Re: Thread-safe libraries

Wed, 25 Feb 2004 01:11:31 -0800

How complicated is it to move to Heimdal from MIT?
I need a solution to enable users' authentication to LDAP in our network which uses MIT Kerberos 5. What do you use?
Originally I (after I've found I can't use MIT's kerberos with OpenLDAP) wished to try to use the krb5kdc LDAP schema and let LDAP server to verify the password itself. However, I found the latest versions of OpenLDAP don't support this feature.
Is there any other way?
I need to resolve this soon. But I don't know about Heimdal K5 support on Windows. I need to use both Linux and Windows clients.
Thank you.

lukas


Nikola Milutinovic wrote:
Sam Hartman wrote:

"Lukas" == Lukas Kubin <[EMAIL PROTECTED]> writes: 



    Lukas> Is there any progress in the ability of Kerberos libraries
    Lukas> on Linux to be used by threads-enabled applications?  I'm
    Lukas> still having troubles using sasl kerberos authentication to
    Lukas> ldap server on Linux (Debian). It always fails when
    Lukas> parallel connection appears.  Is there any solution for
    Lukas> this now?  Thank you.

I believe someone has written a patch to the SASL library to use
mutexes around GSSAPI calls.

MIT is working on thread safety for our libraries but has not released
any code yet.


Some time ago, I had the same worry. Apparently, the only thread-safe Kerberos libraries around are from Tim Aslop's company (he replied on this list), "Cybersafe", I think.

It is also worth noting, that, while Heimdal is not thread safe (at least there are no guarantees), it has proven to be much more thread-robust than MIT. OpenLDAP page and a couple of users have expirienced problems with MIT and threaded OpenLDAP server, while Heimdal performed flawlessly.

It could be that Heimdal IS thread-safe, just nobody knows for sure. :-)

Nix.

P.S. Cyrus SASL 2.1.17 recognizes MIT, Heimdal, Cybersafe and SEAM (Sun) Kerberos implementations.

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos



--
Lukas Kubin

phone: +420596398275
email: [EMAIL PROTECTED]

Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to