AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system


#Operatingsystems
#Opensource
#AIX
#AIX Open Source
 View Only
Back to discussions
Expand all | Collapse all

sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1

  • 1.  sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1

    Posted Tue August 13, 2019 04:20 PM

    Originally posted by: Edward Davignon


    sudo and yum break with krb5-libs-1.16.1-2.ppc and curl-7.65.1-1.ppc

    It seems that krb5-libs-1.16.1-2.ppc or curl-7.65.1-1.ppc are missing a dependency for krb5.client.rte >= 1.16

    Also the archive member "libgssapi_krb5.a.so" is not the same as "libgssapi_krb5.so".

     

    Examples: 

    $ sudo
sudo: you do not exist in the passwd database
$

# yum list

There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

   Could not load module /opt/freeware/lib/libcurl.a(libcurl.so.4).
        Dependent module /usr/lib/libgssapi_krb5.a(libgssapi_krb5.so) could not be loaded.
        Member libgssapi_krb5.so is not found in archive
Could not load module /opt/freeware/lib/python2.7/site-packages/pycurl.so.
        Dependent module /opt/freeware/lib/libcurl.a(libcurl.so.4) could not be loaded.

Please install a package which provides this module, or
verify that the module is installed correctly.

It's possible that the above module doesn't match the
current version of Python, which is:
2.7.16 (default, Mar 12 2019, 21:23:24)
[GCC 6.3.0]

If you cannot solve this problem yourself, please go to
the yum faq at:
  
http://yum.baseurl.org/wiki/Faq

# ar tv /usr/krb5/lib/libgssapi_krb5.a
rwxr-xr-x     0/0     1093395 Jan 08 00:38 2018 libgssapi_krb5.a.so
# lslpp -w /usr/krb5/lib/libgssapi_krb5.a
  File                                        Fileset               Type
  ----------------------------------------------------------------------------
  /usr/krb5/lib/libgssapi_krb5.a              krb5.client.rte       File
# lslpp -l krb5.client.rte
  Fileset                      Level  State      Description
  ----------------------------------------------------------------------------
Path: /usr/lib/objrepos
  krb5.client.rte            1.6.0.5  COMMITTED  Network Authentication Service
                                                 Client

Path: /etc/objrepos
  krb5.client.rte            1.6.0.5  COMMITTED  Network Authentication Service
                                                 Client
#


  • 2.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Wed August 14, 2019 08:37 AM

    Originally posted by: AyappanP


    curl gssapi support is enabled using krb5-libs rpm and not through NAS (krb5 installp fileset). 

    Make sure you have the latest yum rpm (yum-3.4.3-7). And there should not be any LIBPATH settings pointing to /usr/lib 



  • 3.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Thu August 15, 2019 10:37 AM

    Originally posted by: Edward Davignon


    Thank you for the clarifications.  Yum was the latest, but LIBPATH was set.  sudo did not have LIBPATH set, but the error message was misleading.  I have not had time to troubleshoot this further, since I had to immediately back out the changes.



  • 4.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 16, 2019 02:51 AM

    Originally posted by: AyappanP


    So it's definitely a LIBPATH issue. 

    Nothing much can be done from rpm side. 



  • 5.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 16, 2019 01:35 PM

    Originally posted by: Edward Davignon


    The yum issue was a LIBPATH issue.  The sudo issue was not a LIBPATH issue.



  • 6.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Mon August 19, 2019 02:24 AM

    Originally posted by: AyappanP


    Oh, i didn't see the sudo isssue.

    When the issue start appearing ? and what's the rpm details ?

    rpm -qi sudo



  • 7.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Tue August 20, 2019 04:50 PM

    Originally posted by: Edward Davignon


    $ rpm -qi sudo
    Name        : sudo
    Version     : 1.8.27
    Release     : 2
    Architecture: ppc
    Install Date: Mon Jun 10 10:10:50 2019
    Group       : Applications/System
    Size        : 6010871
    License     : IBM_ILA
    Signature   : (none)
    Source RPM  : sudo-1.8.27-2.src.rpm
    Build Date  : Fri Jun  7 05:29:21 2019
    Build Host  : pokndd10.pok.stglabs.ibm.com
    Relocations : /opt/freeware
    URL         : http://www.sudo.ws
    Summary     : Allows restricted root access for specified users.
    Description :
    Sudo (superuser do) allows a system administrator to give certain users (or
    groups of users) the ability to run some (or all) commands as root while
    logging all commands and arguments. Sudo operates on a per-command basis.  It
    is not a replacement for the shell.  Features include: the ability to restrict
    what commands a user may run on a per-host basis, copious logging of each
    command (providing a clear audit trail of who did what), a configurable timeout
    of the sudo command, and the ability to use the same configuration file
    (sudoers) on many different machines.
     



  • 8.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 23, 2019 03:06 AM

    Originally posted by: AyappanP


    If it's only a sudo issue now, then i think it's better to change the question. Because it's misleading. 



  • 9.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 30, 2019 09:14 AM

    Originally posted by: JayZach


    Did sudo work after backing out the changes?  Can you list exactly which changes you backed out?  As I described in another thread on this, I've backed out/downgraded five rpm's and I'm still seeing the sudo issue..

     

    https://www.ibm.com/developerworks/community/forums/html/topic?id=a6bc8ca5-14f5-444c-bd6a-53d2265099db&ps=25#repliesPg=0

     

    Downgraded:

    sudo-1.8.27-1.ppc
    curl-7.64.0-1.ppc
    gettext-0.19.8.1-3.ppc
    krb5-libs-1.16.1-1.ppc
    openldap-2.4.46-1.ppc

     



  • 10.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 30, 2019 09:27 AM

    Originally posted by: JayZach


    I downgraded sudo more to the version on my production server (sudo-1.8.21p2-1.ppc), and now I get a different although somewhat similar error..

     

    sudo: unknown uid: 303
    sudo: unable to initialize policy plugin

     



  • 11.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 30, 2019 09:54 AM

    Originally posted by: Edward Davignon


    Currently I have:

    $ sudo rpm -q sudo curl gettext krb5-libs openldap
    sudo-1.8.27-2.ppc
    curl-7.64.0-1.ppc
    gettext-0.19.8.1-3.ppc
    package krb5-libs is not installed
    openldap-2.4.46-2.ppc
     

    The upgrade for curl to 7.65.1-1 brings in the dependency for the RPM version of krb5-libs >= 1.16.1-2

    As AyappanP points out:000771M1

    curl gssapi support is enabled using krb5-libs rpm and not through NAS (krb5 installp fileset).



  • 12.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Fri August 30, 2019 12:03 PM

    Originally posted by: JayZach


    Ok - I downgraded curl, then could "yum remove krb5-libs" after that - then my kerberos users could use sudo again...

    CoolGrin

     

    Before that, I noticed that /opt/freeware/etc/krb5.conf is empty, but there would be other things that would need to be done to fully initialize kerberos with those libs I think..



  • 13.  Re: Member libgssapi_krb5.so is not found in archive for curl 7.65.1-1 and krb5.client.rte 1.6.0.5

    Posted Thu September 05, 2019 02:31 PM

    Originally posted by: Edward Davignon


    Thanks for the insight on /opt/freeware/etc/krb5.conf being empty.



  • 14.  sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1

    Posted Fri August 23, 2019 11:38 AM

    Originally posted by: Edward Davignon


    Changing title to "sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1", since this appears to be more of a sudo problem than a yum problem.  The yum problem has a known fix.
     



  • 15.  Re: sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1

    Posted Tue September 24, 2019 04:01 PM

    Originally posted by: BrentFortman


    We had the exact same issue.  The for-mentioned workaround of downgrading curl and removing krb-libs worked.  Is anyone addressing this issue?



  • 16.  Re: sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1

    Posted Wed September 25, 2019 04:50 AM

    Originally posted by: sangameshm


    Yes. The workaround of downgrading to curl is not a feasible.

    We are working on this and update once we find the root cause.

     

    Thanks,

    Sangamesh



  • 17.  Re: sudo-1.8.27-2 breaks with krb5-libs-1.16.1-2 and curl-7.65.1-1

    Posted Wed December 11, 2019 01:35 PM

    Originally posted by: sangameshm


    We have uploaded the krb5-libs-1.16.1-3 with required changes to fix this issue.

    Please install latest krb5-libs-1.16.1-3 and let us know if this fixes the sudo authentication.

     

    Thanks,

    Sangamesh