[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 2.2.23's slapd segfaults when using ldapsearch

--On Tuesday, February 01, 2005 8:35 AM -0500 Greg Petras <gpetme@gmail.com> wrote:

Quanah -

Thanks for the reply.

I seriously advise against using MIT Kerberos 1.3.  I advise a bit
against MIT Kerberos 1.4.  I suggest Heimdal.

Do you know specifically what it is about MIT Kerberos 1.3 that is a problem? What do you know about 1.4 that makes you less weary? I'm not that familiar with all the different k5 options out there. Would a heimdal client work with an MIT Kerberos 5 realm?

MIT kerberos 1.3 is not thread safe. MIT Kerberos 1.4 is thread safe, but has problems with its replay cache. If you use MIT Krb5 1.3, you'll want to make sure mutexes are enabled in Cyrus-SASL 2.1.20. If you use 1.4, you'll want to disable them. Neither set of libraries handles requests as quickly as Heimdal Kerberos does.

Stanford runs MIT Kerberos for nearly everything, and has MIT Kerberos KDC's. There has been no problem having the OpenLDAP servers be compiled against Heimdal. Kerberos 5 is a protocol, both Heimdal & MIT speak it.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html