[Date Prev][Date Next]
Re: OPENLDAP + (MIT | heimdal)
--On Sunday, May 15, 2005 10:32 PM -0700 "Kurt D. Zeilenga"
At 04:30 AM 5/15/2005, Manel Euro wrote:
Can someone make a list of the advantages and disavantges of using
either one and how it will effect openldap perfromance?
While there may be advantages and disadvantages between various
KDC implementations, none of these likely weight more (or less)
on OpenLDAP Software than any other software that interacts
with Kerberos through Cyrus SASL, which are likely don't
weight more (or less) on software that interacts with Kerberos
in similar ways.
That is, the reasons for choosing MIT or Heimdal are likely
the same regardless of whether your choosing for OpenLDAP
Software or choosing for 100s of other software packages.
However, when you go to link your OpenLDAP shared libraries against
Kerberos shared libraries if you want to use SASL/GSSAPI authentication,
there so far are distinct performance advantages to linking against Heimdal
as opposed to MIT shared libraries, but that is completely separate from
the KDC choice (Stanford has an MIT KDC, and links against Heimdal K5
libraries on the OpenLDAP directory servers).
This may be fixed with MIT 1.4.1, but I've not had a chance to test it yet.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin