[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OPENLDAP + (MIT | heimdal)

--On Sunday, May 15, 2005 10:32 PM -0700 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

At 04:30 AM 5/15/2005, Manel Euro wrote:
Can someone make a list of the advantages and disavantges of using
either one and how it will effect openldap perfromance?

While there may be advantages and disadvantages between various KDC implementations, none of these likely weight more (or less) on OpenLDAP Software than any other software that interacts with Kerberos through Cyrus SASL, which are likely don't weight more (or less) on software that interacts with Kerberos in similar ways.

That is, the reasons for choosing MIT or Heimdal are likely
the same regardless of whether your choosing for OpenLDAP
Software or choosing for 100s of other software packages.

However, when you go to link your OpenLDAP shared libraries against Kerberos shared libraries if you want to use SASL/GSSAPI authentication, there so far are distinct performance advantages to linking against Heimdal as opposed to MIT shared libraries, but that is completely separate from the KDC choice (Stanford has an MIT KDC, and links against Heimdal K5 libraries on the OpenLDAP directory servers).

This may be fixed with MIT 1.4.1, but I've not had a chance to test it yet.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin