This commit was manufactured by cvs2svn to create tag

[heimdal.git] / ChangeLog

2001-07-03  Assar Westerlund  <assar@sics.se>

        * Release 0.4b

2001-07-03  Assar Westerlund  <assar@sics.se>

        * Release 0.4a

2001-07-02  Johan Danielsson  <joda@pdc.kth.se>

        * kuser/kinit.c: make this compile without krb4 support

        * lib/krb5/write_message.c: remove priv parameter from
        write_safe_message; don't know why it was there in the first place

        * doc/install.texi: remove kaserver switches, it's always compiled
        in now

        * kdc/hprop.c: always include kadb support

        * kdc/kaserver.c: always include kaserver support

2001-07-02  Assar Westerlund  <assar@sics.se>

        * kpasswd/kpasswdd.c (doit): make failing to bind a socket a
        non-fatal error, and abort if no sockets were bound

2001-07-01  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krbhst.c: remember the real port number when falling
        back from kpasswd -> kadmin, and krb524 -> kdc

2001-06-29  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
        no_addresses is set, do not add any local addresses to KRB_CRED

        * kuser/kinit.c: remove extra clearing of password and some
        redundant code

2001-06-29  Johan Danielsson  <joda@pdc.kth.se>

        * kuser/kinit.c: move ticket conversion code to separate function,
        and call that from a couple of places, like when renewing a
        ticket; also add a flag for just converting a ticket

        * lib/krb5/init_creds_pw.c: set renew-life to some sane value

        * kdc/524.c: don't send more data than required

2001-06-24  Assar Westerlund  <assar@sics.se>

        * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns

        * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
        (any_start_seq_get): remove a double free
        (any_next_entry): iterate over all (sub) keytabs and avoid leave data
        around to be freed again

        * kdc/kdc_locl.h: add a define for des_new_random_key when using
        openssl's libcrypto

        * configure.in: move v6 tests down

        * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052

        * update to libtool 1.4 and autoconf 2.50

2001-06-21  Johan Danielsson  <joda@pdc.kth.se>

        * lib/hdb/Makefile.am: add generation number
        * lib/hdb/common.c: add generation number code
        * lib/hdb/hdb.asn1: add generation number
        * lib/hdb/print.c: use krb5_storage to make it more dynamic

2001-06-21  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.conf.5: update to changed names used by
        krb5_get_init_creds_opt_set_default_flags
        * lib/krb5/init_creds.c
        (krb5_get_init_creds_opt_set_default_flags): make the appdefault
        keywords have the same names

        * configure.in: only add -L and -R to the krb4 libdir if we are
        actually using it

        * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
        dot of hostname add some comments
        * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
        testing for kerberos.REALM.  this allows reusing that information
        when actually contacting the server and thus avoids one DNS lookup

2001-06-20  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/krb5.h: include k524_err.h

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
        for keytype, the server will do this for us if it has anything to
        complain about

        * lib/krb5/context.c: add protocol compatible krb524 error codes

        * lib/krb5/Makefile.am: add protocol compatible krb524 error codes

        * lib/krb5/k524_err.et: add protocol compatible krb524 error codes

        * lib/krb5/krb5_principal_get_realm.3: manpage

        * lib/krb5/principal.c: add functions `krb5_principal_get_realm'
        and `krb5_principal_get_comp_string' that returns parts of a
        principal; this is a replacement for the internal
        `krb5_princ_realm' and `krb5_princ_component' macros that everyone
        seem to use

2001-06-19  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.c (main): dereference result from krb5_princ_realm.
        from Thomas Nystrom <thn@saeab.se>

2001-06-18  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
        * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
        * lib/krb5/krbhst.c (config_get_hosts): free hostlist
        * kuser/kinit.c: free principal

2001-06-18  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
        freeaddrinfo

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
        remove some unused variables

        * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
        * kdc/kerberos5.c: update to new krb5_auth_con* names
        * kdc/hpropd.c: update to new krb5_auth_con* names
        * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
        and remove some comments
        * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
        order: remote - local - session
        * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
        auth_context
        * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
        order: remote - local - session
        * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
        local - remote - session

2001-06-18  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/convert_creds.c: use starttime instead of authtime,
        from Chris Chiappa

        * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
        the MIT function by the same name; add
        krb524_convert_creds_kdc_ccache that does what the old version did

        * admin/list.c (do_list): make sure list of keys is NULL
        terminated; similar to patch sent by Chris Chiappa

2001-06-18  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mcache.c (mcc_remove_cred): use
        krb5_free_creds_contents

        * lib/krb5/auth_context.c: name function krb5_auth_con more
        consistenly
        * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
        renamed krb5_auth_con_getauthenticator

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
        use krb5_krbhst API
        * lib/krb5/changepw.c (krb5_change_password): update to use
        krb5_krbhst API
        * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
        * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
        in krb5_krbhst_info
        (krb5_krbhst_free): free everything

        * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
        (krb5_krbhst_info): add def_port (default port for this service)

        * lib/krb5/krbhst-test.c: make it more verbose and useful
        * lib/krb5/krbhst.c: remove some more memory leaks do not try any
        dns operations if there is local configuration admin: fallback to
        kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
        add some comments

        * configure.in: remove initstate and setstate, they should be in
        cf/roken-frag.m4

        * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
        * lib/krb5/krbhst-test.c: new program for testing krbhst
        * lib/krb5/krbhst.c (common_init): remove memory leak
        (main): move test program into krbhst-test

2001-06-17  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/krb5_krbhst_init.3: manpage

        * lib/krb5/krb5_get_krbhst.3: manpage

2001-06-16  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type

        * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle

        * lib/krb5/krb5.h: types for new krbhst api

        * lib/krb5/krbhst.c: implement a new api that looks up one host at
        a time, instead of making a list of hosts

2001-06-09  Johan Danielsson  <joda@pdc.kth.se>

        * configure.in: test for initstate and setstate

        * lib/krb5/krbhst.c: remove rfc2052 support

2001-06-08  Johan Danielsson  <joda@pdc.kth.se>

        * fix some manpages for broken mdoc.old grog test

2001-05-28  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.conf.5: add [appdefaults]
        * lib/krb5/init_creds_pw.c: remove configuration reading that is
        now done in krb5_get_init_creds_opt_set_default_flags
        * lib/krb5/init_creds.c
        (krb5_get_init_creds_opt_set_default_flags): add reading of
        libdefaults versions of these and add no_addresses

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
        when preauth was required and we retry

2001-05-25  Assar Westerlund  <assar@sics.se>

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
        krb5_get_krb524hst
        * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
        support functions

2001-05-22  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
        properly

2001-05-17  Assar Westerlund  <assar@sics.se>

        * Release 0.3f

2001-05-17  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: bump version to 16:0:0
        * lib/hdb/Makefile.am: bump version to 7:1:0
        * lib/asn1/Makefile.am: bump version to 5:0:0
        * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
        * lib/krb5/codec.c: remove dead code

2001-05-17  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/config.c: actually check the ticket addresses

2001-05-15  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
        parenthesis

        * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
        `errno' (called system_error) to allow callers to make sure they
        pass the current and relevant value.  update callers

2001-05-14  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/verify_user.c: krb5_verify_user_opt

        * lib/krb5/krb5.h: verify_opt

        * kdc/kerberos5.c: pass context to krb5_domain_x500_decode

2001-05-14  Assar Westerlund  <assar@sics.se>

        * kpasswd/kpasswdd.c: adapt to new address functions
        * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
        * kdc/connect.c: adapt to changing address functions
        * kdc/config.c: new krb5_config_parse_file
        * kdc/524.c: new krb5_sockaddr2address
        * lib/krb5/*: add some krb5_{set,clear}_error_string

        * lib/asn1/k5.asn1 (LR_TYPE): add
        * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x

2001-05-11  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos5.c (tsg_rep): fix typo in variable name

        * kpasswd/kpasswd-generator.c (nop_prompter): update prototype
        * lib/krb5/init_creds_pw.c: update to new prompter, use prompter
        types and send two prompts at once when changning password
        * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
        * lib/krb5/krb5.h (krb5_prompt): add type
        (krb5_prompter_fct): add anem

        * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
        paramaters to krb5_cc_next_cred (as MIT does, and not as they
        document).  From "Jacques A. Vidrine" <n@nectar.com>

