Re-forwarding to krb5-bugs since this is a bug and I inadvertently sent to the wrong list initially (krbdev)…


Kerberos Release: 1.9.1 (but I can also confirm the bug is present in 1.8.2 and possibly other releases).


Synopsis: Cannot compile sources using static library configuration

./configure --enable-static --disable-shared


Platform: Linux (x86_64)


make[1]: Entering directory `/home/probe/src/krb5/krb5-1.9.1/src/kdc'

gcc -L../lib  -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/local/lib -g -O2  -o krb5kdc kdc5_err.o dispatch.o do_as_req.o do_tgs_req.o fast_util.o kdc_util.o kdc_preauth.o main.o policy.o extern.o replay.o kdc_authdata.o -lapputils -lkadm5srv_mit  -lkdb5 -lkrb5_db2 -lgssrpc -lgssapi_krb5 -lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lkeyutils -lresolv  -ldl

../lib/libkrb5_db2.a(hash.o): In function `hdestroy':

/home/probe/src/krb5/krb5-1.9.1/src/plugins/kdb/db2/libdb2/hash/hash.c:549: warning: the use of `tmpnam' is dangerous, better use `mkstemp'

../lib/libkdb5.a(kdb_default.o): In function `krb5_def_store_mkey_list':

/home/probe/src/krb5/krb5-1.9.1/src/lib/kdb/kdb_default.c:189: warning: the use of `mktemp' is dangerous, better use `mkstemp'

../lib/libkrb5_db2.a(lockout.o): In function `lookup_lockout_policy':

/home/probe/src/krb5/krb5-1.9.1/src/plugins/kdb/db2/lockout.c:69: undefined reference to `xdr_osa_princ_ent_rec'

/home/probe/src/krb5/krb5-1.9.1/src/plugins/kdb/db2/lockout.c:89: undefined reference to `xdr_osa_princ_ent_rec'

collect2: ld returned 1 exit status

make[1]: *** [krb5kdc] Error 1

make[1]: Leaving directory `/home/probe/src/krb5/krb5-1.9.1/src/kdc'

make: *** [all-recurse] Error 1


When I did a Google search for this, it appears there was a conversation between Ken Raeburn & Greg Hudson on 2011-01-12 regarding this very topic, but it appears it was not fixed in the sources since, but the specifics were not coveredThe issue is –lkrb5_db2 references a module which is located in –lkadm5srv_mit.  If you use shared libraries, the library order is not important as there is lazy dependency resolution.  However, if you use static libraries, each object/library’s undeclared references must be present in one of the subsequent libraries in the link list (and in this case, the function was present in an earlier library but not previously pulled in because it wasn’t previously required to satisfy prior dependencies).  In general, it is safe to repeat –l<library> references (shared or static), so the fix is simply to list –lkadm5srv_mit again.


Anyway, here is a patch which addresses the issue:


--- aclocal.m4  2011-08-28 19:05:41.000000000 -0400

+++      2011-08-28 18:51:23.000000000 -0400

@@ -1190,7 +1190,7 @@

         AC_DEFINE([STATIC_PLUGINS], 1, [Define for static plugin linkage])



-        KDB5_PLUGIN_LIBS='-lkrb5_db2'

+        KDB5_PLUGIN_LIBS='-lkrb5_db2 -lkadm5srv_mit'

         if test "x$OPENLDAP_PLUGIN" = xyes; then


                 KDB5_PLUGIN_LIBS=$KDB_LUGIN_LIBS' -lkrb5_ldap'