Re: 2.2.23's slapd segfaults when using ldapsearch

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Tuesday, February 01, 2005 8:35 AM -0500 Greg Petras 
<gpetme@gmail.com> wrote:

> Quanah -
>
> Thanks for the reply.
>
> > I seriously advise against using MIT Kerberos 1.3.  I advise a bit
> > against MIT Kerberos 1.4.  I suggest Heimdal.
>
> Do you know specifically what it is about MIT Kerberos 1.3 that is a
> problem? What do you know about 1.4 that makes you less weary? I'm not
> that familiar with all the different k5 options out there. Would a
> heimdal client work with an MIT Kerberos 5 realm?

MIT kerberos 1.3 is not thread safe.  MIT Kerberos 1.4 is thread safe, but 
has problems with its replay cache.  If you use MIT Krb5 1.3, you'll want 
to make sure mutexes are enabled in Cyrus-SASL 2.1.20.  If you use 1.4, 
you'll want to disable them.  Neither set of libraries handles requests as 
quickly as Heimdal Kerberos does.

Stanford runs MIT Kerberos for nearly everything, and has MIT Kerberos 
KDC's.  There has been no problem having the OpenLDAP servers be compiled 
against Heimdal.  Kerberos 5 is a protocol, both Heimdal & MIT speak it.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html