Re: Slapd crashing again, three different reasons?

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On May 2, 2007 4:26:19 PM -0400 Daniel Henninger <daniel@ncsu.edu> wrote:

> > --On April 30, 2007 9:58:07 AM -0400 Daniel Henninger
> > <daniel@ncsu.edu> wrote:
> >
> > > Hi folk,
> > >
> > > First off, let me say that per our last conversation about this, I
> > > have
> > > not yet rebuild cyrus-sasl/openldap against a different Kerberos
> > > dist.
> > > (I was going to build against 1.5.. right now I'm at 1.2.8.. we
> > > tend to
> > > steer clear of Heimdal)  Anyway, on April 28th, at 12:05AM, all
> > > three of
> > > our slave servers' slapds died.  All for apparently different
> > > reasons:
> >
> >
> > Why do you "steer clear" of Heimdal for linking the server
> > libraries against?  In any case, MIT Krb5 1.2 is known to not be
> > thread safe.
>
> History.  In the past when I had tried to use heimdal with something else
> it caused a wealth of problems.  That may not be the case now, but I
> don't really see the point in using multiple implementations of Kerberos
> if I can avoid it so I have never gone back to reevaluate.  =)

I used Heimdal on my servers because MIT at the time was just completely 
unstable.  Since then, I continued to use it because MIT's implementation 
was significantly slower.  Since all it is used for are the libraries, it 
isn't really a pain to be dealing with.

> So that's what the problem is with 1.2?  Not thread safe?  Ok.  That's
> good to know!

Yep, and in later versions, disable the replay cache if you want to get any 
type of performance at all out of MIT.

--Quanah


--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration