MIT or HEIMDAL ?
Russ Allbery
rra at stanford.edu
Tue Feb 26 12:29:13 EST 2008
Frank Bonnet <f.bonnet at esiee.fr> writes:
> I suppose this have been discussed numerous times ... but I'm starting
> a Kerberos deploy here and I really would like some advices ...
>
> We have a mixed clients network with approx 1000 machines
> running Windows 2000 / XP and Linux ( Debian ) , my kerberos
> server is a HP DL380 Proliant with 2.5 Gb RAM running FreeBSD 6.3-R.
>
> Due to my inexperience I'm really not able to decide which version to
> choose ... MIT or HEIMDAL ?
>
> HEIMDAL is the standard version on FreeBSD but MIT is available from
> the officials ports so ...
>
> Any guru that could give me some advices ?
Use Heimdal with OpenLDAP servers. MIT Kerberos provides insufficient
guarantees of thread safety in the current release to work correctly with
an OpenLDAP server, since OpenLDAP will read and write using the same
GSSAPI context in separate threads at the same time. Extensive testing of
OpenLDAP with Heimdal has shown that whatever Heimdal does in this area
appears to be safe in practice.
Otherwise, it basically doesn't matter for nearly all applications.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list