[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

>>>>> "Frank.Swasey" == Frank Swasey <Frank.Swasey@uvm.edu> writes:

Frank.Swasey> Whatever does that for me is fine -- {KERBEROS}user@realm is just
Frank.Swasey> so easy to use and works well.

Frank.Swasey> I have never heard anyone complain that it didn't work.

Well, I think I've seen claims that MIT kerberos is not thread-safe.  I've gone
through some OpenLDAP versions which seemed to crash in an area which looked to
me to be vaguely associated with kerberos, so I think I believe it.  I don't
recall which minor versions those were and it's unclear why one version or
another would be more susceptible to failure if the problem was in kerberos,
which is not changing.  However, if some software is broken, we all know that
failure can be unpredictable.

If there is anyone who has actually looked into it and knows how to wrap the
area into a single thread, maybe that will solve it.

I appreciate that Kurt doesn't want to continue to drag along broken stuff.
I've been through ISO quipu, U.Mich LDAP, and now OpenLDAP, and clearly this is
the best situation I've enjoyed, so I appreciate the development efforts.