1 2001-07-03 Assar Westerlund <assar@sics.se>
5 2001-07-03 Assar Westerlund <assar@sics.se>
9 2001-07-02 Johan Danielsson <joda@pdc.kth.se>
11 * kuser/kinit.c: make this compile without krb4 support
13 * lib/krb5/write_message.c: remove priv parameter from
14 write_safe_message; don't know why it was there in the first place
16 * doc/install.texi: remove kaserver switches, it's always compiled
19 * kdc/hprop.c: always include kadb support
21 * kdc/kaserver.c: always include kaserver support
23 2001-07-02 Assar Westerlund <assar@sics.se>
25 * kpasswd/kpasswdd.c (doit): make failing to bind a socket a
26 non-fatal error, and abort if no sockets were bound
28 2001-07-01 Assar Westerlund <assar@sics.se>
30 * lib/krb5/krbhst.c: remember the real port number when falling
31 back from kpasswd -> kadmin, and krb524 -> kdc
33 2001-06-29 Assar Westerlund <assar@sics.se>
35 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
36 no_addresses is set, do not add any local addresses to KRB_CRED
38 * kuser/kinit.c: remove extra clearing of password and some
41 2001-06-29 Johan Danielsson <joda@pdc.kth.se>
43 * kuser/kinit.c: move ticket conversion code to separate function,
44 and call that from a couple of places, like when renewing a
45 ticket; also add a flag for just converting a ticket
47 * lib/krb5/init_creds_pw.c: set renew-life to some sane value
49 * kdc/524.c: don't send more data than required
51 2001-06-24 Assar Westerlund <assar@sics.se>
53 * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns
55 * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
56 (any_start_seq_get): remove a double free
57 (any_next_entry): iterate over all (sub) keytabs and avoid leave data
58 around to be freed again
60 * kdc/kdc_locl.h: add a define for des_new_random_key when using
63 * configure.in: move v6 tests down
65 * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052
67 * update to libtool 1.4 and autoconf 2.50
69 2001-06-21 Johan Danielsson <joda@pdc.kth.se>
71 * lib/hdb/Makefile.am: add generation number
72 * lib/hdb/common.c: add generation number code
73 * lib/hdb/hdb.asn1: add generation number
74 * lib/hdb/print.c: use krb5_storage to make it more dynamic
76 2001-06-21 Assar Westerlund <assar@sics.se>
78 * lib/krb5/krb5.conf.5: update to changed names used by
79 krb5_get_init_creds_opt_set_default_flags
80 * lib/krb5/init_creds.c
81 (krb5_get_init_creds_opt_set_default_flags): make the appdefault
82 keywords have the same names
84 * configure.in: only add -L and -R to the krb4 libdir if we are
87 * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
88 dot of hostname add some comments
89 * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
90 testing for kerberos.REALM. this allows reusing that information
91 when actually contacting the server and thus avoids one DNS lookup
93 2001-06-20 Johan Danielsson <joda@pdc.kth.se>
95 * lib/krb5/krb5.h: include k524_err.h
97 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
98 for keytype, the server will do this for us if it has anything to
101 * lib/krb5/context.c: add protocol compatible krb524 error codes
103 * lib/krb5/Makefile.am: add protocol compatible krb524 error codes
105 * lib/krb5/k524_err.et: add protocol compatible krb524 error codes
107 * lib/krb5/krb5_principal_get_realm.3: manpage
109 * lib/krb5/principal.c: add functions `krb5_principal_get_realm'
110 and `krb5_principal_get_comp_string' that returns parts of a
111 principal; this is a replacement for the internal
112 `krb5_princ_realm' and `krb5_princ_component' macros that everyone
115 2001-06-19 Assar Westerlund <assar@sics.se>
117 * kuser/kinit.c (main): dereference result from krb5_princ_realm.
