> The last time I looked, mit krb5 was languishing and bug-ridden
> (which of course doesn't mean it isn't functional, but you expect
> better from crypto-software).

Bug-ridden, yes.  Languishing, no.  The MIT krb5 team is currently
working towards a 1.1 release, although I don't know that they have
made any external promises of a release date yet.

(If anyone here has submitted krb5 bug reports and not gotten any
feedback, now might be a decent time to send followup mail.  A new
staff member was hired to work on krb5 recently.)

> Before they fled in terror, there were a few SNI kerberos hackers
> working on the OpenBSD tree who were reasonably clued up (about
> kerberos).

This reference piques my curiosity, but further discussion of it
probably doesn't belong on any of these mailing lists.