[Date Prev][Date Next]
Re: 2.2.23's slapd segfaults when using ldapsearch
--On Tuesday, February 01, 2005 8:35 AM -0500 Greg Petras
Thanks for the reply.
I seriously advise against using MIT Kerberos 1.3. I advise a bit
against MIT Kerberos 1.4. I suggest Heimdal.
Do you know specifically what it is about MIT Kerberos 1.3 that is a
problem? What do you know about 1.4 that makes you less weary? I'm not
that familiar with all the different k5 options out there. Would a
heimdal client work with an MIT Kerberos 5 realm?
MIT kerberos 1.3 is not thread safe. MIT Kerberos 1.4 is thread safe, but
has problems with its replay cache. If you use MIT Krb5 1.3, you'll want
to make sure mutexes are enabled in Cyrus-SASL 2.1.20. If you use 1.4,
you'll want to disable them. Neither set of libraries handles requests as
quickly as Heimdal Kerberos does.
Stanford runs MIT Kerberos for nearly everything, and has MIT Kerberos
KDC's. There has been no problem having the OpenLDAP servers be compiled
against Heimdal. Kerberos 5 is a protocol, both Heimdal & MIT speak it.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html