In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Sam Hartman) wrote:
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas Is there any progress in the ability of Kerberos libraries
Lukas on Linux to be used by threads-enabled applications? I'm
Lukas still having troubles
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas Sam Hartman wrote:
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas How complicated is it to move to Heimdal from MIT? I need
Lukas a solution to enable users' authentication to LDAP in our
Lukas network which uses
Sam Hartman wrote:
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas How complicated is it to move to Heimdal from MIT? I need
Lukas a solution to enable users' authentication to LDAP in our
Lukas network which uses MIT Kerberos 5. What do you use?
On a Debian system using the
How complicated is it to move to Heimdal from MIT?
I need a solution to enable users' authentication to LDAP in our network
which uses MIT Kerberos 5. What do you use?
Originally I (after I've found I can't use MIT's kerberos with OpenLDAP)
wished to try to use the krb5kdc LDAP schema and let
It is also worth noting, that, while Heimdal is not thread safe (at least there
are no guarantees), it has proven to be much more thread-robust than MIT.
OpenLDAP page and a couple of users have expirienced problems with MIT and
threaded OpenLDAP server, while Heimdal performed flawlessly.
It
Ken == Ken Hornstein [EMAIL PROTECTED] writes:
It is also worth noting, that, while Heimdal is not thread safe
(at least there are no guarantees), it has proven to be much
more thread-robust than MIT. OpenLDAP page and a couple of
users have expirienced problems with MIT and
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas How complicated is it to move to Heimdal from MIT? I need
Lukas a solution to enable users' authentication to LDAP in our
Lukas network which uses MIT Kerberos 5. What do you use?
On a Debian system using the native LDAP, install
Cesar == Cesar Garcia [EMAIL PROTECTED] writes:
Cesar wrt to gssapi and 1.3.1 ...
Cesar Since we're pointing out lack of replay cache detection,
Cesar note that if acquiring creds for GSS_C_NO_NAME, then no
Cesar replay cache is used. (specifically looking at 1.3.1 -
Cesar
I think that's false. I believe that krb5_rd_req will end up setting
up a rcache later.
I think Cesar is right, actually. krb5_rd_req will only set up a replay
cache if you pass in the server argument, which is set from creds-princ,
which is NULL if you call the gss function with
According to strace ...
1.2.8 app server with named credential - opens an rcache.
1.3.1 app server with no credential - no evidence of rcache being
opened.
wrt to krb5_rd_req - it looks like rcache is obtained only if
auth_context_flags includes KRB5_AUTH_CONTEXT_DO_TIME.
accept_sec_context
According to strace ...
1.2.8 app server with named credential - opens an rcache.
1.3.1 app server with no credential - no evidence of rcache being
opened.
Hm, regarding my previous note
It looks like I was wrong, krb5_rd_req() will get a replay cache even if
the passed-in server is NULL,
Is there any progress in the ability of Kerberos libraries on Linux to
be used by threads-enabled applications?
I'm still having troubles using sasl kerberos authentication to ldap
server on Linux (Debian). It always fails when parallel connection appears.
Is there any solution for this now?
.
-Original Message-
From: Lukas Kubin [mailto:[EMAIL PROTECTED]
Sent: 24 February 2004 12:11
To: [EMAIL PROTECTED]
Subject: Thread-safe libraries
Is there any progress in the ability of Kerberos libraries on Linux to
be used by threads-enabled applications?
I'm still having troubles using
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas Is there any progress in the ability of Kerberos libraries
Lukas on Linux to be used by threads-enabled applications? I'm
Lukas still having troubles using sasl kerberos authentication to
Lukas ldap server on Linux (Debian).
Sam Hartman wrote:
Lukas == Lukas Kubin [EMAIL PROTECTED] writes:
Lukas Is there any progress in the ability of Kerberos libraries
Lukas on Linux to be used by threads-enabled applications? I'm
Lukas still having troubles using sasl kerberos authentication to
Lukas ldap server
It is also worth noting, that, while Heimdal is not thread safe (at least there
are no guarantees), it has proven to be much more thread-robust than MIT.
OpenLDAP page and a couple of users have expirienced problems with MIT and
threaded OpenLDAP server, while Heimdal performed flawlessly.
It
16 matches
Mail list logo
