SUMMARY: Build Qpopper 4.0.3 on SparcSol8 with TLS/SSL & Kerberos5

From: Tim Chipman <chipman_at_ecopiabio.com>
Date: Thu Nov 15 2001 - 10:19:14 EST
A summary of sorts. Many thanks to those who replied (Yuri Pismerov,
Rami Aubourg, and Karl Vogel).

Suggestions include, (no particular order)

-1- check GCC, Qpopper version issues for compiling?

-2- skip all this and try stunnel instead (http://www.stunnel.org/)

-3- don't worry about both Kerberos and TLS/SSL support ; use PAM
instead for kerberos authentication and thus build Qpopper with PAM &
TLS/SSL support instead of Kerberos & TLS. (i.e., I don't want my pop
clients authenticating with kerberos, {few clients support this anyhow}
but wanted the pop daemon to check username and password against a
"kerberos database"

If I had been clearer in my initial posting, suggestion one would have
been clearly not an issue, as I was able to build Qpopper fine with GCC
if I didn't include any extra options. (ie, a vanilla build was fast &
painless). Additionally, I was able to build Qpopper fine with *just*
TLS/SSL support. Attempts to compile that failed were with either (a)
ONLY Kerberos, or (b) Kerberos AND TLS/SSL.

Stunnel is an option but a bit more cumbersome to setup for client
stations, which in my case includes windows boxes unfortunately.

I'm currently looking at getting PAM and Kerberos working and hope to
pursue this avenue as "the solution". Not there yet, however. It does
look promising, though.

Hope this summary is of some use to somebody, eventually..


-Tim Chipman



>>>>>>ORIGINAL POSTING FOLLOWS>>>>>>
>
>Hi all,
> 
> A compiling problem that is quite frustrating. I'm trying to see about
> getting a halfway decent secure Pop daemon built (what a novelty?!) -
> (TLS/SSL and kerberos5 support) and Qpopper seemed the best way to
> accommodate all these features. OpenSSL and Kerberos5 already exist on
> the system and function fine. Compiling is being done with GCC ver 2.96
> 
> Configuration proceeds just fine:
> 
> ./configure --prefix=/opt/qpopper --with-openssl=/opt/openssl \
>  --with-kerberos5=/opt/kerberos
> 
> <lots of stuff omitted>...
> updating cache ./config.cache
> creating ./config.status
> creating Makefile
> creating common/Makefile
> creating popper/Makefile
> creating mmangle/Makefile
> creating password/Makefile
> creating config.h
> 
> Alas, when I issue "make", it grinds away for a few moments, then tanks
> with an "interesting" error thus:
> 
> ld: fatal: symbol `des_key_sched' is multiply-defined:
>         (file /opt/kerberos/lib/libdes425.a(key_sched.o) and file
> /opt/openssl/lib/libcrypto.a(set_key.o));
> ld: fatal: File processing errors. No output written to popper
> 
> If I try something "clever" like renaming either libdes425.a or
> libcrypto.a, it will proceed past this point, but then complains about
> the absence of (the renamed file) shortly thereafter.  Hence, caught
> between a rock and a hard place, it seems.
> 
> I've searched the web, news groups, and of course this list archive.
> Alas, no discussion of kerb-ssl-qpop for solaris. Nothing remotely
> similar to my problem, for any platform, for that matter. Hence this
> posting.
> 
> If anyone has seen this problem before (and ideally worked around it?!
> :-) - or has suggestions on possible resolutions ... I certainly would
> appreciate hearing your suggestions.
Received on Thu Nov 15 15:19:14 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:35 EDT