2001-05-11  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/Makefile.am: store-test

        * lib/krb5/store-test.c: simple bit storage test

        * lib/krb5/store.c: add more byteorder storage flags
        
        * lib/krb5/krb5.h: add more byteorder storage flags
        
        * kdc/kerberos5.c: don't use NULL where we mean 0

        * kdc/kerberos5.c: put referral test code in separate function,
        and test for KRB5_NT_SRV_INST

2001-05-10  Assar Westerlund  <assar@sics.se>

        * admin/list.c (do_list): do not close the keytab if opening it
        failed
        * admin/list.c (do_list): always print complete names.  print
        everything to stdout.
        * admin/list.c: print both v5 and v4 list by default
        * admin/remove.c (kt_remove): reorganize some.  open the keytab
        (defaulting to the modify one).
        * admin/purge.c (kt_purge): reorganize some.  open the keytab
        (defaulting to the modify one). correct usage strings
        * admin/list.c (kt_list): reorganize some.  open the keytab
        * admin/get.c (kt_get): reorganize some.  open the keytab
        (defaulting to the modify one)
        * admin/copy.c (kt_copy): default to modify key name.  re-organise
        * admin/change.c (kt_change): reorganize some.  open the keytab
        (defaulting to the modify one)
        * admin/add.c (kt_add): reorganize some.  open the keytab
        (defaulting to the modify one)
        * admin/ktutil.c (main): do not open the keytab, let every
        sub-function handle it

        * kdc/config.c (configure): call free_getarg_strings

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
        a few more errors

        * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
        `use_dns' parameter boolean

        * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
        * lib/krb5/context.c (init_context_from_config_file): set
        default_keytab_modify
        * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
        ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
        (KEYTAB_DEFAULT_MODIFY): add
        * lib/krb5/keytab.c (krb5_kt_default_modify_name): add
        (krb5_kt_resolve): set error string for failed keytab type

2001-05-08  Assar Westerlund  <assar@sics.se>

        * lib/krb5/crypto.c (encryption_type): make field names more
        consistent
        (create_checksum): separate usage and type
        (krb5_create_checksum): add a separate type parameter
        (encrypt_internal): only free once on mismatched checksum length

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
        realm we didn't manage to reach any KDC for in the error string

        * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
        the entire subkey.  from <tmartin@mirapoint.com>

2001-05-07  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
        KT_NOTFOUND if the file is empty

2001-05-07  Assar Westerlund  <assar@sics.se>

        * lib/krb5/fcache.c: call krb5_set_error_string when open fails
        fatally
        * lib/krb5/keytab_file.c: call krb5_set_error_string when open
        fails fatally

        * lib/krb5/warn.c (_warnerr): print error_string in context in
        preference to error string derived from error code
        * kuser/kinit.c (main): try to print the error string
        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
        error strings for errors

        * lib/krb5/krb5.h (krb5_context_data): add error_string and
        error_buf
        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
        * lib/krb5/error_string.c: new file

2001-05-02  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/time.c: krb5_string_to_deltat

        * lib/krb5/sock_principal.c: one less data copy

        * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's

        * lib/krb5/get_default_principal.c: change this slightly

        * lib/krb5/crypto.c: make checksum_types into an array of pointers

        * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
        ticket

2001-04-29  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
        the right realm if we fail to find a non-krbtgt service in the
        database and the second component does a succesful non-dns lookup
        to get the real realm (which has to be different from the
        originally-supplied realm).  this should help windows 2000 clients
        that always start their lookups in `their' realm and do not have
        any idea of how to map hostnames into realms
        * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm

2001-04-27  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
        parameter to request use of dns or not

2001-04-25  Assar Westerlund  <assar@sics.se>

        * admin/get.c (kt_get): allow specification of encryption types
        * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
        close an unopened ccache, noted by <marc@mit.edu>

        * lib/krb5/krb5.h (krb5_any_ops): add declaration
        * lib/krb5/context.c (init_context_from_config_file): register
        krb5_any_ops

        * lib/krb5/keytab_any.c: new file, implementing union of keytabs
        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
        
        * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
        == NULL.  noted by <marc@mit.edu>

2001-04-19  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
        else, from Jacques Vidrine

2001-04-18  Johan Danielsson  <joda@pdc.kth.se>

        * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h

        * lib/asn1/Makefile.am: add asn1_ENCTYPE.x

        * lib/krb5/krb5.h: adapt to asn1 changes

        * lib/asn1/k5.asn1: move enctypes here

        * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
        conflicts

        * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
        conflicts

        * lib/asn1/lex.l: use strtol to parse constants

2001-04-06  Johan Danielsson  <joda@pdc.kth.se>

        * kuser/kinit.c: add simple support for running commands

2001-03-26  Assar Westerlund  <assar@sics.se>

        * lib/hdb/hdb-ldap.c: change order of includes to allow it to work
        with more versions of openldap

        * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
        replies
        (*): update callers of krb5_km_error
        (check_tgs_flags): handle renews requesting non-renewable tickets

        * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
        and cusec

        * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
        compatibility names

        * lib/krb5/crypto.c (create_checksum): change so that `type == 0'
        means pick from the `crypto' (context) and otherwise use that
        type.  this is not a large change in practice and allows callers
        to specify the exact checksum algorithm to use

2001-03-13  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
        to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
        integrity'.  this helps for talking to old (pre 0.3d) KDCs

2001-03-12  Assar Westerlund  <assar@pdc.kth.se>

        * lib/krb5/crypto.c (krb5_derive_key): new function, used by
        derived-key-test.c
        * lib/krb5/string-to-key-test.c: add new test vectors posted by
        Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
        ietf-krb-wg@anl.gov
        * lib/krb5/n-fold-test.c: more test vectors from same source
        * lib/krb5/derived-key-test.c: more tests from same source

2001-03-06  Assar Westerlund  <assar@sics.se>

        * acconfig.h: include roken_rename.h when appropriate

2001-03-06  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.h (krb5_enctype): remove trailing comma

2001-03-04  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
        compatibility with MIT krb5

2001-03-02  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.c (main): only request a renewable ticket when
        explicitly requested.  it still gets a renewable one if the renew
        life is specified
        * kuser/kinit.c (renew_validate): treat -1 as flags not being set

2001-02-28  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list

2001-02-27  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt

2001-02-25  Assar Westerlund  <assar@sics.se>

        * configure.in: do not use -R when testing for des functions

2001-02-14  Assar Westerlund  <assar@sics.se>

        * configure.in: test for lber.h when trying to link against
        openldap to handle openldap v1, from Sumit Bose
        <sumit.bose@suse.de>

2001-02-19  Assar Westerlund  <assar@sics.se>

        * lib/asn1/libasn1.h: add string.h (for memset)

2001-02-15  Assar Westerlund  <assar@sics.se>

        * lib/krb5/warn.c (_warnerr): add printf attributes
        * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
        returned by getaddrinfo before trying the next kdc.  from
        thorpej@netbsd.org

        * lib/krb5/krb5.conf.5: fix default_realm in example

        * kdc/connect.c: fix a few kdc_log format types

        * configure.in: try to handle libdes/libcrypto ont requiring -L

2001-02-10  Assar Westerlund  <assar@sics.se>

        * lib/asn1/gen_decode.c (generate_type_decode): zero the data at
        the beginning of the generated function, and add a label `fail'
        that the code jumps to in case of errors that frees all allocated
        data

2001-02-07  Assar Westerlund  <assar@sics.se>

        * configure.in: aix dce: fix misquotes, from Ake Sandgren
        <ake@cs.umu.se>

        * configure.in (dpagaix_LDFLAGS): try to add export file

2001-02-05  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5_keytab.3: new man page, contributed by
        <lha@stacken.kth.se>

        * kdc/kaserver.c: update to new db_fetch4

2001-02-05  Assar Westerlund  <assar@assaris.sics.se>

        * Release 0.3e

2001-01-30  Assar Westerlund  <assar@sics.se>

        * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
        properly
        (kdb_prop): decrypt key properly
        * kdc/hprop.c: handle building with KRB4 always try to decrypt v4
        data with the master key leave it up to the v5 how to encrypt with
        that master key

        * kdc/kstash.c: include file name in error messages
        * kdc/hprop.c: fix a typo and check some more return values
        * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
        correctly.  From Jacques Vidrine <n@nectar.com>
        * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
        ENOENT

        * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
        15:0:0
        * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
        * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
        * kdc/misc.c (db_fetch): return an error code.  change callers to
        look at this and try to print it in log messages

        * lib/krb5/crypto.c (decrypt_internal_derived): check that there's
        enough data

2001-01-29  Assar Westerlund  <assar@sics.se>

        * kdc/hprop.c (realm_buf): move it so it becomes properly
        conditional on KRB4

        * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
        hdb_unseal_keys, hdb_seal_keys): check that we have the correct
        master key and that we manage to decrypt the key properly,
        returning an error code.  fix all callers to check return value.

        * tools/krb5-config.in: use @LIB_des_appl@
        * tools/Makefile.am (krb5-config): add LIB_des_appl
        * configure.in (LIB_des): set correctly
        (LIB_des_appl): add for the use by krb5-config.in

        * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
        to make sure of not dropping data when doing it over a socket.
        (this might break when used with ordinary files on win32)

        * lib/hdb/hdb_err.et (NO_MKEY): add

        * kdc/kerberos5.c (as_rep): be paranoid and check
        krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>

        * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
        lib/krb5/krb5_auth_context.3: add new man pages, contributed by
        <lha@stacken.kth.se>

        * use the openssl api for md4/md5/sha and handle openssl/*.h

        * kdc/kaserver.c (do_getticket): check length of ticket.  noted by
        <lha@stacken.kth.se>

2001-01-28  Assar Westerlund  <assar@sics.se>

        * configure.in: send -R instead of -rpath to libtool to set
        runtime library paths

        * lib/krb5/Makefile.am: remove all dependencies on libkrb

2001-01-27  Assar Westerlund  <assar@sics.se>

        * appl/rcp: add port of bsd rcp changed to use existing rsh,
        contributed by Richard Nyberg <rnyberg@it.su.se>

2001-01-27  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/get_port.c: don't warn if the port name can't be found,
        nobody cares anyway

2001-01-26  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/hprop.c: make it possible to convert a v4 dump file without
        having any v4 libraries; the kdb backend still require them

        * kdc/v4_dump.c: include shadow definition of kdb Principal, so we
        don't have to depend on any v4 libraries

        * kdc/hprop.h: include shadow definition of kdb Principal, so we
        don't have to depend on any v4 libraries

        * lib/hdb/print.c: reduce number of memory allocations

        * lib/hdb/mkey.c: add support for reading krb4 /.k files

2001-01-19  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
        for realms document capath better

        * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
        at kpasswd_server before admin_server

        * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
        [libdefaults]capath for better hint of realm to send request to.
        this allows the client to specify `realm routing information' in
        case it cannot be done at the server (which is preferred)

        * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
        zero when we were expecting a sequence number.  MIT krb5 cannot
        generate a sequence number of zero, instead generating no sequence
        number
        * lib/krb5/rd_safe.c (krb5_rd_safe): dito

2001-01-11  Assar Westerlund  <assar@sics.se>

        * kpasswd/kpasswdd.c: add --port option

2001-01-10  Assar Westerlund  <assar@sics.se>

        * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
        just before returning

2001-01-09  Assar Westerlund  <assar@sics.se>

        * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred

2001-01-05  Johan Danielsson  <joda@pdc.kth.se>

        * kuser/kinit.c: call a time `time', and not `seconds'

        * lib/krb5/init_creds.c: not much point in setting the anonymous
        flag here

        * lib/krb5/krb5_appdefault.3: document appdefault_time

2001-01-04  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/verify_user.c: use
        krb5_get_init_creds_opt_set_default_flags

        * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags

        * lib/krb5/init_creds.c: new function
        krb5_get_init_creds_opt_set_default_flags to set options from
        krb5.conf

        * lib/krb5/rd_cred.c: make this match the MIT function
        
        * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
        def_val
        (krb5_appdefault_time): new function

2001-01-03  Assar Westerlund  <assar@sics.se>

        * kdc/hpropd.c (main): handle EOF when reading from stdin