I have done this although without MIT_Kerberos. There is problem when linking to it - resulting code depends on cygwin1.dll and msvcrt.dll - which is wrong according to cygwin faq.
So I start playing with heimdal kerberos. It is compiled under cygwin wery well (in contrast to MIT - which is not), but there are problems linking coda source with it. First of all configure script consider heimdal libraries as not working (although I have set path to them), so this requires editing of Makefile in coda-src/auth2 directory. Second - some of heimdal internal structures are different from MIT ones (although API itself looks almost the same), so I make a little patch to fix these problems in krb5.c file. As a result I've got a working clog (this is the only kerberos-enabled executable which I need).
I've not used heimdal before but I like this thing. It is fully compatible with MIT (heimdal clients authenticate without problems on MIT kdc) and it is built with readline support (readline-less ftp from MIT drives me crazy).
I ve not yet tried modular clog as Ivan suggested, but I think it will require patching too to make it work with heimdal.
Also I had a hard time making "net start venus" work. It is working now but I am not sure why it was failing before. May be it was connected with unconfigured cygwinserver?
Now the patches:
krb5.c:
---------------------Patch starts here ---------------------------
242,247c242
< #ifdef __KRB5_H__ < HashSecret(session_key->keyvalue.data, session_key->keyvalue.length, *sec
ret);
< #endif
< #ifdef KRB5_GENERAL__
< HashSecret(session_key->contents,session_key->length, *secret);
< #endif
---
> HashSecret(session_key->contents, session_key->length, *secret);
295,297c290,291
< #ifdef __KRB5_H__
< if (strncmp(ticket->client->realm, kerberos5realm,
< strlen(ticket->client->realm))) {
---
> if (strncmp(ticket->enc_part2->client->realm.data, kerberos5realm,
> ticket->enc_part2->client->realm.length)) {
302,309c296
< krc=krb5_unparse_name(krb5context, ticket->client, &cp);
< #endif
< #ifdef KRB5_GENERAL__
< if (strncmp(ticket->enc_part2->client->realm.data,kerberos5realm,
< ticket->enc_part2->client->realm.length)) {
< fprintf(stderr,"incorrect realm in ticket\n");
< goto out;
< }
---
>
312d298
< #endif
335,340d320
< #ifdef __KRB5_H__
< HashSecret(ticket->ticket.key.keyvalue.data,
< ticket->ticket.key.keyvalue.length,
< hKey);
< #endif
< #ifdef KRB5_GENERAL__
344c324
< #endif
---
>
----------------------------Patch ends here------------------------------
coda-src/auth2/Makefile for cygwin:
----------------------------Makefile-------------------------------------
TOPDIR = ../..
srcdir = .
TOPOBJ = /home/Administrator/coda-6.0.6
include $(TOPDIR)/Makeconf
#CFLAGS += -DCODAAUTH CFLAGS += -DHAVE_KRB5
AUTHCOMMON := acommon.o LIBKRBS=
ifneq ($(LIBKRB4),) AUTHCOMMON += krb4.o LIBKRBS += $(LIBKRB4) endif LIBCRYPTO=-lkrb5 -lcom_err -lroken -lasn1 -ldes ifneq ($(LIBKRB5),) AUTHCOMMON += krb5.o LIBKRBS += $(LIBKRB5) endif
LIBKRBS=/usr/lib/libkrb5.a /usr/lib/libcom_err.a AUTHCOMMON += krbcommon.o ifneq ($(LIBKRB4)$(LIBKRB5),) AUTHCOMMON += krbcommon.o endif
LIBAUTH2OBJS=auth2.server.o avice.o pwsupport.o $(AUTHCOMMON) LIBAUSEROBJS=auth2.client.o auser.o avenus.o $(AUTHCOMMON)
CBINS = clog cpasswd ctokens cunlog CSBINS = au SBINS = SSBINS = au auth2 initpw EXECUTABLES = $(CBINS) $(CSBINS) $(SBINS) $(SSBINS) tokentool
# # only build clog on win9x # ifeq ($(SHORTSYS),djgpp) EXECUTABLES = clog endif
RP2HEADERS = auth2.h
DEPLIBS = $(LIBUTIL) $(LIBKERNDEP) $(LIBBASE) LIBS := $(LIBRPC2) $(LIBLWP) $(LIBCRYPTO) $(LIBS)
LIBRARIES = libauth2.a libauser.a
HEADERS = avenus.h avice.h
OBJS = auth2.client.o auth2.server.o auth2.multi.o au.o auser.o avenus.o avice.o initpw.o krb5.o krbcommon.o
include $(TOPDIR)/configs/Makerules
libauth2.a: $(LIBAUTH2OBJS)
libauser.a: $(LIBAUSEROBJS)
auth2: auth2.o krb5.o krbcommon.o libauth2.a $(LIBAL) $(LIBRWCDB) $(DEPLIBS)
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@au: au.o libauser.a krb5.o krbcommon.o $(DEPLIBS)
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@clog: clog.o krb5.o krbcommon.o libauser.a tokenfile.o ${LIBCRYPTO} ${LIBKRBS} ${DEPLIBS}
${CC} $(LDFLAGS) $^ ${LIBS} -o $@
cpasswd: cpasswd.o krb5.o libauser.a ${DEPLIBS}
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@initpw: initpw.o $(DEPLIBS)
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@cunlog: cunlog.o libauser.a ${DEPLIBS}
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@ctokens: ctokens.o libauser.a ${DEPLIBS}
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@tokentool: tokentool.o tokenfile.o ${DEPLIBS}
${CC} $(LDFLAGS) $^ ${LIBKRBS} ${LIBS} -o $@
------------------------------------Makefile------------------------------------------