Re: Issues with sasl under heavy load, configuration issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roberto C. Sánchez wrote:
On Mon, Apr 07, 2008 at 02:42:04PM -0700, Howard Chu wrote:
Best advice - use Heimdal Kerberos. MIT Kerberos code quality is poor, and
thread safety is still unproven.

Care to cite some real examples?

Here are some that cast into doubt your assertion about poor code
quality:

http://article.gmane.org/gmane.comp.encryption.kerberos.general/12042
http://article.gmane.org/gmane.comp.encryption.kerberos.general/12044
http://article.gmane.org/gmane.comp.encryption.kerberos.general/12069

I suppose I should have been more specific, but none of those cases are relevant, since they are talking about the KDC, and the problem with thread safety is in the client libraries.

Go ahead and google for "kerberos thread safety" and you'll see a long history of problems, a bit of discussion about how to solve it spanning 2000-2003, and not much actual work on solutions until very recently e.g.
http://www.openldap.org/lists/openldap-technical/200802/msg00118.html

I stand by my assertion that their thread safety is still unproven. They have pretty much zero practical experience tackling the problem, while Heimdal has been working smoothly for several years.
--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux