\input texinfo @c -*-texinfo-*- @c @c Note: the above texinfo file must include the "doubleleftarrow" @c definitions added by jcb. @c %**start of header @c guide @setfilename krb5-implement.info @settitle Kerberos V5 Installation Guide @setchapternewpage odd @c chapter begins on next odd page @c @setchapternewpage on @c chapter begins on next page @smallbook @c Format for 7" X 9.25" paper @c %**end of header @paragraphindent 0 @iftex @parskip 6pt plus 6pt @end iftex @include definitions.texinfo @set EDITION b7-1 @finalout @c don't print black warning boxes @titlepage @title @value{PRODUCT} Implementor's Guide @subtitle Release: @value{RELEASE} @subtitle Document Edition: @value{EDITION} @subtitle Last updated: @value{UPDATED} @author @value{COMPANY} @page @vskip 0pt plus 1filll @iftex @include copyright.texinfo @end iftex @end titlepage @node Top, Introduction, (dir), (dir) @comment node-name, next, previous, up @ifinfo This file contains internal implementor's information for the @value{RELEASE} release of @value{PRODUCT}. @include copyright.texinfo @end ifinfo @c The master menu is updated using emacs19's M-x texinfo-all-menus-update @c function. Don't forget to run M-x texinfo-every-node-update after @c you add a new section or subsection, or after you've rearranged the @c order of sections or subsections. Also, don't forget to add an @node @c comand before each @section or @subsection! All you need to enter @c is: @c @c @node New Section Name @c @section New Section Name @c @c M-x texinfo-every-node-update will take care of calculating the @c node's forward and back pointers. @c @c --------------------------------------------------------------------- @menu * Introduction:: * Local Addresses:: * Host Address Lookup:: * Thread Safety:: * Shared Libraries:: @end menu @node Introduction, Local Addresses, Top, Top @chapter Introduction This file contains internal implementor's information for @value{PRODUCT}. It is currently contains information that was removed from install.texi; eventually it will have more detailed information on the internals of the @value{PRODUCT}. @node Local Addresses, Host Address Lookup, Introduction, Top @chapter Local Addresses (Last update: 2002-03-13.) Different systems have different ways of finding the local network addresses. On Windows, @code{gethostbyname} is called on the local host name to get a set of addresses. If that fails, a UDP socket is ``connected'' to a particular IPv4 address, and the local socket name is retrieved, its address being treated as the one local network address. Future versions of the Windows code should be able to actually examine local interfaces. On Mac OS 9 and earlier, a Mac-specific interface is used to look up local addresses. Presumably, on Mac OS X we'll use that or the general UNIX code. On (most?) UNIX systems, there is an @code{ioctl} called @code{SIOCGIFCONF} which gets interface configuration information. The behavior of this @code{ioctl} varies across UNIX systems though. It takes as input a buffer to fill with data structures, but if the buffer isn't big enough, the behavior isn't well defined. Sometimes you get an error, sometimes you get incomplete data. Sometimes you get a clear indication that more space was needed, sometimes not. A couple of systems have additional @code{ioctl}s that can be used to determine or at least estimate the correct size for the buffer. Solaris has introduced @code{SIOCGLIFCONF} for querying IPv6 addresses, and restricts @code{SIOCGIFCONF} to IPv4 only. (** We should actually check if that's true.) We (Ken Raeburn in particular) ran some tests on various systems to see what would happen with buffers of various sizes from much smaller to much larger than needed for the actual data. The buffers were filled with specific byte values, and then checked to see how much of the buffer was actually written to. The "largest gap" values listed below are the largest number of bytes we've seen left unused at the end of the supplied buffer when there were more entries to return. These values may of coures be dependent on the configurations of the particular systems we wre testing with. (See @code{lib/krb5/os/t_gifconf.c} for the test program.) NetBSD 1.5-alpha: The returned @code{ifc_len} is the desired amount of space, always. The returned list may be truncated if there isn't enough room; no overrun. Largest gap: 43. However, NetBSD has @code{getifaddrs}, which hides all the ugliness within the C library. BSD/OS 4.0.1 (courtesy djm): The returned @code{ifc_len} is equal to or less than the supplied @code{ifc_len}. Sometimes the entire buffer is used; sometimes N-1 bytes; occasionally, the buffer must have quite a bit