Some suggestions for the next iteration of heimdal

["Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>]

I'm back to working on replacing our AFS kaservers with a heimdal KDC.  (The
bug with not finding AFS-salted keys in keytabs appears to still be in 0.1d,
by the way [not certain, I'm still testing]; I'm still looking for the cause,
since it's clearly not the same problem that 0.0u had.)

Anyway, two things that would help with this:

(1) hprop has a verbose mode, but it's only implemented for krb4 conversions;
it's not used by the kaserver converter.  I have code for this for 0.0u and
will be porting this to 0.1d sometime today.  Should this be a standard
feature?  (It's nice for the same reason the krb4 one is: it helps to
diagnose problems converting krb4/kaserver principals to krb5 principals.)

(2) If you build the KDC with kaserver emulation, it's always turned on.
Converting from an existing kaserver to heimdal requires building heimdal
without kaserver emulation, performing the hprop to import the kaserver
database, then rebuilding heimdal with kaserver emulation.  It would be nice
to have a flag to kdc to disable/enable kaserver emulation, so I could run
the initial kdc for kprop with kaserver emulation disabled (otherwise AFS
goes wacky, as the kaserver and kdc conflict with each other and neither one
works).  Again, I'll probably add this myself to save my sanity, but should
it be a standard part of heimdal?  (And again, the krb4 emulation already has
this, indirectly by specifying/not specifying the krb4 realm to handle.)

-- 
brandon s. allbery	[os/2][linux][solaris][japh]	 allbery@kf8nh.apk.net
system administrator	     [WAY too many hats]	   allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering			 KF8NH
     We are Linux. Resistance is an indication that you missed the point.