Various comments on the Hesiod issue:

- hes_getpwent() just uses passwd-0.passwd.`domainname` through to
  passwd-xxx.passwd.`domainname` CNAMES to iterate. The code is 
  small & simple. (This has been mentioned by others.)
- BIND 4.9.3beta26 supports Hesiod out of the box. The only tricky
  bit (different to ULTRIX 4.x named support for hesiod) is that
  named.boot hesiod secondary lines look like "secondary/hs ...",
  not "secondary ...".
- I've got a working backend for nsswitch.conf. I'm holding back
  releasing it, as well as a large chunk of patches to libc to
  getpw*, gethost*, getusershell, getgrp*, getnetgroup*, etc,etc
  until after NetBSD 1.1 is released.
- The only ultrix/Hesiod-specific issue is 'hesupd' - it's not
  well documented and I can't remember if a "free" implementation
  is available. (FYI, it provides support to allow a user on any
  workstation in the cluster to modify their password remotely.)

With nsswitch.conf, the following issues would be resolved:
- the NetBSD-specific hacks to resolv.conf to implement 'lookup' are
  unnecessary, and therefore we'd have no reason to not to got to
  BIND 4.9.3 when it's not beta.
- it's user-configurable on how the "fallback" between service providers
  occurs
- if a version of libc was compiled w/o the hesiod functions, and you
  wanted to add them, it's a matter of recompiling the libraries
  and relinking the static apps (as someone else mentioned.)

I can make available my current nsswitch.conf diffs, etc, if someone
wants them. I've currently got gethostby* using nsswitch.conf (and had
a machine running this for a while), and my implementation of
getusershell() is almost done. I'm still to finish the passwd, group,
netgroup, and other databases...

--
Luke Mewburn <luke.mewburn@itg.telstra.com.au>

"Think of it as Evolution in Action"      -- `Oath of Fealty', Niven & Pournelle