Re: Q: Heimdal on RedHat

[Donn Cave <donn@u.washington.edu>]

On Tuesday, April 6, 2004, at 01:21 PM, Frank Swasey wrote:
> I have seen the mantra here so many times that one should always
> compile OpenLDAP using the Heimdal libraries.  However, on a RedHat
> (Fedora or otherwise) system, the MIT libraries are so entertwined in
> the os (SSL, SASL) that I'm wondering if anyone has crossed this bridge
> before (or are you all like me and just continuing to use the MIT
> libraries to this point) to compile OpenLDAP 2.1 on a RedHat system 
> with
> the heimdal libraries and how you managed it.

I have only used Kerberos through Cyrus SASL, which I build myself.
Redhat's SSL does depend on (its own) Kerberos.  It does seem like
that could pose a problem if both Heimdal and Redhat MIT are linked
in as shared libraries, but they don't have to be - I link sasl's
libgssapiv2.so with libkrb5.a etc., statically.

Or you can build your own SSL.

Or you can use MIT Kerberos.  I underestand Simon Wilkinson would
have the best patches for this, but it's not a huge programming feat
to add pthreads mutexes to cyrus-sasl's gssapi plugin.  I believe
that's an improvement over using Heimdal, whose thread safety is
after all only a matter of conjecture, without mutexes.

I actually do pretty much all of the above, plus with our own MIT
build, so Redhat's ideas about this stuff aren't my problem.  The
slapd Makefile isn't completely ready for that, despite configure
options - I'll get a working slapd, but ldd reports some unwanted
shared library dependencies.  I have to relink with a hand edited,
shortened link list.

	Donn Cave, donn@u.washington.edu