118 from Thomas Nystrom <thn@saeab.se>
120 2001-06-18 Johan Danielsson <joda@pdc.kth.se>
122 * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
123 * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
124 * lib/krb5/krbhst.c (config_get_hosts): free hostlist
125 * kuser/kinit.c: free principal
127 2001-06-18 Assar Westerlund <assar@sics.se>
129 * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
132 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
133 remove some unused variables
135 * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
136 * kdc/kerberos5.c: update to new krb5_auth_con* names
137 * kdc/hpropd.c: update to new krb5_auth_con* names
138 * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
139 and remove some comments
140 * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
141 order: remote - local - session
142 * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
144 * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
145 order: remote - local - session
146 * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
147 local - remote - session
149 2001-06-18 Johan Danielsson <joda@pdc.kth.se>
151 * lib/krb5/convert_creds.c: use starttime instead of authtime,
154 * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
155 the MIT function by the same name; add
156 krb524_convert_creds_kdc_ccache that does what the old version did
158 * admin/list.c (do_list): make sure list of keys is NULL
159 terminated; similar to patch sent by Chris Chiappa
161 2001-06-18 Assar Westerlund <assar@sics.se>
163 * lib/krb5/mcache.c (mcc_remove_cred): use
164 krb5_free_creds_contents
166 * lib/krb5/auth_context.c: name function krb5_auth_con more
168 * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
169 renamed krb5_auth_con_getauthenticator
171 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
173 * lib/krb5/changepw.c (krb5_change_password): update to use
175 * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
176 * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
178 (krb5_krbhst_free): free everything
180 * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
181 (krb5_krbhst_info): add def_port (default port for this service)
183 * lib/krb5/krbhst-test.c: make it more verbose and useful
184 * lib/krb5/krbhst.c: remove some more memory leaks do not try any
185 dns operations if there is local configuration admin: fallback to
186 kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
189 * configure.in: remove initstate and setstate, they should be in
192 * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
193 * lib/krb5/krbhst-test.c: new program for testing krbhst
194 * lib/krb5/krbhst.c (common_init): remove memory leak
195 (main): move test program into krbhst-test
197 2001-06-17 Johan Danielsson <joda@pdc.kth.se>
199 * lib/krb5/krb5_krbhst_init.3: manpage
201 * lib/krb5/krb5_get_krbhst.3: manpage
203 2001-06-16 Johan Danielsson <joda@pdc.kth.se>
205 * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
207 * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
209 * lib/krb5/krb5.h: types for new krbhst api
211 * lib/krb5/krbhst.c: implement a new api that looks up one host at
212 a time, instead of making a list of hosts
214 2001-06-09 Johan Danielsson <joda@pdc.kth.se>
216 * configure.in: test for initstate and setstate
218 * lib/krb5/krbhst.c: remove rfc2052 support
220 2001-06-08 Johan Danielsson <joda@pdc.kth.se>
222 * fix some manpages for broken mdoc.old grog test
224 2001-05-28 Assar Westerlund <assar@sics.se>
226 * lib/krb5/krb5.conf.5: add [appdefaults]
227 * lib/krb5/init_creds_pw.c: remove configuration reading that is
228 now done in krb5_get_init_creds_opt_set_default_flags
229 * lib/krb5/init_creds.c
230 (krb5_get_init_creds_opt_set_default_flags): add reading of
231 libdefaults versions of these and add no_addresses
233 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
234 when preauth was required and we retry
236 2001-05-25 Assar Westerlund <assar@sics.se>
238 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
240 * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
243 2001-05-22 Assar Westerlund <assar@sics.se>
245 * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
248 2001-05-17 Assar Westerlund <assar@sics.se>
252 2001-05-17 Assar Westerlund <assar@sics.se>
254 * lib/krb5/Makefile.am: bump version to 16:0:0
255 * lib/hdb/Makefile.am: bump version to 7:1:0
256 * lib/asn1/Makefile.am: bump version to 5:0:0
257 * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
258 * lib/krb5/codec.c: remove dead code
260 2001-05-17 Johan Danielsson <joda@pdc.kth.se>
262 * kdc/config.c: actually check the ticket addresses
264 2001-05-15 Assar Westerlund <assar@sics.se>
266 * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
269 * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
270 `errno' (called system_error) to allow callers to make sure they
271 pass the current and relevant value. update callers
273 2001-05-14 Johan Danielsson <joda@pdc.kth.se>
275 * lib/krb5/verify_user.c: krb5_verify_user_opt
277 * lib/krb5/krb5.h: verify_opt
279 * kdc/kerberos5.c: pass context to krb5_domain_x500_decode
281 2001-05-14 Assar Westerlund <assar@sics.se>
283 * kpasswd/kpasswdd.c: adapt to new address functions
284 * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
285 * kdc/connect.c: adapt to changing address functions
286 * kdc/config.c: new krb5_config_parse_file
287 * kdc/524.c: new krb5_sockaddr2address
288 * lib/krb5/*: add some krb5_{set,clear}_error_string
290 * lib/asn1/k5.asn1 (LR_TYPE): add
291 * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
293 2001-05-11 Assar Westerlund <assar@sics.se>
295 * kdc/kerberos5.c (tsg_rep): fix typo in variable name
297 * kpasswd/kpasswd-generator.c (nop_prompter): update prototype
298 * lib/krb5/init_creds_pw.c: update to new prompter, use prompter
299 types and send two prompts at once when changning password
300 * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
301 * lib/krb5/krb5.h (krb5_prompt): add type
302 (krb5_prompter_fct): add anem
304 * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
305 paramaters to krb5_cc_next_cred (as MIT does, and not as they
306 document). From "Jacques A. Vidrine" <n@nectar.com>
308 2001-05-11 Johan Danielsson <joda@pdc.kth.se>
310 * lib/krb5/Makefile.am: store-test
312 * lib/krb5/store-test.c: simple bit storage test
314 * lib/krb5/store.c: add more byteorder storage flags
316 * lib/krb5/krb5.h: add more byteorder storage flags
318 * kdc/kerberos5.c: don't use NULL where we mean 0
320 * kdc/kerberos5.c: put referral test code in separate function,
321 and test for KRB5_NT_SRV_INST
323 2001-05-10 Assar Westerlund <assar@sics.se>
325 * admin/list.c (do_list): do not close the keytab if opening it
327 * admin/list.c (do_list): always print complete names. print
328 everything to stdout.
