Zephyr¶
Zephyr greatly dislikes NAT. But it turns out that it’s quite happy to work with a NATted server (presumably, as long as there’s only one server) - it’s the clients that are the problem, and we have the IP space to not NAT them. So there’s a zephyrd (kerberized, of course) running on breezebuilder [1], which is a VM inside the cluster.
| [1] | Named after the Breezebuilders of the level Breeze Harbor in Spyro 2: Ripto’s Rage, who are at war with the Land Blubbers of the level Zephyr. |
Hesiod¶
Zephyr uses Hesiod to locate its servers; this really means a special
tree of DNS TXT records hanging off of a subdomain of ours. We believe
(once we get the trust path in place) that we may be the only entity
with DNSSEC-protected Hesiod records of any kind, though we don’t have
any other than zephyr.sloc.
Client setup¶
On Debian systems, install zephyr-clients and libzephyr4-krb5
(if you don’t specify that, you get the non-kerberized version, which
the zephyrd will refuse to talk to). Don’t specify a Zephyr server -
that’s what Hesiod is for. Do a dpkg-reconfigure of libhesiod0
and set the RHS to .acm.jhu.edu (the default LHS of .ns and
the default order of IN,HS are correct). Restart zhm (it will
have failed to start before because of the incorrect Hesiod settings),
then fire up your favorite Zephyr client and check that everything works.