Issues with sasl under heavy load, configuration issue?
Howard Chu
hyc at highlandsun.com
Mon Apr 7 18:36:55 EDT 2008
Roberto C. Sánchez wrote:
> On Mon, Apr 07, 2008 at 02:42:04PM -0700, Howard Chu wrote:
>> Best advice - use Heimdal Kerberos. MIT Kerberos code quality is poor, and
>> thread safety is still unproven.
>
> Care to cite some real examples?
>
> Here are some that cast into doubt your assertion about poor code
> quality:
>
> http://article.gmane.org/gmane.comp.encryption.kerberos.general/12042
> http://article.gmane.org/gmane.comp.encryption.kerberos.general/12044
> http://article.gmane.org/gmane.comp.encryption.kerberos.general/12069
I suppose I should have been more specific, but none of those cases are
relevant, since they are talking about the KDC, and the problem with thread
safety is in the client libraries.
Go ahead and google for "kerberos thread safety" and you'll see a long history
of problems, a bit of discussion about how to solve it spanning 2000-2003, and
not much actual work on solutions until very recently e.g.
http://www.openldap.org/lists/openldap-technical/200802/msg00118.html
I stand by my assertion that their thread safety is still unproven. They have
pretty much zero practical experience tackling the problem, while Heimdal has
been working smoothly for several years.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Cyrus-sasl
mailing list