[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: Heimdal on RedHat



On Tuesday, April 6, 2004, at 01:21 PM, Frank Swasey wrote:
I have seen the mantra here so many times that one should always
compile OpenLDAP using the Heimdal libraries. However, on a RedHat
(Fedora or otherwise) system, the MIT libraries are so entertwined in
the os (SSL, SASL) that I'm wondering if anyone has crossed this bridge
before (or are you all like me and just continuing to use the MIT
libraries to this point) to compile OpenLDAP 2.1 on a RedHat system with
the heimdal libraries and how you managed it.

I have only used Kerberos through Cyrus SASL, which I build myself. Redhat's SSL does depend on (its own) Kerberos. It does seem like that could pose a problem if both Heimdal and Redhat MIT are linked in as shared libraries, but they don't have to be - I link sasl's libgssapiv2.so with libkrb5.a etc., statically.

Or you can build your own SSL.

Or you can use MIT Kerberos.  I underestand Simon Wilkinson would
have the best patches for this, but it's not a huge programming feat
to add pthreads mutexes to cyrus-sasl's gssapi plugin.  I believe
that's an improvement over using Heimdal, whose thread safety is
after all only a matter of conjecture, without mutexes.

I actually do pretty much all of the above, plus with our own MIT
build, so Redhat's ideas about this stuff aren't my problem.  The
slapd Makefile isn't completely ready for that, despite configure
options - I'll get a working slapd, but ldd reports some unwanted
shared library dependencies.  I have to relink with a hand edited,
shortened link list.

	Donn Cave, donn@u.washington.edu