MIT or HEIMDAL ?
Frank Bonnet
f.bonnet at esiee.fr
Wed Feb 27 03:00:41 EST 2008
Russ Allbery wrote:
> Frank Bonnet <f.bonnet at esiee.fr> writes:
>
>> I suppose this have been discussed numerous times ... but I'm starting
>> a Kerberos deploy here and I really would like some advices ...
>>
>> We have a mixed clients network with approx 1000 machines
>> running Windows 2000 / XP and Linux ( Debian ) , my kerberos
>> server is a HP DL380 Proliant with 2.5 Gb RAM running FreeBSD 6.3-R.
>>
>> Due to my inexperience I'm really not able to decide which version to
>> choose ... MIT or HEIMDAL ?
>>
>> HEIMDAL is the standard version on FreeBSD but MIT is available from
>> the officials ports so ...
>>
>> Any guru that could give me some advices ?
>
> Use Heimdal with OpenLDAP servers. MIT Kerberos provides insufficient
> guarantees of thread safety in the current release to work correctly with
> an OpenLDAP server, since OpenLDAP will read and write using the same
> GSSAPI context in separate threads at the same time. Extensive testing of
> OpenLDAP with Heimdal has shown that whatever Heimdal does in this area
> appears to be safe in practice.
>
> Otherwise, it basically doesn't matter for nearly all applications.
>
Hello Russ
Thanks a lot for your help.
Frank
More information about the Kerberos
mailing list