On Fri, Sep 28, 2001 at 04:44:02PM -0600, Miles Nordin wrote:
> Has anyone actually gotten Coda, Kerberos, or Hesiod working?  I've 
> been wanting to try, but it seems like a lot of this bleeding edge 
> open-source stuff simply doesn't work as claimed, unless you have the 
> time and talent to fix it yourself.  It is difficult enough to 

I've got Hesiod and Kerberos working just fine. I haven't tried adding
Coda or AFS or any other distributed filesystem into the mix. 

There is excellent documentation at www.netbsd.org about setting up
Kerberos. You can search Google for Hesiod and browse the examples
at MIT. I could tar up some of my config files if necessary and
send them to you.

Writing Kerberos applications, or even updating applications to work
with Kerberos, is something else. If good documentation for the
various Kerberos APIs exists then I wouldn't mind if someone pointed
me at it. 

I've been puttering around with setting up my home system to be
sophisticated like MIT's/NCSU's systems. Call it a hobby. I'm find it 
interesting how MIT used to maintain their own version of Unix. We've
now almost gotten to the point where the base system needs a few packages
installed and we've got the same stuff. NetBSD lacks only a few
things:

1) Support for Hesiod clusters, with negative and positive ACLs. 
   (This might just be an NCSU thing, I'm not sure.)

   I think I can fake this up using login classes, since login.conf
   allows for the specifying of a program to run at user login instead
   of the user shell. A wrapper around the login would do the trick. 

2) Support for a program to mount user home directories before trying
   to use them. MIT has the 'attach' program for this purpose, and login
   knows to call it to mount home dirs. It may be possible to use Hesiod
   automount maps to achieve something similar.

3a) Support for Kerberos in sshd so that at login sshd will get tickets
   for the user and *keep them*. Currently it throws them away just
   like /usr/bin/login doesn't. 

3b) Support for Heimdal in xdm. I think I saw a message on the list
   recently where someone else has this working or almost working.

*** Wouldn't PAM be easier and promote more code sharing? 

4) A full Hesiod library. I have a package for this that I need to
   send-pr. Once that goes in I'll work on a switch for the Zephyr
   package to use the pkgsrc Hesiod library.

5) Good documentation on the Heimdal API's.
-- 
Kevin P. Neal                                http://www.pobox.com/~kpn/
           On the community of supercomputer fans:
"But what we lack in size we make up for in eccentricity." 
  from Steve Gombosi, comp.sys.super, 31 Jul 2000 11:22:43 -0600