[29369] in Kerberos
Re: MIT or HEIMDAL ?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Feb 26 12:29:55 2008
To: Frank Bonnet <f.bonnet@esiee.fr>
In-Reply-To: <47C3DBE9.8080509@esiee.fr> (Frank Bonnet's message of "Tue\,
26 Feb 2008 10\:29\:13 +0100")
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 26 Feb 2008 09:29:13 -0800
Message-ID: <87hcfvy6c6.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Frank Bonnet <f.bonnet@esiee.fr> writes:
> I suppose this have been discussed numerous times ... but I'm starting
> a Kerberos deploy here and I really would like some advices ...
>
> We have a mixed clients network with approx 1000 machines
> running Windows 2000 / XP and Linux ( Debian ) , my kerberos
> server is a HP DL380 Proliant with 2.5 Gb RAM running FreeBSD 6.3-R.
>
> Due to my inexperience I'm really not able to decide which version to
> choose ... MIT or HEIMDAL ?
>
> HEIMDAL is the standard version on FreeBSD but MIT is available from
> the officials ports so ...
>
> Any guru that could give me some advices ?
Use Heimdal with OpenLDAP servers. MIT Kerberos provides insufficient
guarantees of thread safety in the current release to work correctly with
an OpenLDAP server, since OpenLDAP will read and write using the same
GSSAPI context in separate threads at the same time. Extensive testing of
OpenLDAP with Heimdal has shown that whatever Heimdal does in this area
appears to be safe in practice.
Otherwise, it basically doesn't matter for nearly all applications.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