329 * admin/list.c: print both v5 and v4 list by default
330 * admin/remove.c (kt_remove): reorganize some. open the keytab
331 (defaulting to the modify one).
332 * admin/purge.c (kt_purge): reorganize some. open the keytab
333 (defaulting to the modify one). correct usage strings
334 * admin/list.c (kt_list): reorganize some. open the keytab
335 * admin/get.c (kt_get): reorganize some. open the keytab
336 (defaulting to the modify one)
337 * admin/copy.c (kt_copy): default to modify key name. re-organise
338 * admin/change.c (kt_change): reorganize some. open the keytab
339 (defaulting to the modify one)
340 * admin/add.c (kt_add): reorganize some. open the keytab
341 (defaulting to the modify one)
342 * admin/ktutil.c (main): do not open the keytab, let every
343 sub-function handle it
345 * kdc/config.c (configure): call free_getarg_strings
347 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
350 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
351 `use_dns' parameter boolean
353 * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
354 * lib/krb5/context.c (init_context_from_config_file): set
355 default_keytab_modify
356 * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
357 ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
358 (KEYTAB_DEFAULT_MODIFY): add
359 * lib/krb5/keytab.c (krb5_kt_default_modify_name): add
360 (krb5_kt_resolve): set error string for failed keytab type
362 2001-05-08 Assar Westerlund <assar@sics.se>
364 * lib/krb5/crypto.c (encryption_type): make field names more
366 (create_checksum): separate usage and type
367 (krb5_create_checksum): add a separate type parameter
368 (encrypt_internal): only free once on mismatched checksum length
370 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
371 realm we didn't manage to reach any KDC for in the error string
373 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
374 the entire subkey. from <tmartin@mirapoint.com>
376 2001-05-07 Johan Danielsson <joda@pdc.kth.se>
378 * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
379 KT_NOTFOUND if the file is empty
381 2001-05-07 Assar Westerlund <assar@sics.se>
383 * lib/krb5/fcache.c: call krb5_set_error_string when open fails
385 * lib/krb5/keytab_file.c: call krb5_set_error_string when open
388 * lib/krb5/warn.c (_warnerr): print error_string in context in
389 preference to error string derived from error code
390 * kuser/kinit.c (main): try to print the error string
391 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
392 error strings for errors
394 * lib/krb5/krb5.h (krb5_context_data): add error_string and
396 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
397 * lib/krb5/error_string.c: new file
399 2001-05-02 Johan Danielsson <joda@pdc.kth.se>
401 * lib/krb5/time.c: krb5_string_to_deltat
403 * lib/krb5/sock_principal.c: one less data copy
405 * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
407 * lib/krb5/get_default_principal.c: change this slightly
409 * lib/krb5/crypto.c: make checksum_types into an array of pointers
411 * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
414 2001-04-29 Assar Westerlund <assar@sics.se>
416 * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
417 the right realm if we fail to find a non-krbtgt service in the
418 database and the second component does a succesful non-dns lookup
419 to get the real realm (which has to be different from the
420 originally-supplied realm). this should help windows 2000 clients
421 that always start their lookups in `their' realm and do not have
422 any idea of how to map hostnames into realms
423 * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
425 2001-04-27 Johan Danielsson <joda@pdc.kth.se>
427 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
428 parameter to request use of dns or not
430 2001-04-25 Assar Westerlund <assar@sics.se>
432 * admin/get.c (kt_get): allow specification of encryption types
433 * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
434 close an unopened ccache, noted by <marc@mit.edu>
436 * lib/krb5/krb5.h (krb5_any_ops): add declaration
437 * lib/krb5/context.c (init_context_from_config_file): register
440 * lib/krb5/keytab_any.c: new file, implementing union of keytabs
441 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
443 * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
444 == NULL. noted by <marc@mit.edu>
446 2001-04-19 Johan Danielsson <joda@pdc.kth.se>
448 * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
449 else, from Jacques Vidrine
451 2001-04-18 Johan Danielsson <joda@pdc.kth.se>
453 * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
455 * lib/asn1/Makefile.am: add asn1_ENCTYPE.x
457 * lib/krb5/krb5.h: adapt to asn1 changes
459 * lib/asn1/k5.asn1: move enctypes here
461 * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
464 * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
467 * lib/asn1/lex.l: use strtol to parse constants
