I'm kinda suprised no one mentioned that the NetBSD domestic
distribution (/src/domestic) IS kerberos IV. I'm using it right now to
log in to write this message. I only had two problems getting it to
work, both stemming from the fact that Stanford uses the andrew
string_to_key routine. But the changes (once I figured them out) are
minor. I can send them to you if you wish. (basically you have to tell
libkrb to use the andrew functions, and you have to have the andrew
functions use a legal salt for encryption; "#~" is illegal, though "p1"
works just as well.)

Our distribution doesn't have kerberized ftp, so I'm not familiar with
its needs. The only inconvenience I have is that kerberosIV doesn't
forward tickets; I have to kftgt the tickets to the desired machine.
You might need to do the same.

Also, you mention one of the machines you are trying "is (are)" sun
4's. I gather the name is load-balanced? All the Stanford scripts,
which automate the kftgt work, resolve the name to a host, and
THEN talk to it; you might need to just try one of the specific
machines.

Good luck!

Bill