On Fri, Apr 12, 2002 at 10:21:56PM -0700, collver@linuxfreemail.com wrote:
> 	# kstash
> 	Master key: 
> 	Verifying password - Master key: 
> 	kstash: writing key to `/var/heimdal/m-key'
> 	Memory fault (core dumped) 
> 
> 
> 	# gdb kstash ./kstash.core
> 	...
> 	(gdb) bt
> 	#0  0x4808a1c4 in krb5_format_time ()
> 	#1  0x4808a713 in krb5_format_time ()
> 	#2  0x4808afee in krb5_kt_add_entry ()
> 	#3  0x4806dc1d in hdb_write_master_key ()
> 	#4  0x8049059 in dladdr ()
> 	#5  0x8048bb5 in free ()

The heimdal documentation said if I had the appropriate DNS records,
I would not need the [libdefaults] section in /etc/krb5.conf.  This
appears to not be true for NetBSD.  Once I add the default_realm setting,
kstash works.

The heimdal documentation says that the kpasswd service *is not* run
from inetd.  NetBSD's inetd.conf has a line for it, and it works fine.

It would be nice if Kerberos 5 was integrated into xdm and openssh.

I also learned that Kerberos is authentication only.  To fully replace
NIS, I could pair Kerberos with LDAP if I had something like pam_ldap or
nss_ldap.

Oh well, it was fun to look at.

Ben