[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI
On Saturday 06 March 2004 16:41, Quanah Gibson-Mount wrote:
> Hi Kevin,
>
> Stanford is very much a MIT Krb5 shop, and we use it and its libraries
> for everything except the OpenLDAP servers. I don't have the MIT krb5
So I guess that heimdal and MIT kerberos KDCs can work together pretty
easily then (as master/slave KDCs?)? I'm guessing you guys at Stanford
don't have a separate KDC database for the OpenLDAP servers... or am I
wrong on that?
> patches, as I've never pursued that route. One reason is what they do
> is mutex all the calls, which I think would have a negative impact on
> performance over how Heimdal operates, and for us, the server
Also good to know (though I don't really understand threads well enough to
know what a mutex is---I get the gist anyway: performance problems).
> performance is a very big deal. It is not difficult to compile & run
> Heimdal.
I wouldn't even need to since SuSE 9 comes packaged with heimdal. I opted
to build MIT kerby 5 from source because I thought it would be more well
tested for vulnerabilities and so forth.
>
> I've also worked some with the MIT folks on the threading issue, so I
> know it is on their to-do list. However, I'm fairly certain that none
> of that work was put into 1.3.2.
Ok. Thank you.
>
> You can find a lot about our configuration at:
>
> <http://www.stanford.edu/services/directory/openldap/configuration/inde
>x.ht ml>
Again, thanks for the pointer.
--
-Kevin