######
Zephyr
######

Zephyr greatly dislikes NAT. But it turns out that it's quite happy
to work with a NATted server (presumably, as long as there's only one
server) - it's the clients that are the problem, and we have the IP
space to not NAT them. So there's a zephyrd (kerberized, of course)
running on breezebuilder [#note-name]_, which is a VM inside the cluster.

.. [#note-name] Named after the Breezebuilders of the level Breeze Harbor
   in *Spyro 2: Ripto's Rage*, who are at war with the Land Blubbers of
   the level Zephyr.

Hesiod
======

Zephyr uses Hesiod to locate its servers; this really means a special
tree of DNS TXT records hanging off of a subdomain of ours. We believe
(once we get the trust path in place) that we may be the only entity
with DNSSEC-protected Hesiod records of any kind, though we don't have
any other than ``zephyr.sloc``.

Client setup
============

On Debian systems, install ``zephyr-clients`` and ``libzephyr4-krb5``
(if you don't specify that, you get the non-kerberized version, which
the zephyrd will refuse to talk to). Don't specify a Zephyr server -
that's what Hesiod is for. Do a dpkg-reconfigure of ``libhesiod0``
and set the RHS to ``.acm.jhu.edu`` (the default LHS of ``.ns`` and
the default order of ``IN,HS`` are correct). Restart ``zhm`` (it will
have failed to start before because of the incorrect Hesiod settings),
then fire up your favorite Zephyr client and check that everything works.