Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI

[Kevin <openldap@gnosys.biz>]

On Saturday 06 March 2004 13:36, Quanah Gibson-Mount 
wrote:
> --On Saturday, March 06, 2004 3:35 PM +0100 Dieter
> Kluenter
>
> <dieter@dkluenter.de> wrote:
> > Kevin <openldap@gnosys.biz> writes:
> >> Hi All-
> >>
> >> I'm trying to integrate the subject software and
> >> having difficulty with the part that seems most
> >> mysterious to me: getting slapd to say, "Oh, a
> >> user is trying to do initial kerberos
> >> authentication through me...
> >
> > [...]
> >
> >> For any of you that might already be doing this,
> >> how do you establish the connection between LDAP
> >> and the authentication server?
>
> Kevin,
>
> I'll also note that on the server side of things,
> you'll either have to find patches against MIT Krb5
> to make it thread safe (someone on this list has
> them), or compile slapd against Heimdal 0.6 Krb5
> (which is what I do). Otherwise your server will be
> subject to lockups & other issues.  It is fine to
> use MIT KRB5 in non-threaded clients.

Quanah-

Thanks very much for your reply.  I hadn't given any 
consideration to this issue at all.  What can I read 
to learn more about this thread issue?  I have only 
the most basic understanding of it, and I had the 
impression that MIT Kerberos V was sort-of the "Gold 
Standard" Kerberos implementation and as such, I 
thought I wouldn't have to worry about things like 
threads and stuff.

If there is a patch the the MIT Kerberos sources to 
resolve this, could someone post it?  I just noticed 
that v1.3.2 of MIT Kerberos V has recently been 
released.  Does this problem also apply to 1.3.2, and 
will the patch work on 1.3.2?

Thanks very kindly for pointing this out.

-Kevin