469 2001-04-06 Johan Danielsson <joda@pdc.kth.se>
471 * kuser/kinit.c: add simple support for running commands
473 2001-03-26 Assar Westerlund <assar@sics.se>
475 * lib/hdb/hdb-ldap.c: change order of includes to allow it to work
476 with more versions of openldap
478 * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
480 (*): update callers of krb5_km_error
481 (check_tgs_flags): handle renews requesting non-renewable tickets
483 * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
486 * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
489 * lib/krb5/crypto.c (create_checksum): change so that `type == 0'
490 means pick from the `crypto' (context) and otherwise use that
491 type. this is not a large change in practice and allows callers
492 to specify the exact checksum algorithm to use
494 2001-03-13 Assar Westerlund <assar@sics.se>
496 * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
497 to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
498 integrity'. this helps for talking to old (pre 0.3d) KDCs
500 2001-03-12 Assar Westerlund <assar@pdc.kth.se>
502 * lib/krb5/crypto.c (krb5_derive_key): new function, used by
504 * lib/krb5/string-to-key-test.c: add new test vectors posted by
505 Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
507 * lib/krb5/n-fold-test.c: more test vectors from same source
508 * lib/krb5/derived-key-test.c: more tests from same source
510 2001-03-06 Assar Westerlund <assar@sics.se>
512 * acconfig.h: include roken_rename.h when appropriate
514 2001-03-06 Assar Westerlund <assar@sics.se>
516 * lib/krb5/krb5.h (krb5_enctype): remove trailing comma
518 2001-03-04 Assar Westerlund <assar@sics.se>
520 * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
521 compatibility with MIT krb5
523 2001-03-02 Assar Westerlund <assar@sics.se>
525 * kuser/kinit.c (main): only request a renewable ticket when
526 explicitly requested. it still gets a renewable one if the renew
528 * kuser/kinit.c (renew_validate): treat -1 as flags not being set
530 2001-02-28 Johan Danielsson <joda@pdc.kth.se>
532 * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
534 2001-02-27 Johan Danielsson <joda@pdc.kth.se>
536 * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
538 2001-02-25 Assar Westerlund <assar@sics.se>
540 * configure.in: do not use -R when testing for des functions
542 2001-02-14 Assar Westerlund <assar@sics.se>
544 * configure.in: test for lber.h when trying to link against
545 openldap to handle openldap v1, from Sumit Bose
548 2001-02-19 Assar Westerlund <assar@sics.se>
550 * lib/asn1/libasn1.h: add string.h (for memset)
552 2001-02-15 Assar Westerlund <assar@sics.se>
554 * lib/krb5/warn.c (_warnerr): add printf attributes
555 * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
556 returned by getaddrinfo before trying the next kdc. from
559 * lib/krb5/krb5.conf.5: fix default_realm in example
561 * kdc/connect.c: fix a few kdc_log format types
563 * configure.in: try to handle libdes/libcrypto ont requiring -L
565 2001-02-10 Assar Westerlund <assar@sics.se>
567 * lib/asn1/gen_decode.c (generate_type_decode): zero the data at
568 the beginning of the generated function, and add a label `fail'
569 that the code jumps to in case of errors that frees all allocated
572 2001-02-07 Assar Westerlund <assar@sics.se>
574 * configure.in: aix dce: fix misquotes, from Ake Sandgren
577 * configure.in (dpagaix_LDFLAGS): try to add export file
579 2001-02-05 Assar Westerlund <assar@sics.se>
581 * lib/krb5/krb5_keytab.3: new man page, contributed by
584 * kdc/kaserver.c: update to new db_fetch4
586 2001-02-05 Assar Westerlund <assar@assaris.sics.se>
590 2001-01-30 Assar Westerlund <assar@sics.se>
592 * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
594 (kdb_prop): decrypt key properly
595 * kdc/hprop.c: handle building with KRB4 always try to decrypt v4
596 data with the master key leave it up to the v5 how to encrypt with
599 * kdc/kstash.c: include file name in error messages
600 * kdc/hprop.c: fix a typo and check some more return values
601 * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
602 correctly. From Jacques Vidrine <n@nectar.com>
603 * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
606 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
608 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
609 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
610 * kdc/misc.c (db_fetch): return an error code. change callers to
611 look at this and try to print it in log messages
613 * lib/krb5/crypto.c (decrypt_internal_derived): check that there's
616 2001-01-29 Assar Westerlund <assar@sics.se>
618 * kdc/hprop.c (realm_buf): move it so it becomes properly
621 * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
622 hdb_unseal_keys, hdb_seal_keys): check that we have the correct
623 master key and that we manage to decrypt the key properly,
624 returning an error code. fix all callers to check return value.
