[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenSSL + Kerberos + Cyrus-SASL + OpenLDAP



* Simon Wilkinson <simon@sxw.org.uk> [031012 13:15]:
> Quanah Gibson-Mount wrote:
> >No.  And when you build OpenLDAP with Kerberos support, make sure you 
> >use Heimdal K5 and not MIT K5 at this time. 
> 
> Its not the OpenLDAP build that's the issue, but the Cyrus SASL one (the 
> Kerberos calls come from SASL, not OpenLDAP). If you patch Cyrus SASL 
> (my patches are available upon request) to mutex protect all of the 
> calls to the GSSAPI libraries then you can run with MIT Kerberos without 
> any issues.

I'll speak for many (I imagine); I'm very interested in looking at these
patches.  Are you comfortable making them generally available?  Have you
used them in a "production environment"?

Ben

-- 
---------------------------------------------------------------------------
Ben Poliakoff                                   email: <benp@imap.reed.edu>
Reed College                                           tel:  (503)-788-6674
Unix System Administrator       PGP key: http://www.reed.edu/~benp/key.html
---------------------------------------------------------------------------
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019