[Date Prev][Date Next]
Re: Openldap and kerberos libraries
--On Monday, June 06, 2005 2:13 PM +0000 Manel Euro <email@example.com>
Can anyone tell me if the Mit libraries are safe to have openldap
configured with threads.
I need slurpd and I would like to know if mit kerberos libraries are safe.
I have read same 2003 threads stating that we should not use mit kerberos
libraries with openldap (--with-threads) as it is a recipe to disaster.
Is this comment still true?
Yes and no. MIT 1.4 has made a lot of strides in being a safe threaded
library. You can also compile newer versions of cyrus sasl with mutex
protections around the MIT kerberos libraries, which make its thread
safetiness a moot point. However, thread safe or not, I've consistently
found (at least so far) that the Heimdal libraries are much faster than the
MIT libraries when it comes to using OpenLDAP with SASL/GSSAPI connections
(about 1/3 faster).
You can use OpenLDAP built against Heimdal in an MIT KDC world (that's what
Stanford is) without problem.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin