[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Smbk5pwd and Heimdal 0.7 not playing nice?
Henry B. Hotz wrote:
> On Aug 2, 2005, at 7:15 PM, Howard Chu wrote:
>> You cannot use two different Kerberos libraries in the same program.
> In general.
> However I'm playing with a Sun LDAP plugin that uses Heimdal while the
> Sun LDAP server itself links Sun's GSSAPI libraries. The plugin does
> password checking, and the GSSAPI supports SASL binds. The kerb 5 is
> used for different things, and I'm pretty sure I can get away with it.
> The plugin is statically linked against Heimdal.
> Never say never. ;-)
Probably should have said *shared* libraries. Static linking will of
course let you get around a lot of the problems, if you can accept the
space tradeoff. For code that's only used in one or two instances in a
running system (like a server plugin) that's frequently an acceptable
>> As a general rule, the MIT Kerberos libraries are unsafe for use in
>> threaded programs. They are known to cause memory leaks and SEGVs when
>> linked into slapd. These problems do not occur when using the Heimdal
>> libraries. The OpenLDAP project recommends against using the MIT
> The MIT 1.4.x releases are thread safe.
That has yet to be proven over time; the Heimdal libraries have been
used without trouble in OpenLDAP for at least the past 4 years. The 1.4
MIT libraries have thus far only proven themselves to be ten times
slower than Heimdal (when soaking an OpenLDAP server with GSSAPI Binds).
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/