Thread-safe libraries

Lukas Kubin kubin at opf.slu.cz
Fri Feb 27 07:21:16 EST 2004


Sam Hartman wrote:
>>>>>>"Lukas" == Lukas Kubin <kubin at opf.slu.cz> writes:
> 
> 
>     Lukas> How complicated is it to move to Heimdal from MIT?  I need
>     Lukas> a solution to enable users' authentication to LDAP in our
>     Lukas> network which uses MIT Kerberos 5. What do you use?
> 
> On a Debian system using the native LDAP, install
> libsasl2-modules-gssapi-heimdal not libsasl2-gssapi-mit.  That should
> be all you need.  You can continue using MIT for everything else.

Thank you, that's what I was looking for! I wouldn't expect it is 
suitable to use heimdal libraries wit MIT K5.

> If I'm misremembering that you are using Debian, then you just need to build libsasl against LDAP.

> If you are also using PAM, you might want libpam-heimdal not
> libpam-krb5.

Why. Is it related to the threading support too?

>     Lukas> Originally I (after I've found I can't use MIT's kerberos
>     Lukas> with OpenLDAP) wished to try to use the krb5kdc LDAP schema
>     Lukas> and let LDAP server to verify the password itself. However,
>     Lukas> I found the latest versions of OpenLDAP don't support this
>     Lukas> feature.  Is there any other way?  I need to resolve this
>     Lukas> soon. But I don't know about Heimdal K5 support on
> 
> I strongly recommend against the KDC LDAP schema.

Again, thank you really much for the help. It was too painful for me to 
solve the problem of "falling LDAP server". And the solution is so 
simple ...

lukas

-- 
Lukas Kubin

phone: +420596398275
email: kubin at opf.slu.cz

Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040227/8065d584/attachment.bin


More information about the Kerberos mailing list