of extra room before the next structure will be added. Largest gap: 39. Solaris 7,8: Return @code{EINVAL} if the buffer space is too small for all the data to be returned, including when @code{ifc_len} is 0. Solaris is the only system I've found so far that actually returns an error. No gap. However, @code{SIOCGIFNUM} may be used to query the number of interfaces. Linux 2.2.12 (Red Hat 6.1 distribution, x86), 2.4.9 (RH 7.1, x86): The buffer is filled in with as many entries as will fit, and the size used is returned in @code{ifc_len}. The list is truncated if needed, with no indication. Largest gap: 31. @emph{However}, this interface does not return any IPv6 addresses. They must be read from a file under @code{/proc}. (This appears to be what the @samp{ifconfig} program does.) IRIX 6.5: The buffer is filled in with as many entries as will fit in N-1 bytes, and the size used is returned in @code{ifc_len}. Providing exactly the desired number of bytes is inadequate; the buffer must be @emph{bigger} than needed. (E.g., 32->0, 33->32.) The returned @code{ifc_len} is always less than the supplied one. Largest gap: 32. AIX 4.3.3: Sometimes the returned @code{ifc_len} is bigger than the supplied one, but it may not be big enough for @emph{all} the interfaces. Sometimes it's smaller than the supplied value, even if the returned list is truncated. The list is filled in with as many entries as will fit; no overrun. Largest gap: 143. Older AIX: We're told by W. David Shambroom (DShambroom@@gte.com) in PR krb5-kdc/919 that older versions of AIX have a bug in the @code{SIOCGIFCONF} @code{ioctl} which can cause them to overrun the supplied buffer. However, we don't yet have details as to which version, whether the overrun amount was bounded (e.g., one @code{ifreq}'s worth) or not, whether it's a real buffer overrun or someone assuming it was because @code{ifc_len} was increased, etc. Once we've got details, we can try to work around the problem. Digital UNIX 4.0F: If input @code{ifc_len} is zero, return an @code{ifc_len} that's big enough to include all entries. (Actually, on our system, it appears to be larger than that by 32.) If input @code{ifc_len} is nonzero, fill in as many entries as will fit, and set @code{ifc_len} accordingly. (Tested only with buffer previously filled with zeros.) Tru64 UNIX 5.1A: Like Digital UNIX 4.0F, except the ``extra'' space indicated when the input @code{ifc_len} is zero is larger. (We got 400 out when 320 appeared to be needed.) So... if the returned @code{ifc_len} is bigger than the supplied one, we'll need at least that much space -- but possibly more -- to hold all the results. If the returned value is smaller or the same, we may still need more space. The heuristic we're using on most systems now is to keep growing the buffer until the unused space is larger than an @code{ifreq} structure by some safe margin. @node Host Address Lookup, Thread Safety, Local Addresses, Top @chapter Host Address Lookup The traditional @code{gethostbyname} function is not thread-safe, and does not support looking up IPv6 addresses, both of which are becoming more important. New standards have been in development that should address both of these problems. The most promising is @code{getaddrinfo} and friends, which is part of the Austin Group and UNIX 98(?) specifications. Code in the MIT tree is gradually being converted to use this interface. @quotation (Question: What about @code{inet_ntop} and @code{inet_pton}? We're not using them at the moment, but some bits of code would be simplified if we were to do so, when plain addresses and not socket addresses are already presented to us.) @end quotation The @code{getaddrinfo} function takes a host name and service name and returns a linked list of structures indicating the address family, length, and actual data in ``sockaddr'' form. (That is, it includes a pointer to a @code{sockaddr_in} or @code{sockaddr_in6} structure.) Depending on options set via the @code{hints} input argument, the results can be limited to a single address family (@i{e.g.