[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Smbk5pwd and Heimdal 0.7 not playing nice?

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Smbk5pwd and Heimdal 0.7 not playing nice?
From: Howard Chu <hyc@highlandsun.com>
Date: Mon, 15 Aug 2005 22:17:51 -0700
Cc: 'Love Hörnquist Åstrand' <lha@kth.se>, heimdal-discuss@sics.se, Perry Nguyen <pfnguyen@best.com>
In-Reply-To: <7e67941f1fb921c40b648b7da5e21f8f@jpl.nasa.gov>
References: <200508021951.j72Jp5SA022510@ares.gofti.com> <42F028A8.6020501@highlandsun.com> <7e67941f1fb921c40b648b7da5e21f8f@jpl.nasa.gov>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050810 SeaMonkey/1.0a

Henry B. Hotz wrote:
> 
> On Aug 2, 2005, at 7:15 PM, Howard Chu wrote:
> 
>> You cannot use two different Kerberos libraries in the same program.
> 
> In general.
> 
> However I'm playing with a Sun LDAP plugin that uses Heimdal while the 
> Sun LDAP server itself links Sun's GSSAPI libraries.  The plugin does 
> password checking, and the GSSAPI supports SASL binds.  The kerb 5 is 
> used for different things, and I'm pretty sure I can get away with it.  
> The plugin is statically linked against Heimdal.
> 
> Never say never.  ;-)

Probably should have said *shared* libraries. Static linking will of 
course let you get around a lot of the problems, if you can accept the 
space tradeoff. For code that's only used in one or two instances in a 
running system (like a server plugin) that's frequently an acceptable 
choice.

>> As a general rule, the MIT Kerberos libraries are unsafe for use in 
>> threaded programs. They are known to cause memory leaks and SEGVs when 
>> linked into slapd. These problems do not occur when using the Heimdal 
>> libraries. The OpenLDAP project recommends against using the MIT 
>> libraries.

> The MIT 1.4.x releases are thread safe.

That has yet to be proven over time; the Heimdal libraries have been 
used without trouble in OpenLDAP for at least the past 4 years. The 1.4 
MIT libraries have thus far only proven themselves to be ten times 
slower than Heimdal (when soaking an OpenLDAP server with GSSAPI Binds).

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: Smbk5pwd and Heimdal 0.7 not playing nice?
  - From: Luke Howard <lukeh@PADL.COM>

References:
- RE: Smbk5pwd and Heimdal 0.7 not playing nice?
  - From: "Perry Nguyen" <pfnguyen@best.com>
- Re: Smbk5pwd and Heimdal 0.7 not playing nice?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: Smbk5pwd and Heimdal 0.7 not playing nice?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: Smbk5pwd and Heimdal 0.7 not playing nice?
Next by Date: Re: Smbk5pwd and Heimdal 0.7 not playing nice?
Prev by thread: Re: Smbk5pwd and Heimdal 0.7 not playing nice?
Next by thread: Re: Smbk5pwd and Heimdal 0.7 not playing nice?
Index(es):
- Date
- Thread