[Date Prev][Date Next]
Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
--On Saturday, March 06, 2004 2:17 PM -0500 Kevin <email@example.com>
On Saturday 06 March 2004 13:36, Quanah Gibson-Mount
Thanks very much for your reply. I hadn't given any
consideration to this issue at all. What can I read
to learn more about this thread issue? I have only
the most basic understanding of it, and I had the
impression that MIT Kerberos V was sort-of the "Gold
Standard" Kerberos implementation and as such, I
thought I wouldn't have to worry about things like
threads and stuff.
If there is a patch the the MIT Kerberos sources to
resolve this, could someone post it? I just noticed
that v1.3.2 of MIT Kerberos V has recently been
released. Does this problem also apply to 1.3.2, and
will the patch work on 1.3.2?
Thanks very kindly for pointing this out.
Stanford is very much a MIT Krb5 shop, and we use it and its libraries for
everything except the OpenLDAP servers. I don't have the MIT krb5 patches,
as I've never pursued that route. One reason is what they do is mutex all
the calls, which I think would have a negative impact on performance over
how Heimdal operates, and for us, the server performance is a very big
deal. It is not difficult to compile & run Heimdal.
I've also worked some with the MIT folks on the threading issue, so I know
it is on their to-do list. However, I'm fairly certain that none of that
work was put into 1.3.2.
You can find a lot about our configuration at:
Note that those pages are slightly behind IRT the versions we have
deployed, but in general the build parameters apply.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html