An interesting question came up on one of the OpenLDAP lists.

Provided that a GSSAPI authentication is done entirely within a single
thread, is it safe to do subsequent reads and writes to that connection
through the GSSAPI layer in different threads? Or does that violate the
underlying requirements of the MIT Kerberos libraries? (It apparently
works fine in practice with Heimdal.)

Russ Allbery (