From owner-freebsd-stable  Thu Apr  2 17:24:19 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA19235
          for freebsd-stable-outgoing; Thu, 2 Apr 1998 17:24:19 -0800 (PST)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA19161
          for <stable@FreeBSD.ORG>; Thu, 2 Apr 1998 17:24:03 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id UAA10619; Thu, 2 Apr 1998 20:23:27 -0500 (EST)
Date: Thu, 2 Apr 1998 20:23:27 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+sfs@cyrus.watson.org>
To: Narvi <narvi@haldjas.folklore.ee>
cc: Charles Quarri <randy@hackerz.org>, stable@FreeBSD.ORG
Subject: Re: Hesiod support on 2.2
In-Reply-To: <Pine.BSF.3.96.980402214806.22317J-100000@haldjas.folklore.ee>
Message-ID: <Pine.BSF.3.96.980402201943.21311J-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk

On Thu, 2 Apr 1998, Narvi wrote:

> > I am curious is anyone has used hesiod in FreeBSD 2.2 and how
> > much modification needs to be made to the source (if any) needs
> > to be done to get it working.
> 
> I have looked at the source (still have it unpacked), but I didn't do
> anything much with it. Would be cool if FreeBSD had an option like
> "MAKE_KERBEROS4" which would build all utilities (w, ps, etc.) with full
> hesiod support...

I was under the impression that Hesiod did not require w/ps/etc to be
recompiled due to toehold, or was that an MIT-only thing?  I thought they
dynamically allocated UIDs when the user logged in (this was the toehold
step), and added them to passwd, etc.  They also had a magic NFS that
converted UIDs to Kerberos identities.  The identity information would be
pulled out of the HS-class DNS records and used to synthesize a local
account.  At least, this is what I heard via Derrick Brashear
<shadow@andrew.cmu.edu>.  :)

This gets around the 32k user limit on some older UNIX machines, and helps
in that you don't have to redo a pwd_mkdb on ten thousand users each time
a small change occurs.

I may have a severe misconception as to how this works, of course, but it
seems pretty novel.

  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message