[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Smbk5pwd and Heimdal 0.7 not playing nice?

Henry B. Hotz wrote:
> On Aug 2, 2005, at 7:15 PM, Howard Chu wrote:
>> You cannot use two different Kerberos libraries in the same program.
> In general.
> However I'm playing with a Sun LDAP plugin that uses Heimdal while the 
> Sun LDAP server itself links Sun's GSSAPI libraries.  The plugin does 
> password checking, and the GSSAPI supports SASL binds.  The kerb 5 is 
> used for different things, and I'm pretty sure I can get away with it.  
> The plugin is statically linked against Heimdal.
> Never say never.  ;-)

Probably should have said *shared* libraries. Static linking will of 
course let you get around a lot of the problems, if you can accept the 
space tradeoff. For code that's only used in one or two instances in a 
running system (like a server plugin) that's frequently an acceptable 

>> As a general rule, the MIT Kerberos libraries are unsafe for use in 
>> threaded programs. They are known to cause memory leaks and SEGVs when 
>> linked into slapd. These problems do not occur when using the Heimdal 
>> libraries. The OpenLDAP project recommends against using the MIT 
>> libraries.

> The MIT 1.4.x releases are thread safe.

That has yet to be proven over time; the Heimdal libraries have been 
used without trouble in OpenLDAP for at least the past 4 years. The 1.4 
MIT libraries have thus far only proven themselves to be ten times 
slower than Heimdal (when soaking an OpenLDAP server with GSSAPI Binds).

   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/