* Ben Poliakoff (benp@reed.edu) wrote: > * Howard Chu <hyc@highlandsun.com> [030227 15:37]: > > Time and again we advise that the MIT Kerberos 5 libraries are not usable > > with SASL and OpenLDAP. You should not be surprised that ignoring that advice > > causes problems. Nor should you have to scratch your head too hard thinking > > about any solutions. Use Heimdal. > > OK, I'm already working on a build of heimdal and a rebuild of sasl. Be sure to check out the post to this list earlier which explains all that you have to do to get Heimdal to compile as threadsafe. As I recall you have to use a CVS version after a certain date and set an environment variable or pass something on the command-line to build it. > In retrospect I did spot: > > How can OpenLDAP, Cyrus-SASL, OpenSSL and KerberosV be combined? > http://www.openldap.org/faq/data/cache/544.html > > For what it's worth. Compiling OpenLDAP with and without threads made > no difference. That would indicate to me, at least, that the problem (unsuprisingly) is not the constantly blamed MIT krb5 libs (which have worked fine for me so far, though I do believe that under load they can cause problems). I believe someone else is working on a patch, or at least looking into the possibility of doing something, to deal with the MIT krb5 libs not being thread-safe. > I'll shut up now. If you have the time to I'd be happy to work through this issue with you. I'll go back through the mailing list and see if I can figure out your setup and duplicate what you're getting. I don't think I saw a backtrace with debugging symbols, do you think you could do one? Stephen
Attachment:
pgpkwMqZf8HaQ.pgp
Description: PGP signature