Re: Integration: MIT Kerberos V and OpenLDAP with SASL/GSSAPI

[Kevin <openldap@gnosys.biz>]

On Saturday 06 March 2004 20:45, Quanah Gibson-Mount wrote:
> --On Saturday, March 06, 2004 7:51 PM -0500 Kevin <openldap@gnosys.biz>
>
> wrote:
> > On Saturday 06 March 2004 16:41, Quanah Gibson-Mount wrote:
> >> Hi Kevin,
> >>
> >> Stanford is very much a MIT Krb5 shop, and we use it and its
> >> libraries for everything except the OpenLDAP servers.  I don't have
> >> the MIT krb5
> >
> > So I guess that heimdal and MIT kerberos KDCs can work together
> > pretty easily then (as master/slave KDCs?)?  I'm guessing you guys at
> > Stanford don't have a separate KDC database for the OpenLDAP
> > servers... or am I wrong on that?
>
> We have a single KDC, and it is MIT K5.  Using the Heimdal libraries
> for the OpenLDAP server really has no relation to the KDC used.
>

Pardon my ignorance, but... does that mean that the machines hosting the 
OpenLDAP servers simply have dynamic libraries from Heimdal rather than 
MIT Kerberos?  Or that the OpenLDAP server programs were statically 
linked against libraries from Heimdal rather than MIT?  Or both?  Or 
something else?

If I'm getting off-topic here, someone please tell me.

And thanks to everyone for all of the valuable information that has been 
posted.

-Kevin