[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: open ldap with SASL & GSSAPI

--On Wednesday, November 08, 2006 11:51 PM -0500 Maxwell Bottiger <sleepylight@jive-turkey.net> wrote:

On Wed, 2006-11-08 at 18:28 -0800, Howard Chu wrote:


MIT Kerberos is known to work very poorly with OpenLDAP slapd. Heimdal is known to work well. On the client side, either one will work, but generally I would recommend using Heimdal.

I have heard that through other sources as well. I'm really just using MIT kerberos because it shipped with my distro. Can I move the kerberos database directly to Hemidal in the future?

It doesn't matter what kerberos database you use. For example, Stanford uses an MIT KDC. But we use the Heimdal kerberos *libraries* to link slapd against. It is the libraries we are talking about right now. Of course, Heimdal also has the capability of using LDAP as its KDC store. MIT will have that functionality sometime in the near future.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html