Re: OPENLDAP + (MIT | heimdal)

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Sunday, May 15, 2005 10:32 PM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> At 04:30 AM 5/15/2005, Manel Euro wrote:
> > Can someone make a list of the advantages and disavantges of using
> > either one and how it will effect openldap perfromance?
>
> While there may be advantages and disadvantages between various
> KDC implementations, none of these likely weight more (or less)
> on OpenLDAP Software than any other software that interacts
> with Kerberos through Cyrus SASL, which are likely don't
> weight more (or less) on software that interacts with Kerberos
> in similar ways.
>
> That is, the reasons for choosing MIT or Heimdal are likely
> the same regardless of whether your choosing for OpenLDAP
> Software or choosing for 100s of other software packages.

However, when you go to link your OpenLDAP shared libraries against 
Kerberos shared libraries if you want to use SASL/GSSAPI authentication, 
there so far are distinct performance advantages to linking against Heimdal 
as opposed to MIT shared libraries, but that is completely separate from 
the KDC choice (Stanford has an MIT KDC, and links against Heimdal K5 
libraries on the OpenLDAP directory servers).

This may be fixed with MIT 1.4.1, but I've not had a chance to test it yet.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin