[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)



On Wednesday, July 28, 2004, at 02:59 PM, Quanah Gibson-Mount wrote:
2004-07-15  Rob Siemborski <rjs3@andrew.cmu.edu>
         * configure.in, plugins/gssapi.c: Wrap all GSS calls
           in mutexes when required by the implementation.
           (based on a patch by Simon Wilkinson <simon@sxw.org.uk>)

Yeah, I commented on this bug previously. What is really being said here, is that they'll wrap the GSS calls specifically if MIT kerberos is being used. I still have problems with that approach, since MIT is working on fixing the threading issues in their Kerberos libraries, at which point the SASL mutexing may become a bottleneck (as well as unnecessary).

Even if they for some unlikely reason couldn't manage to release this version of Cyrus SASL before MIT's thread safe krb5 came out, it would still help a lot more than it could hurt. How long do you think it will take before every site where Redhat Linux is deployed will have the latest krb5, for example?

It's great news they're doing this, from where I'm sitting.  I think
it will significantly lower the barrier to installing OpenLDAP with
GSSAPI support.

	Donn Cave, donn@u.washington.edu