}, for IPv4 applications), and the canonical name of the indicated host can be returned. Either the host or service can be a null pointer, in which case only the other is looked up; they can also be expressed in numeric form. This interface is extensible to additional address families in the future. The returned linked list can be freed with the @code{freeaddrinfo} function. The @code{getnameinfo} function does the reverse -- given an address in ``sockaddr'' form, it converts the address and port values into printable forms. Errors returned by either of these functions -- as return values, not global variables -- can be translated into printable form with the @code{gai_strerror} function. Some vendors are starting to implement @code{getaddrinfo} and friends, however, some of the implementations are deficient in one way or another. @table @asis @item AIX As of AIX 4.3.3, @code{getaddrinfo} returns sockaddr structures without the family and length fields filled in. @item GNU libc The GNU C library, used on GNU/Linux systems, has had a few problems in this area. One version would drop some IPv4 addresses for some hosts that had multiple IPv4 and IPv6 addresses. In GNU libc 2.2.4, when the DNS is used, the name referred to by PTR records for each of the addresses is looked up and stored in the @code{ai_canonname} field, or the printed numeric form of the address is, both of which are wrong. @item IRIX No known bugs here, but as of IRIX 6.5, the version we're using at MIT, these functions had not been implemented. @item NetBSD As of NetBSD 1.5, this function is not thread-safe. @item Tru64 UNIX In Tru64 UNIX 5.0, @code{getaddrinfo} is available, but requires that @code{} be included before its use; that header file defines @code{getaddrinfo} as a macro expanding to either @code{ogetaddrinfo} or @code{ngetaddrinfo}, and apparently the symbol @code{getaddrinfo} is not present in the system library, causing the @code{configure} test for it to fail. Technically speaking, I [Ken] think Compaq has it wrong here, I think the symbol is supposed to be available even if the application uses @code{#undef}, but I have not confirmed it in the spec. @end table For systems where @code{getaddrinfo} returns incorrect data, we've provided wrapper versions that call the system version and then try to fix up the returned data. For systems that don't provide these functions at all, we've provided replacement versions that neither are thread-safe nor support IPv6, but will allow us to convert the rest of our code to assume the availability of @code{getaddrinfo}, rather than having to use two branches everywhere, one for @code{getaddrinfo} and one for @code{gethostbyname}. These replacement functions do use @code{gethostbyname} and the like; for some systems it would be possible to use @code{gethostbyname2} or @code{gethostbyname_r} or other such functions, to provide thread safety or IPv6 support, but this has not been a priority for us, since most modern systems have these functions anyways. And if they don't, they probably don't have real IPv6 support either. Including @code{fake-addrinfo.h} will enable the wrapper or replacement versions when needed. Depending on the system configuration, this header file may define several static functions (and declare them @code{inline} under GNU C), and leave it to the compiler to discard any unused code. This may produce warnings on some systems, and if the compiler isn't being too clever, may cause several kilobytes of excess storage to be consumed on these backwards systems. @node Thread Safety, Shared Libraries, Host Address Lookup, Top @chapter Thread Safety Hahahahahaha... We're not even close. We have started talking about it, though. Some stuff is ``kind of'' thread safe because it operates on a @code{krb5_context} and we simply assert that a context can be used only in one thread at a time. But there are places where we use unsafe C library functions, and a few places where we have modifiable static data in the libraries. Even if the Kerberos or C library functions aren't using static data themselves, there are other instances of per-process data that have to be dealt with before our library can become thread-safe. For example, file locking with UNIX @code{flock()} is on a per-process basis; for a single thread to be able to lock a file against accesses from other threads, we'll have to implement per-thread locks for files on top of the operating system per-process locks, and that means a global (per-process) table listing all the locks. So it seems unlikely that we will find an approach that eliminates all static modifiable data from the library. A rough proposal for hooks for implementing locking was put forth, and an IBM Linux group is experimenting with a trial implementation of it, with a few changes. @quotation Okay, here's a proposal based on looking at OpenSSL's "threads.pod" (but not enough of the details of the implementation, yet) and talking with Danilo and Miro and Tom. This is just a starting point for discussion.... In terms of the work you've already shown us in patches, Emily, I have some specific comments I'll address in another message, but as far as the API issue goes, most everything you've done I think will map pretty directly to calls described here, and a first cut could be