Re: Openldap and kerberos libraries

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, June 06, 2005 2:13 PM +0000 Manel Euro <euro_32@hotmail.com> 
wrote:

> Hello,
>
>
> Can anyone tell me if the Mit libraries are safe to have openldap
> configured with  threads.
> I need slurpd and I would like to know if mit kerberos libraries are safe.
> I have read same 2003 threads stating that we should not use mit kerberos
> libraries with openldap (--with-threads) as it is a recipe to disaster.
> Is this comment still true?

Yes and no.  MIT 1.4 has made a lot of strides in being a safe threaded 
library.  You can also compile newer versions of cyrus sasl with mutex 
protections around the MIT kerberos libraries, which make its thread 
safetiness a moot point.  However, thread safe or not, I've consistently 
found (at least so far) that the Heimdal libraries are much faster than the 
MIT libraries when it comes to using OpenLDAP with SASL/GSSAPI connections 
(about 1/3 faster).

You can use OpenLDAP built against Heimdal in an MIT KDC world (that's what 
Stanford is) without problem.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin