[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: seg faults with 2.12 slapd and GSSAPI bind



* Ben Poliakoff (benp@reed.edu) wrote:
> * Howard Chu <hyc@highlandsun.com> [030227 15:37]:
> > Time and again we advise that the MIT Kerberos 5 libraries are not usable
> > with SASL and OpenLDAP. You should not be surprised that ignoring that advice
> > causes problems. Nor should you have to scratch your head too hard thinking
> > about any solutions. Use Heimdal.
> 
> OK, I'm already working on a build of heimdal and a rebuild of sasl.

Be sure to check out the post to this list earlier which explains all
that you have to do to get Heimdal to compile as threadsafe.  As I
recall you have to use a CVS version after a certain date and set an
environment variable or pass something on the command-line to build it.

> In retrospect I did spot:
> 
>     How can OpenLDAP, Cyrus-SASL, OpenSSL and KerberosV be combined?
>     http://www.openldap.org/faq/data/cache/544.html
> 
> For what it's worth.  Compiling OpenLDAP with and without threads made
> no difference.

That would indicate to me, at least, that the problem (unsuprisingly) is
not the constantly blamed MIT krb5 libs (which have worked fine for me
so far, though I do believe that under load they can cause problems).  I
believe someone else is working on a patch, or at least looking into the
possibility of doing something, to deal with the MIT krb5 libs not being
thread-safe.

> I'll shut up now.

If you have the time to I'd be happy to work through this issue with
you.  I'll go back through the mailing list and see if I can figure out
your setup and duplicate what you're getting.  I don't think I saw a
backtrace with debugging symbols, do you think you could do one?

	Stephen

Attachment: pgpkwMqZf8HaQ.pgp
Description: PGP signature