done with a dumb shim layer that doesn't support all the callback stuff described below. We use a shim layer to direct the calls to the native thread interface, whatever it may be; this avoids requiring that Kerberos-using applications all use (for example) pthreads packages not provided by the OS vendor. When reasonable, we use that system thread package by default. If there isn't a single system API, or it's inconvenient to make applications use it, then by default we don't make the library thread-safe, though we still favor thread-safe support routines like gethostbyname_r. We allow applications to register callback functions to implement the thread support, and invoke these functions through a shim layer. This way we avoid being tied to a specific thread package. This callback support looks pretty important for systems like MacOS, which can support multiple thread packages that may not play nicely together; the application can indicate which interface should be used. The locking functions need only handle a limited number of locks; this number must be queried at run time, but will be fixed for the life of the process. Locks within each library have assigned numbers, and protect global data only, not objects that can be allocated in huge numbers. Thread-specific data (which is probably needed for error_message in the com_err library, unless we rip out that interface, which would break a few applications) is handled similarly. Callback functions can be registered, and only a fixed small number of enumerated cases need to be supported in each library. We could handle most of this internally with mutexes and such, except that we probably want data cleaned up on thread exit. The callback functions provided by the application would be: @example get-thread-id get/release-lock set-specific-data get-specific-data destroy-specific-data (on thread exit) @end example The callback functions may only be registered while no locks are held (which presumably means before any threads are created and while in the main application). Locks are not held across library calls; they are always released. (Question: Should the callback functions be registered through separate functions, or one call with extra arguments or a structure pointer?) Each library (each that has data needing protecting, that is) provides a set of functions for manipulating these callbacks, based in part on the OpenSSL API. We also provide a thread-info function which gives the application some info about the thread safety of the library in question. Since shared libraries can be updated independently of applications, this should be a run-time check; configure-type checks for the currently-installed library should be easy to perform, but should only be used in conjunction with, not in place of, the run-time check. (Question: Should we consider gssapi thread-safe if it uses locks around krb5 calls that can call DNS or C library routines that are not known to be thread-safe, or worse, are known not to be thread-safe?) Should locks be ref-counted? Should we impose that requirement on the supplied callback functions, or implement it in this middle layer? According to @samp{http://www.unix-systems.org/single_unix_specification_v2/xsh/pthread_mutex_lock.html} the "normal" pthread mutex does not permit multiple acquisition attempts on the same lock, but "recursive" type mutexes have reference counts. (What's OpenSSL do?) For each library's prefix "foo" (to be determined for libraries like com_err without consistent prefixes), we'd have the following functions and macros, with names adjusted accordingly: ---------------- public: @smallexample /* Set the new locking callback function. Argument to the function are locking mode, lock number, and source file/line for debugging. This callback function is called via the internal locking function below. If a library uses functions in a second library, this function should also call the _set_locking_callback function for the second library, in case the application is not written to be aware of the second library. However, the lock numbers need to be adjusted so that the two sets of lock numbers don't overlap. Q: If this function *is* called while locks are held, what should it do? Abort? Return without doing anything? Change the callbacks anyways and let the program break? Should there be an error code return? (This function shouldn't depend on com_err.) Q: Must this function handle reference counts on locks, or should we assert that it will only be called on locks not held by the current thread? */ void foo_set_locking_callback (void (*lockfn)(int mode, int locknum, const char *file, int line)); /* Number of locks needed