I've been looking at the state of the Kerberos IV stuff in -current,
and it seems to me that the strategy is to get everything related to
encryption out of the normal source tree and into "domestic" -- but
exactly how this is supposed to be done is unclear.

The problem is that sometimes, separate copies of the same files are
kept in two places, with encryption stuff removed from one copy
(telnetd and libcrypt, for instance), but elsewhere the encryption
bits are added by supplying extra files in the domestic tree (passwd,
but only for Kerberos IV; the Kerberos 5 stuff is in the normal
place).  As for the "non-domestic" tree, some of the commands that
were kerberized in 4.4 have had this completely undone, others have
had the Kerberos support partly removed, and finally some commands
(login, for instance) has the whole thing in place (although it won't
work for login the way it is, because of a Makefile bug).

Is there a strategy?  Is anyone working on this stuff?  Can I help?
I need to get as much of Kerberos IV working as possible, and fast.
Should we maybe just rip out what we have, and integrate the stuff
that's in OpenBSD?  If I understand correctly, theirs is exportable.

-tih
-- 
The illegal address in the From: field is a last ditch attempt at being
able to participate on USENET and on mailing lists in spite of all the
shit-for-brains bastards who make a living selling garbage to morons.
May those who abuse email for marketing suffer slow and painful deaths!