Thread-safe libraries

Lukas Kubin kubin at opf.slu.cz
Wed Feb 25 04:01:26 EST 2004 

How complicated is it to move to Heimdal from MIT?
I need a solution to enable users' authentication to LDAP in our network 
which uses MIT Kerberos 5. What do you use?
Originally I (after I've found I can't use MIT's kerberos with OpenLDAP) 
wished to try to use the krb5kdc LDAP schema and let LDAP server to 
verify the password itself. However, I found the latest versions of 
OpenLDAP don't support this feature.
Is there any other way?
I need to resolve this soon. But I don't know about Heimdal K5 support 
on Windows. I need to use both Linux and Windows clients.
Thank you.

lukas


Nikola Milutinovic wrote:
> Sam Hartman wrote:
> 
>>>>>>> "Lukas" == Lukas Kubin <kubin at opf.slu.cz> writes:
>>
>>
>>
>>     Lukas> Is there any progress in the ability of Kerberos libraries
>>     Lukas> on Linux to be used by threads-enabled applications?  I'm
>>     Lukas> still having troubles using sasl kerberos authentication to
>>     Lukas> ldap server on Linux (Debian). It always fails when
>>     Lukas> parallel connection appears.  Is there any solution for
>>     Lukas> this now?  Thank you.
>>
>> I believe someone has written a patch to the SASL library to use
>> mutexes around GSSAPI calls.
>>
>> MIT is working on thread safety for our libraries but has not released
>> any code yet.
> 
> 
> Some time ago, I had the same worry. Apparently, the only thread-safe 
> Kerberos libraries around are from Tim Aslop's company (he replied on 
> this list), "Cybersafe", I think.
> 
> It is also worth noting, that, while Heimdal is not thread safe (at 
> least there are no guarantees), it has proven to be much more 
> thread-robust than MIT. OpenLDAP page and a couple of users have 
> expirienced problems with MIT and threaded OpenLDAP server, while 
> Heimdal performed flawlessly.
> 
> It could be that Heimdal IS thread-safe, just nobody knows for sure. :-)
> 
> Nix.
> 
> P.S. Cyrus SASL 2.1.17 recognizes MIT, Heimdal, Cybersafe and SEAM (Sun) 
> Kerberos implementations.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 


-- 
Lukas Kubin

phone: +420596398275
email: kubin at opf.slu.cz

Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040225/4780ec8b/attachment.bin

More information about the Kerberos mailing list