by this library for global data. If this library uses functions in a second library, this function should include the locks needed by the second library in the returned count. Lock numbers go from 0 to num_locks-1. It is not required that all of the numbers actually be used, but there shouldn't be any large gaps in the numbering sequence. For simple libraries without dependencies, this should be a fixed value. For libraries with dependencies on other libraries, it should still be fixed, but dependent on the num_locks values for those libraries (or hardcoded knowledge about the number of locks they need, if you don't want to keep it clean). */ int foo_num_locks (void); /* Set the "what's my thread id?" function. Might not be needed, depending how we handle the rest of the API. If needed, check process-id too, so the returned id is just for threads within a process. Q: What if a multithreaded process forks? */ void foo_set_id_callback (unsigned long (*idfn)(void)); /* Register functions for manipulating thread-specific data. POSIX has fairly directly corresponding functions. On Windows the functions are similar, but the destruction callback is via an invocation of DllMain at thread exit time, not per-object callbacks; a mutex-protected list of keys with destructors will allow mapping one to the other. We will probably want this for com_err's static buffer for unknown-error messages. I doubt any other library will need it, but we'll see... This would also be a (presumably small) numbered list of data, with a maximum index determined at run time, handled akin to the locks above. */ int foo_num_specificdata (void); void foo_set_specificdata_callback (void (*setdestructorfn)(int sdnum, void (*fn)(void*)), void (*setfn)(int sdnum, void *data, const char *file, int line), void *(*getfn)(int sdnum)); /* Default lock handling in the library. With this call, an application not providing its own callbacks can still verify that the library is built to use the same threading system as its default. If FOO_THREADS_NONE is returned, it means the hooks are present, but no locking routines will actually be called by default. If the application wants to use multiple threads, it needs to register callbacks. If FOO_THREADS_UNSAFE is returned, it means that not only are no default callbacks compiled in, but the code calls routines in other libraries that are not known to be thread-safe. (For example, getpwuid or gethostbyname.) Callback functions may be registered by the application, if it wants to take its chances. (We might use locks internally to prevent krb5 code from using such routines in multiple threads before the returned values are copied out to non-static storage. But IMHO we shouldn't export that locking capability as part of the API.) Q: What about systems that might have multiple thread packages that *are* known to play nicely together? If some FooThreads package is provided by the kernel and the pthreads implementation uses FooThreads primitives in a compatible way, the application should be okay even if it doesn't use the same interface as the gss/krb5 libraries. Should that knowledge be in the library or the application? Should we not bother? */ int foo_get_lock_info (void); /* Should these be macros or enumerators? */ #define FOO_THREADS_PTHREAD 1 #define FOO_THREADS_WIN32 2 #define FOO_THREADS_MACOS9 3 #define FOO_THREADS_MACH 4 ... #define FOO_THREADS_NONE 0 /* app must set callbacks */ #define FOO_THREADS_UNSAFE -1 /* lib uses unsafe libc calls */ for internal use within the library only: #define LOCKMODE_LOCK 1 #define LOCKMODE_UNLOCK 2 /* Acquire the lock. Q: Support ref-counted locks at this layer? */ void fooint_lock (int mode, int locknum, const char *file, int line); #define LOCK(N) fooint_lock(LOCKMODE_LOCK,(N),__FILE__,__LINE__) #define UNLOCK(N) fooint_lock(LOCKMODE_UNLOCK,(N),__FILE__,__LINE__) /* Functions implementing thread-specific data, using the callbacks registered above. */ void fooint_setspecificdestructor (int sdnum, void (*dfn)(void *data)); void fooint_setspecific_1 (int sdnum, void *data, const char *file, int line); #define fooint_setspecific(SDNUM,DATA) \ fooint_setspecific_1((SDNUM),(DATA),__FILE__,__LINE__) void *fooint_getspecific (int sdnum); ---------------- @end smallexample The functionality maps pretty closely to a subset of POSIX thread functionality, aside from using integers instead of implementation-specific types. It's a little further from the Windows thread API, but mostly (AFAIK) in that the thread-specific-data destructors would need to be recorded in a per-library list and invoked out of DllMain when it gets a thread-exit notification. So instead of @example