[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

--On Thursday, October 16, 2003 11:52 AM -0400 Allan E Johannesen <aej@WPI.EDU> wrote:

"Frank.Swasey" == Frank Swasey <Frank.Swasey@uvm.edu> writes:

Frank.Swasey> Whatever does that for me is fine -- {KERBEROS}user@realm is just Frank.Swasey> so easy to use and works well.

Frank.Swasey> I have never heard anyone complain that it didn't work.

Well, I think I've seen claims that MIT kerberos is not thread-safe.
I've gone through some OpenLDAP versions which seemed to crash in an area
which looked to me to be vaguely associated with kerberos, so I think I
believe it.  I don't recall which minor versions those were and it's
unclear why one version or another would be more susceptible to failure
if the problem was in kerberos, which is not changing.  However, if some
software is broken, we all know that failure can be unpredictable.

If there is anyone who has actually looked into it and knows how to wrap
the area into a single thread, maybe that will solve it.

I appreciate that Kurt doesn't want to continue to drag along broken
stuff. I've been through ISO quipu, U.Mich LDAP, and now OpenLDAP, and
clearly this is the best situation I've enjoyed, so I appreciate the
development efforts.


The problems I've detailed on the list about MIT kerberos were separate from kpasswd... There are thread issues, which can be resolved by carefully mutexing the calls. Longterm, MIT is interested in fixing their thread issues so that isn't necessary (which I think would be better from a performance aspect). I'm currently working with them on this project.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html