>>>>> "Lukas" == Lukas Kubin <[EMAIL PROTECTED]> writes:
Lukas> Sam Hartman wrote: >>>>>>> "Lukas" == Lukas Kubin <[EMAIL PROTECTED]> writes: Lukas> How complicated is it to move to Heimdal from MIT? I need Lukas> a solution to enable users' authentication to LDAP in our Lukas> network which uses MIT Kerberos 5. What do you use? >> On a Debian system using the native LDAP, install >> libsasl2-modules-gssapi-heimdal not libsasl2-gssapi-mit. That >> should be all you need. You can continue using MIT for >> everything else. Lukas> Thank you, that's what I was looking for! I wouldn't expect Lukas> it is suitable to use heimdal libraries wit MIT K5. No, but I've spent a fair bit of time working with the Debian Heimdal maintainer (I maintain MIT Kerberos for Debian) to make sure you can install both libraries on the same system. Each application chooses which version of Kerberos it wants. We should soon be at a point where different parts of the same application can use different Kerberos implementations. >> If I'm misremembering that you are using Debian, then you just >> need to build libsasl against LDAP. >> If you are also using PAM, you might want libpam-heimdal not >> libpam-krb5. Lukas> Why. Is it related to the threading support too? Re phrasing: If you use PAM inside your LDAP server you may want Heimdal PAM modules for two reasons. First, it currently doesn't work so well if part of an application uses Heimdal and another part uses MIT. So if the SASL plugin for the LDAP server is going to use Heimdal then anything else within LDAP that uses Kerberos should also use Heimdal. Secondly, you'll run into the threading issue possibly if you use PAM to resolve simple binds. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos