RE: ldap in heterogenous environment

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, April 21, 2003 4:58 PM +0200 Tony Earnshaw 
<tonni@billy.demon.nl> wrote:

> søn, 20.04.2003 kl. 16.36 skrev Howard Chu:
>
> > This has been discussed here before. The solution that we recommend is
> > to use Heimdal with PADL's hdb-ldap backend and Symas' patches. (Not all
> > of the patches were present in Heimdal 0.5.2 so it seems you still have
> > to apply some by hand.) This approach gives the tightest integration,
> > putting the Kerberos user database in LDAP itself.
>
> I'm now totally confused. At the last count, I seem to remember reading
> (without going back to it) that you said that Heimdal had bugs that made
> it more or less useless and that one should use MIT Kerberos. Previously
> I'd heard that MIT Kerberos was totally useless and that Heimdal was the
> solution.
>
> Could someone please elucidate?

Tony,

I've never seen Howard or Kurt advocate the use of MIT Kerberos.  We use 
Kerberos on a daily basis here, and my tests have repeatedly shown that 
only Heimdal's implementation is stable in a threaded environment when 
combined with OpenLDAP.


--Quanah


--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html