[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)

To: openldap-software@OpenLDAP.org
Subject: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
From: Donn Cave <donn@u.washington.edu>
Date: Wed, 28 Jul 2004 15:40:26 -0700
Cc: Igor Brezac <igor@ipass.net>
In-reply-to: <875A88FCC731AC7C6B76FA4C@cadabra.stanford.edu>

On Wednesday, July 28, 2004, at 02:59 PM, Quanah Gibson-Mount wrote:

2004-07-15  Rob Siemborski <rjs3@andrew.cmu.edu>
         * configure.in, plugins/gssapi.c: Wrap all GSS calls
           in mutexes when required by the implementation.
           (based on a patch by Simon Wilkinson <simon@sxw.org.uk>)
Yeah, I commented on this bug previously. What is really being said here, is that they'll wrap the GSS calls specifically if MIT kerberos is being used. I still have problems with that approach, since MIT is working on fixing the threading issues in their Kerberos libraries, at which point the SASL mutexing may become a bottleneck (as well as unnecessary).


Even if they for some unlikely reason couldn't manage to release
this version of Cyrus SASL before MIT's thread safe krb5 came out,
it would still help a lot more than it could hurt.  How long do you
think it will take before every site where Redhat Linux is deployed
will have the latest krb5, for example?

It's great news they're doing this, from where I'm sitting.  I think
it will significantly lower the barrier to installing OpenLDAP with
GSSAPI support.

	Donn Cave, donn@u.washington.edu

Follow-Ups:
- Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

References:
- Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)
Next by Date: Problem with SSL/TLS
Index(es):
- Chronological
- Thread