Do not install krb5 plugins in /usr/lib64, like /usr/lib64/winbind_krb5_locator.so instead they should be in a krb5 subdir in the modules dir. For FHS this would be: /usr/lib64/samba/krb5/
Created attachment 14261 [details] patch for 4.8
Comment on attachment 14261 [details] patch for 4.8 LGTM.
Karolin, please add the patch to 4.8. Thanks.
Hi Andreas, is there a reason to change this it in a maintenance release? What is the description of the failure? I am afraid that it breaks running systems. Thanks in advance! Karo
We put KRB5 modules in the location for shared libraries, which is wrong. The issue is that this does not follow the LSB spec. I don't see how this will break running systems. From the winbind_krb5_locator manpage: The winbind_krb5_locator.so file needs to be manually copied to the plugin directory of the system Kerberos library. For MIT Kerberos this is often: /usr/lib/krb5/plugins/libkrb5/. For Heimdal Kerberos this is often: /usr/lib/plugin/krb5/. Please check your local Kerberos installation for the correct paths. No modification in /etc/krb5.conf is required to enable the use of this plugin. That the krb5_plugin works it needs to be in the krb5_plugin directory of MIT or Heimdal Kerberos. As the installation is a manual task, this can't break. Distributions who package Samba will notice that the library location changed. The packaging tools will tell and it can be adopted accordingly. For the new localauth plugin, there wasn't a manpage yet (my fault), so nobody knew how to use it.
Pushed to autobuild-v4-8-test.
Pushed to v4-8-test. Closing out bug report. Thanks!