626 * tools/krb5-config.in: use @LIB_des_appl@
627 * tools/Makefile.am (krb5-config): add LIB_des_appl
628 * configure.in (LIB_des): set correctly
629 (LIB_des_appl): add for the use by krb5-config.in
631 * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
632 to make sure of not dropping data when doing it over a socket.
633 (this might break when used with ordinary files on win32)
635 * lib/hdb/hdb_err.et (NO_MKEY): add
637 * kdc/kerberos5.c (as_rep): be paranoid and check
638 krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
640 * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
641 lib/krb5/krb5_auth_context.3: add new man pages, contributed by
644 * use the openssl api for md4/md5/sha and handle openssl/*.h
646 * kdc/kaserver.c (do_getticket): check length of ticket. noted by
649 2001-01-28 Assar Westerlund <assar@sics.se>
651 * configure.in: send -R instead of -rpath to libtool to set
652 runtime library paths
654 * lib/krb5/Makefile.am: remove all dependencies on libkrb
656 2001-01-27 Assar Westerlund <assar@sics.se>
658 * appl/rcp: add port of bsd rcp changed to use existing rsh,
659 contributed by Richard Nyberg <rnyberg@it.su.se>
661 2001-01-27 Johan Danielsson <joda@pdc.kth.se>
663 * lib/krb5/get_port.c: don't warn if the port name can't be found,
666 2001-01-26 Johan Danielsson <joda@pdc.kth.se>
668 * kdc/hprop.c: make it possible to convert a v4 dump file without
669 having any v4 libraries; the kdb backend still require them
671 * kdc/v4_dump.c: include shadow definition of kdb Principal, so we
672 don't have to depend on any v4 libraries
674 * kdc/hprop.h: include shadow definition of kdb Principal, so we
675 don't have to depend on any v4 libraries
677 * lib/hdb/print.c: reduce number of memory allocations
679 * lib/hdb/mkey.c: add support for reading krb4 /.k files
681 2001-01-19 Assar Westerlund <assar@sics.se>
683 * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
684 for realms document capath better
686 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
687 at kpasswd_server before admin_server
689 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
690 [libdefaults]capath for better hint of realm to send request to.
691 this allows the client to specify `realm routing information' in
692 case it cannot be done at the server (which is preferred)
694 * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
695 zero when we were expecting a sequence number. MIT krb5 cannot
696 generate a sequence number of zero, instead generating no sequence
698 * lib/krb5/rd_safe.c (krb5_rd_safe): dito
700 2001-01-11 Assar Westerlund <assar@sics.se>
702 * kpasswd/kpasswdd.c: add --port option
704 2001-01-10 Assar Westerlund <assar@sics.se>
706 * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
707 just before returning
709 2001-01-09 Assar Westerlund <assar@sics.se>
711 * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
713 2001-01-05 Johan Danielsson <joda@pdc.kth.se>
715 * kuser/kinit.c: call a time `time', and not `seconds'
717 * lib/krb5/init_creds.c: not much point in setting the anonymous
720 * lib/krb5/krb5_appdefault.3: document appdefault_time
722 2001-01-04 Johan Danielsson <joda@pdc.kth.se>
724 * lib/krb5/verify_user.c: use
725 krb5_get_init_creds_opt_set_default_flags
727 * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
729 * lib/krb5/init_creds.c: new function
730 krb5_get_init_creds_opt_set_default_flags to set options from
733 * lib/krb5/rd_cred.c: make this match the MIT function
735 * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
737 (krb5_appdefault_time): new function
739 2001-01-03 Assar Westerlund <assar@sics.se>
741 * kdc/hpropd.c (main): handle EOF when reading from stdin