Both kadmind and kpasswdd give out this error message when they are started: didn't find `check_cracklib' symbol in `/usr/lib/sample_passwd_check.so' Output of 'readelf --symbols /usr/lib/sample_passwd_check.so' confirms it's missing: Symbol tabel '.dynsym' contains 23 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000430 0 SECTION LOCAL DEFAULT 8 2: 00000490 0 SECTION LOCAL DEFAULT 10 3: 00000640 0 SECTION LOCAL DEFAULT 11 4: 0000065b 0 SECTION LOCAL DEFAULT 12 5: 0000068c 0 SECTION LOCAL DEFAULT 13 6: 00001690 0 SECTION LOCAL DEFAULT 14 7: 00001698 0 SECTION LOCAL DEFAULT 15 8: 000016a0 0 SECTION LOCAL DEFAULT 16 9: 00001790 0 SECTION LOCAL DEFAULT 20 10: 00001798 0 SECTION LOCAL DEFAULT 21 11: 000016a4 0 OBJECT GLOBAL DEFAULT ABS _DYNAMIC 12: 00000000 0 NOTYPE GLOBAL DEFAULT UND krb5_config_get_int_defau 13: 0000179c 4 OBJECT GLOBAL DEFAULT 21 version 14: 00000590 98 FUNC GLOBAL DEFAULT 10 check_length 15: 00000430 0 FUNC GLOBAL DEFAULT 8 _init 16: 00001798 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 17: 00000640 0 FUNC GLOBAL DEFAULT 11 _fini 18: 00000000 152 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (2) 19: 00001798 0 NOTYPE GLOBAL DEFAULT ABS _edata 20: 000017a0 0 NOTYPE GLOBAL DEFAULT ABS _end 21: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 22: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ If you look at the source for sample_passwd_check.so (located in lib/kadm5 in the source tree), you can see that DICTPATH must be defined for the check_cracklib function to be built. I tried just adding '#define DICTPATH /usr/share/dict/cracklib-simple' to the source and recompiling. The complaint about missing symbols went away but instead kpasswd started crashing when I tried to change password.
This is with Heimdal 0.7.1-r1 btw, but from a quick look at the 0.6.5 ebuild/sources it looks like the problem exists with that version as well.
[password_quality] check_library = /usr/lib/sample_passwd_check.so check_function = FascistCheck Does work for me whit heimdal-7.1-r1 Symbols are the same here. Mabey dynamic linked or something?
With check_function = FascistCheck the error in the log go's away, but does not do anything at al. Sorry about that. If you define the compressed cracklib dictionary it works: #define DICTPATH "/usr/lib/cracklib_dict" but you have to add a cracklib dependancy to the ebuild. What I also want to add is that check-cracklib.pl is not installed when merging heimdal 7.1-r1. So that way also does not work.
This also is the case whit 0.7.2. Temp. solution: ebuild /usr/portage/app-crypt/heimdal/heimdal-0.7.2.ebuild unpack edit /usr/tmp/portage/heimdal-0.7.2/work/heimdal-0.7.2/lib/kadm5/sample_passwd_check.c first line: #define DICTPATH "/usr/lib/cracklib_dict" ebuild /usr/portage/app-crypt/heimdal/heimdal-0.7.2.ebuild merge
In the ebuild for heimdal-0.7.2-r1, can you put this in (instead of the original command to compile the password checker), and see if it all works for you? If it does I'll add it in. Oh yeah, please report here, but also send me a quick email or ping on irc. # Compile the added password checker: cd ${S}/lib/kadm5 tc-export CC ${CC} -shared -fPIC ${CFLAGS} \ -DDICTPATH=\"/usr/$(get_libdir)/cracklib_dict\" \ -I${S}/include \ -o sample_passwd_check.so sample_passwd_check.c -lcrack || \ die "Failed to compile password checker"
(In reply to comment #5) > In the ebuild for heimdal-0.7.2-r1, can you put this in (instead of the > original command to compile the password checker), and see if it all works for > you? Yep! It works fine. Tank you.
fixed in 0.7.2-r2
