[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI





--On Saturday, March 06, 2004 2:17 PM -0500 Kevin <openldap@gnosys.biz> wrote:

On Saturday 06 March 2004 13:36, Quanah Gibson-Mount
wrote:
Quanah-

Thanks very much for your reply.  I hadn't given any
consideration to this issue at all.  What can I read
to learn more about this thread issue?  I have only
the most basic understanding of it, and I had the
impression that MIT Kerberos V was sort-of the "Gold
Standard" Kerberos implementation and as such, I
thought I wouldn't have to worry about things like
threads and stuff.

If there is a patch the the MIT Kerberos sources to
resolve this, could someone post it?  I just noticed
that v1.3.2 of MIT Kerberos V has recently been
released.  Does this problem also apply to 1.3.2, and
will the patch work on 1.3.2?

Thanks very kindly for pointing this out.

Hi Kevin,

Stanford is very much a MIT Krb5 shop, and we use it and its libraries for everything except the OpenLDAP servers. I don't have the MIT krb5 patches, as I've never pursued that route. One reason is what they do is mutex all the calls, which I think would have a negative impact on performance over how Heimdal operates, and for us, the server performance is a very big deal. It is not difficult to compile & run Heimdal.

I've also worked some with the MIT folks on the threading issue, so I know it is on their to-do list. However, I'm fairly certain that none of that work was put into 1.3.2.

You can find a lot about our configuration at:

<http://www.stanford.edu/services/directory/openldap/configuration/index.ht
ml>

Note that those pages are slightly behind IRT the versions we have deployed, but in general the build parameters apply.

--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html