pthread_mutex_lock(&foo_mutex); @end example we'd use @example #define FOO_MUTEX 2 LOCK(FOO_MUTEX); @end example The use of a maximum number of locks means the locks can be allocated at initialization or callback-registration time, when the locking functions will not be called. Since the locking functions and the meanings of the lock numbers are buried within each library, the application cannot use these locks portably in any meaningful way. But this also means we can change the set of locks required between versions without breaking any applications, and we don't have to add code in multiple places to use pthread_once equivalents to create a bunch of locks, or static initialization when we don't know the application's lock type, instead it can be localized to the shim layer. The use of a maximum number of thread-specific data objects means a fixed list of destructor functions can be used, perhaps even hard-coded in each library's DllMain, and we don't need to worry about creating keys, protecting the variables holding the keys, etc. The functionality of pthread_once can be achieved by allocating one of the lock numbers to protect the flag associated with the initialization routine that is to be called. For example, instead of @example pthread_once(&foo_once, foo_init); @end example we can use @example #define FOO_INIT_LOCKNUM 3 static int foo_init_called; LOCK_WRITE(FOO_INIT_LOCKNUM); if (!foo_init_called) @{ foo_init(); foo_init_called++; @} UNLOCK_WRITE(FOO_INIT_LOCKNUM); @end example It's a bit more clunky; perhaps a wrapper function would still be desirable, but we don't necessarily need to require this functionality from the callback functions supplied by the application. (We could also make it optional, and fake it when no callback is supplied.) If we want to require that a thread be able to grab a lock multiple times with a reference count, we have to decide whether to impose that requirement on the lock callback function, which keeps the shim layer thin, or implement it in the shim layer. (I should look more closely at what OpenSSL is doing in this department. It would be nice if the same lock callback functions can be used for both packages, but we aren't distinguishing between read and write locks.) I guess I'd lean towards not permitting multiple locks. There's no support here for pthread_trylock equivalents; all attempts will block if the lock is held by another thread. Since some library routines block waiting on responses from the net, it's possible some locks may be held for quite a while. We can work to avoid such cases as much as possible. There's no support for cleanup functions to be called in case of thread cancellation (e.g., pthread_cleanup_push). We might be able to implement this with thread-specific data with a destructor, though. Do we care? I doubt it. ---------------- Anyways, that's the basic idea as Miro, Danilo, Tom and I hashed it out this evening. But, at least in my case, there isn't a lot of actual experience to back this up, so please let us know what you think. Is the application interface too clunky? Not flexible enough? Ken P.S. Another question: Which is more important, thread safety or IPv6 support? I think at least one of the OSes I was working with had gethostbyname_r, which is thread-safe but IPv4-only, and non-thread-safe versions of interfaces supporting IPv6 name lookups. I'd favor IPv6, at the moment, but I could certainly see people wanting it the other way; it could be configure-time selectable or something.... @end quotation A few issues with this proposal have been discussed on the @samp{krbdev} mailing list, but you can see generally where we're probably headed. @node Shared Libraries, , Thread Safety, Top @chapter Shared Libraries (These sections are old -- they should get updated.) @menu * Shared Library Theory:: * Operating System Notes for Shared Libraries:: @end menu @node Shared Library Theory, Operating System Notes for Shared Libraries, Shared Libraries, Shared Libraries @section Theory of How Shared Libraries are Used An explanation of how shared libraries are implemented on a given platform is too broad a topic for this manual. Instead this will touch on some of the issues that the Kerberos V5 tree uses to support version numbering and alternate install locations. Normally when one builds a shared library and then links with it, the name of the shared library is stored in the object (i.e. libfoo.so). Most operating systems allows one to change name that is referenced and we have done so, placing the version number into the shared library (i.e. libfoo.so.0.1). At link time, one would reference libfoo.so, but when one executes the program, the shared