[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
On Saturday 06 March 2004 13:36, Quanah Gibson-Mount
wrote:
> --On Saturday, March 06, 2004 3:35 PM +0100 Dieter
> Kluenter
>
> <dieter@dkluenter.de> wrote:
> > Kevin <openldap@gnosys.biz> writes:
> >> Hi All-
> >>
> >> I'm trying to integrate the subject software and
> >> having difficulty with the part that seems most
> >> mysterious to me: getting slapd to say, "Oh, a
> >> user is trying to do initial kerberos
> >> authentication through me...
> >
> > [...]
> >
> >> For any of you that might already be doing this,
> >> how do you establish the connection between LDAP
> >> and the authentication server?
>
> Kevin,
>
> I'll also note that on the server side of things,
> you'll either have to find patches against MIT Krb5
> to make it thread safe (someone on this list has
> them), or compile slapd against Heimdal 0.6 Krb5
> (which is what I do). Otherwise your server will be
> subject to lockups & other issues. It is fine to
> use MIT KRB5 in non-threaded clients.
Quanah-
Thanks very much for your reply. I hadn't given any
consideration to this issue at all. What can I read
to learn more about this thread issue? I have only
the most basic understanding of it, and I had the
impression that MIT Kerberos V was sort-of the "Gold
Standard" Kerberos implementation and as such, I
thought I wouldn't have to worry about things like
threads and stuff.
If there is a patch the the MIT Kerberos sources to
resolve this, could someone post it? I just noticed
that v1.3.2 of MIT Kerberos V has recently been
released. Does this problem also apply to 1.3.2, and
will the patch work on 1.3.2?
Thanks very kindly for pointing this out.
-Kevin