Frank Bonnet <[EMAIL PROTECTED]> writes: > I suppose this have been discussed numerous times ... but I'm starting > a Kerberos deploy here and I really would like some advices ... > > We have a mixed clients network with approx 1000 machines > running Windows 2000 / XP and Linux ( Debian ) , my kerberos > server is a HP DL380 Proliant with 2.5 Gb RAM running FreeBSD 6.3-R. > > Due to my inexperience I'm really not able to decide which version to > choose ... MIT or HEIMDAL ? > > HEIMDAL is the standard version on FreeBSD but MIT is available from > the officials ports so ... > > Any guru that could give me some advices ?
Use Heimdal with OpenLDAP servers. MIT Kerberos provides insufficient guarantees of thread safety in the current release to work correctly with an OpenLDAP server, since OpenLDAP will read and write using the same GSSAPI context in separate threads at the same time. Extensive testing of OpenLDAP with Heimdal has shown that whatever Heimdal does in this area appears to be safe in practice. Otherwise, it basically doesn't matter for nearly all applications. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
