For some reason when I link against Oracle GSS starts behaving differently (Solaris)

My test program works fine. I can create a client and a server and run them against each other. I can set my KRB5_CONFIG environment variable and use a local configuration for testing.

For some reason when I place the code in our production software it fails. Even if I strip our main() function to just calling gss_import_name() with a hard coded name I end up with the message "Cannot open configuration file".

If I run truss then I see a lot of Oracle going on. It tries to open lots of different Oracle trace files. It also tries to open

/krb5/krb.conf

instead of the file I specify.

It's as if Oracle is giving us the wrong gss, or maybe some other option in our huge and complex build system. I note -L/usr/lib/sparcv9 though this is after my -lgss now if that matters (too long since I worked in C on a regular basis!). The libgss.so.1 in that directory is larger than the one i开发者_运维知识库n /usr/lib - though putting that option into my test program's link command does not break it.

Any help?

Thanks - Richard

This fixed what appeared to be a similar problem for us:

export KRB5_CONFIG=/etc/krb5.conf

It does appear likely that Oracle sets this env var incorrectly if it's not already set.

$ grep -r KRB5_CONFIG $ORACLE_HOME 
Binary file /usr/lib/oracle/11.1.0.1/client64/lib/libclntsh.so matches 
Binary file /usr/lib/oracle/11.1.0.1/client64/lib/libclntsh.so.11.1 matches 
$ grep -r '/krb5/krb.conf' $ORACLE_HOME 
Binary file /usr/lib/oracle/11.1.0.1/client64/lib/libclntsh.so matches 
Binary file /usr/lib/oracle/11.1.0.1/client64/lib/libclntsh.so.11.1 matches

I found that the Oracle libraries contained an implementation of GSS. To make my code work I ensured I linked "-lgss" before linking any of the Oracle libraries.

I've not tested to see if this upsets Oracle in single sign-on, because we use Oracle with user name and password. That works fine.

I ran in to the very same issue with Oracle 11.2.0.4.0 on HP-UX 11.31 and wasted almost an entire day for that. Indeed, the crappy Oracle lib peforms a putenv with /opt/krb5/krb.conf and the tip from Richard Corfield makes the app even crash. The only workaround is to create a symbolic link. I have created a service request with Oracle for that issue.

Update (2014-06-02): I have received an update from Oracle. They confirmed the bug. It seems like there is a private GSS-API which is redefining symbols.

Bug 10184681 - ORACLE NEEDS TO USE VERSIONED SYMBOLS TO AVOID EXTERNAL SYMBOL CONFLICTS

This issue has been open since 2010-10. Terrible.