[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap and MIT krb5-1.4


According to previous discussions on the list, the big deal about building
openldap against MIT Kerberos libraries was that the latest were not thread
safe.  According to the list of changes on the MIT Kerberos website:
http://web.mit.edu/kerberos/www/krb5-1.4/, their new release is thread safe.

Has anyone tested building openldap against the new MIT Kerberos libraries
and tested it successfully?  The last time I tried this was with MIT
krb5-1.2 and openldap 2.1.X series; with that setup I could reliably crash
slapd while trying to use gssapi authentication.

Are there any other reasons to keep using heimdal rather than MIT krb5 on
the openldap servers other than the export restrictions?  It is my
understanding that the software export restrictions had changed a bit
allowing MIT kerberos to also be used more flexibly outside the U.S.