[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd crashing again, three different reasons?





--On May 2, 2007 4:26:19 PM -0400 Daniel Henninger <daniel@ncsu.edu> wrote:

--On April 30, 2007 9:58:07 AM -0400 Daniel Henninger
<daniel@ncsu.edu> wrote:

Hi folk,

First off, let me say that per our last conversation about this, I
have
not yet rebuild cyrus-sasl/openldap against a different Kerberos
dist.
(I was going to build against 1.5.. right now I'm at 1.2.8.. we
tend to
steer clear of Heimdal)  Anyway, on April 28th, at 12:05AM, all
three of
our slave servers' slapds died.  All for apparently different
reasons:


Why do you "steer clear" of Heimdal for linking the server
libraries against?  In any case, MIT Krb5 1.2 is known to not be
thread safe.

History. In the past when I had tried to use heimdal with something else it caused a wealth of problems. That may not be the case now, but I don't really see the point in using multiple implementations of Kerberos if I can avoid it so I have never gone back to reevaluate. =)

I used Heimdal on my servers because MIT at the time was just completely unstable. Since then, I continued to use it because MIT's implementation was significantly slower. Since all it is used for are the libraries, it isn't really a pain to be dealing with.


So that's what the problem is with 1.2?  Not thread safe?  Ok.  That's
good to know!

Yep, and in later versions, disable the replay cache if you want to get any type of performance at all out of MIT.


--Quanah


-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration