Bug 13489 - Do not install krb5 plugins in /usr/lib64
Summary: Do not install krb5 plugins in /usr/lib64
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Build (show other bugs)
Version: 4.8.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-27 12:18 UTC by Andreas Schneider
Modified: 2018-08-24 09:47 UTC (History)
3 users (show)

See Also:


Attachments
patch for 4.8 (9.49 KB, patch)
2018-06-27 19:28 UTC, Andreas Schneider
ab: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2018-06-27 12:18:54 UTC
Do not install krb5 plugins in /usr/lib64, like 

  /usr/lib64/winbind_krb5_locator.so

instead they should be in a krb5 subdir in the modules dir. For FHS this would be:

  /usr/lib64/samba/krb5/
Comment 1 Andreas Schneider 2018-06-27 19:28:35 UTC
Created attachment 14261 [details]
patch for 4.8
Comment 2 Alexander Bokovoy 2018-06-27 19:36:43 UTC
Comment on attachment 14261 [details]
patch for 4.8

LGTM.
Comment 3 Andreas Schneider 2018-06-28 06:48:08 UTC
Karolin, please add the patch to 4.8. Thanks.
Comment 4 Karolin Seeger 2018-07-06 08:54:42 UTC
Hi Andreas,

is there a reason to change this it in a maintenance release?
What is the description of the failure?
I am afraid that it breaks running systems.

Thanks in advance!

Karo
Comment 5 Andreas Schneider 2018-07-06 10:16:26 UTC
We put KRB5 modules in the location for shared libraries, which is wrong. The issue is that this does not follow the LSB spec.

I don't see how this will break running systems. From the winbind_krb5_locator manpage:

    The winbind_krb5_locator.so file needs to be manually copied to the plugin
    directory of the system Kerberos library. For MIT Kerberos this is often:
    /usr/lib/krb5/plugins/libkrb5/. For Heimdal Kerberos this is often:
    /usr/lib/plugin/krb5/. Please check your local Kerberos installation for the
    correct paths. No modification in /etc/krb5.conf is required to enable the
    use of this plugin.


    That the krb5_plugin works it needs to be in the krb5_plugin directory of MIT
    or Heimdal Kerberos.


As the installation is a manual task, this can't break. Distributions who package Samba will notice that the library location changed. The packaging tools will tell and it can be adopted accordingly.

For the new localauth plugin, there wasn't a manpage yet (my fault), so nobody knew how to use it.
Comment 6 Karolin Seeger 2018-08-14 11:00:25 UTC
Pushed to autobuild-v4-8-test.
Comment 7 Karolin Seeger 2018-08-24 09:47:23 UTC
Pushed to v4-8-test.
Closing out bug report.

Thanks!