library loader would then look for the shared library with the alternate name. Hence multiple versions of shared libraries may be supported relatively easily. @footnote{Under AIX for the RISC/6000, multiple versions of shared libraries are supported by combining two or more versions of the shared library into one file. The Kerberos build procedure produces shared libraries with version numbers in the internal module names, so that the shared libraries are compatible with this scheme. Unfortunately, combining two shared libraries requires internal knowledge of the AIX shared library system beyond the scope of this document. Practicallyspeaking, only one version of AIX shared libraries can be supported on a system, unless the multi-version library is constructed by a programmer familiar with the AIX internals.} All operating systems (that we have seen) provide a means for programs to specify the location of shared libraries. On different operating systems, this is either specified when creating the shared library, and link time, or both.@footnote{Both are necessary sometimes as the shared libraries are dependent on other shared libraries} The build process will hardwire a path to the installed destination. @node Operating System Notes for Shared Libraries, , Shared Library Theory, Shared Libraries @section Operating System Notes for Shared Libraries @menu * NetBSD Shared Library Support:: * AIX Shared Library Support:: * Solaris 5.3 Shared Library Support:: * Alpha OSF/1 Shared Library Support:: @end menu @node NetBSD Shared Library Support, AIX Shared Library Support, Operating System Notes for Shared Libraries, Operating System Notes for Shared Libraries @subsection NetBSD Shared Library Support Shared library support has been tested under NetBSD 1.0A using GCC 2.4.5. Due to the vagaries of the loader in the operating system, the library load path needs to be specified in building libraries and in linking with them. Unless the library is placed in a standard location to search for libraries, this may make it difficult for developers to work with the shared libraries. @node AIX Shared Library Support, Solaris 5.3 Shared Library Support, NetBSD Shared Library Support, Operating System Notes for Shared Libraries @subsection AIX Shared Library Support AIX specifies shared library versions by combining multiple versions into a single file. Because of the complexity of this process, no automatic procedure for building multi-versioned shared libraries is provided. Therefore, supporting multiple versions of the Kerberos shared libraries under AIX will require significant work on the part of a programmer famiiliar with AIX internals. AIX allows a single library to be used both as a static library and as a shared library. For this reason, the @samp{--enable-shared} switch to configure builds only shared libraries. On other operating systems, both shared and static libraries are built when this switch is specified. As with all other operating systems, only non-shared static libraries are built when @samp{--enable-shared} is not specified. The AIX 3.2.5 linker dumps core trying to build a shared @samp{libkrb5.a} produced with the GNU C compiler. The native AIX compiler works fine. In addition, the AIX 4.1 linker is able to build a shared @samp{libkrb5.a} when GNU C is used. @node Solaris 5.3 Shared Library Support, Alpha OSF/1 Shared Library Support, AIX Shared Library Support, Operating System Notes for Shared Libraries @subsection Solaris 5.3 Shared Library Support Shared library support only works when using the Sunsoft C compiler. We are currently using version 3.0.1. The path to the shared library must be specified at link time as well as when creating libraries. @node Alpha OSF/1 Shared Library Support, , Solaris 5.3 Shared Library Support, Operating System Notes for Shared Libraries @subsection Alpha OSF/1 Shared Library Support Shared library support has been tested with V2.1 and higher of the operating system. Shared libraries may be compiled both with GCC and the native compiler. One of the nice features on this platform is that the paths to the shared libraries is specified in the library itself without requiring that one specify the same at link time. We are using the @samp{-rpath} option to @samp{ld} to place the library load path into the executables. The one disadvantage of this is during testing where we want to make sure that we are using the build tree instead of a possibly installed library. The loader uses the contents of @samp{-rpath} before LD_LIBRARY_PATH so we must specify a dummy _RLD_ROOT and complete LD_LIBRARY_PATH in our tests. The one disadvantage with the method we are using.... @contents @bye