- Warren Zevon Then you'll be dead -- Life'll kill ya -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
