[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and kerberos libraries

--On Monday, June 06, 2005 2:13 PM +0000 Manel Euro <euro_32@hotmail.com> wrote:


Can anyone tell me if the Mit libraries are safe to have openldap configured with threads. I need slurpd and I would like to know if mit kerberos libraries are safe. I have read same 2003 threads stating that we should not use mit kerberos libraries with openldap (--with-threads) as it is a recipe to disaster. Is this comment still true?

Yes and no. MIT 1.4 has made a lot of strides in being a safe threaded library. You can also compile newer versions of cyrus sasl with mutex protections around the MIT kerberos libraries, which make its thread safetiness a moot point. However, thread safe or not, I've consistently found (at least so far) that the Heimdal libraries are much faster than the MIT libraries when it comes to using OpenLDAP with SASL/GSSAPI connections (about 1/3 faster).

You can use OpenLDAP built against Heimdal in an MIT KDC world (that's what Stanford is) without problem.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin