From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tony Jones <tonyj@suse.de>
Subject: /sbin/auditd and GSS (was: audit 1.7.6 released)
Date: Thu, 25 Sep 2008 12:12:46 -0700
Message-ID: <20080925191246.GA9387@suse.de>
References: <200809111939.27522.sgrubb@redhat.com>
	<200809131432.54670.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <200809131432.54670.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Sat, Sep 13, 2008 at 02:32:54PM -0400, Steve Grubb wrote:
> On Thursday 11 September 2008 19:39:27 Steve Grubb wrote:
> > I've just released a new version of the audit daemon.
> 
> There will be a 1.7.7 release early next week. It will include the GSSAPI 
> patch sent yesterday and a fix to a tcp_wrappers problem reported today. Code 
> review of GSSAPI support shows that we may need to make a couple more changes 
> to it before people start widely deploying it. This should all be taken care 
> of in 1.7.7 which I am hoping to be able to release soon.

When I try to build here at SuSE our buildsystem flags the following:

binary /sbin/auditd is linked against libraries in /usr or /opt
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7f65000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7d75000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7d50000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7d43000)

You mentioned (on IRC) rsyslog being another /sbin executable which made use
of GSS but (at least for the package I had access to) the GSS dependancies are 
isolated to the rsyslog-module-gssapi module.   Modules are loaded by rsyslog
based on configuration file using dlopen().

Clearly this is a bit smoke-n-mirror ish but the direct ldd depenancy between 
auditd and GSS is kinda problematic. I assume GSS resides in /usr/lib for
Fedora/RHEL too?  Clearly one don't have to configure GSS support in.

Appreciate any comments.

Tony