[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd crash

At 02:11 PM 2002-07-07, Lawrence Greenfield wrote:
>Kerberos library thread safety:
>This is a really annoying problem. The Cyrus SASL library works around
>Kerberos 4 libraries (by mutexing all accesses into them) because it's
>expected that Kerberos 4 libraries aren't thread safe.

slapd(8) doesn't protect Kerberos IV calls (LDAPv2 "kbind").
Maybe it should.  I'll leave that to the few folks who still
use LDAPv2 kbind.

The only SASL call we serialize is sasl_checkpass().  IIRC,
we do this because sasl_checkpass() may make calls (directly
or indirectly) to non-threadsafe routines (e.g., crypt(3))
which slapd might also call.  We likely should protect calls
to sasl_setpass() as well.

>Since we've had good luck with the Heimdal libraries, the Cyrus
>libsasl implementation does NOT mutex krb5 library calls.

Same here.  That is, we assume the Kerberos V library is
threadsafe.  Heimdal works.