1 2001-07-03 Assar Westerlund <assar@sics.se>
5 2001-07-02 Johan Danielsson <joda@pdc.kth.se>
7 * kuser/kinit.c: make this compile without krb4 support
9 * lib/krb5/write_message.c: remove priv parameter from
10 write_safe_message; don't know why it was there in the first place
12 * doc/install.texi: remove kaserver switches, it's always compiled
15 * kdc/hprop.c: always include kadb support
17 * kdc/kaserver.c: always include kaserver support
19 2001-07-02 Assar Westerlund <assar@sics.se>
21 * kpasswd/kpasswdd.c (doit): make failing to bind a socket a
22 non-fatal error, and abort if no sockets were bound
24 2001-07-01 Assar Westerlund <assar@sics.se>
26 * lib/krb5/krbhst.c: remember the real port number when falling
27 back from kpasswd -> kadmin, and krb524 -> kdc
29 2001-06-29 Assar Westerlund <assar@sics.se>
31 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
32 no_addresses is set, do not add any local addresses to KRB_CRED
34 * kuser/kinit.c: remove extra clearing of password and some
37 2001-06-29 Johan Danielsson <joda@pdc.kth.se>
39 * kuser/kinit.c: move ticket conversion code to separate function,
40 and call that from a couple of places, like when renewing a
41 ticket; also add a flag for just converting a ticket
43 * lib/krb5/init_creds_pw.c: set renew-life to some sane value
45 * kdc/524.c: don't send more data than required
47 2001-06-24 Assar Westerlund <assar@sics.se>
49 * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns
51 * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
52 (any_start_seq_get): remove a double free
53 (any_next_entry): iterate over all (sub) keytabs and avoid leave data
54 around to be freed again
56 * kdc/kdc_locl.h: add a define for des_new_random_key when using
59 * configure.in: move v6 tests down
61 * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052
63 * update to libtool 1.4 and autoconf 2.50
65 2001-06-21 Johan Danielsson <joda@pdc.kth.se>
67 * lib/hdb/Makefile.am: add generation number
68 * lib/hdb/common.c: add generation number code
69 * lib/hdb/hdb.asn1: add generation number
70 * lib/hdb/print.c: use krb5_storage to make it more dynamic
72 2001-06-21 Assar Westerlund <assar@sics.se>
74 * lib/krb5/krb5.conf.5: update to changed names used by
75 krb5_get_init_creds_opt_set_default_flags
76 * lib/krb5/init_creds.c
77 (krb5_get_init_creds_opt_set_default_flags): make the appdefault
78 keywords have the same names
80 * configure.in: only add -L and -R to the krb4 libdir if we are
83 * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
84 dot of hostname add some comments
85 * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
86 testing for kerberos.REALM. this allows reusing that information
87 when actually contacting the server and thus avoids one DNS lookup
89 2001-06-20 Johan Danielsson <joda@pdc.kth.se>
91 * lib/krb5/krb5.h: include k524_err.h
93 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
94 for keytype, the server will do this for us if it has anything to
97 * lib/krb5/context.c: add protocol compatible krb524 error codes
99 * lib/krb5/Makefile.am: add protocol compatible krb524 error codes
101 * lib/krb5/k524_err.et: add protocol compatible krb524 error codes
103 * lib/krb5/krb5_principal_get_realm.3: manpage
105 * lib/krb5/principal.c: add functions `krb5_principal_get_realm'
106 and `krb5_principal_get_comp_string' that returns parts of a
107 principal; this is a replacement for the internal
108 `krb5_princ_realm' and `krb5_princ_component' macros that everyone
111 2001-06-19 Assar Westerlund <assar@sics.se>
113 * kuser/kinit.c (main): dereference result from krb5_princ_realm.
114 from Thomas Nystrom <thn@saeab.se>
116 2001-06-18 Johan Danielsson <joda@pdc.kth.se>
118 * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
119 * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
120 * lib/krb5/krbhst.c (config_get_hosts): free hostlist
121 * kuser/kinit.c: free principal
123 2001-06-18 Assar Westerlund <assar@sics.se>
125 * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
128 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
129 remove some unused variables
131 * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
132 * kdc/kerberos5.c: update to new krb5_auth_con* names
133 * kdc/hpropd.c: update to new krb5_auth_con* names
134 * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
135 and remove some comments
136 * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
137 order: remote - local - session
138 * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
140 * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
141 order: remote - local - session
142 * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
143 local - remote - session
145 2001-06-18 Johan Danielsson <joda@pdc.kth.se>
147 * lib/krb5/convert_creds.c: use starttime instead of authtime,
150 * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
151 the MIT function by the same name; add
152 krb524_convert_creds_kdc_ccache that does what the old version did
154 * admin/list.c (do_list): make sure list of keys is NULL
155 terminated; similar to patch sent by Chris Chiappa
157 2001-06-18 Assar Westerlund <assar@sics.se>
159 * lib/krb5/mcache.c (mcc_remove_cred): use
160 krb5_free_creds_contents
162 * lib/krb5/auth_context.c: name function krb5_auth_con more
164 * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
165 renamed krb5_auth_con_getauthenticator
167 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
169 * lib/krb5/changepw.c (krb5_change_password): update to use
171 * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
172 * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
174 (krb5_krbhst_free): free everything
176 * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
177 (krb5_krbhst_info): add def_port (default port for this service)
179 * lib/krb5/krbhst-test.c: make it more verbose and useful
180 * lib/krb5/krbhst.c: remove some more memory leaks do not try any
181 dns operations if there is local configuration admin: fallback to
182 kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
185 * configure.in: remove initstate and setstate, they should be in
188 * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
189 * lib/krb5/krbhst-test.c: new program for testing krbhst
190 * lib/krb5/krbhst.c (common_init): remove memory leak
191 (main): move test program into krbhst-test
193 2001-06-17 Johan Danielsson <joda@pdc.kth.se>
195 * lib/krb5/krb5_krbhst_init.3: manpage
197 * lib/krb5/krb5_get_krbhst.3: manpage
199 2001-06-16 Johan Danielsson <joda@pdc.kth.se>
201 * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
203 * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
205 * lib/krb5/krb5.h: types for new krbhst api
207 * lib/krb5/krbhst.c: implement a new api that looks up one host at
208 a time, instead of making a list of hosts
210 2001-06-09 Johan Danielsson <joda@pdc.kth.se>
212 * configure.in: test for initstate and setstate
214 * lib/krb5/krbhst.c: remove rfc2052 support
216 2001-06-08 Johan Danielsson <joda@pdc.kth.se>
218 * fix some manpages for broken mdoc.old grog test
220 2001-05-28 Assar Westerlund <assar@sics.se>
222 * lib/krb5/krb5.conf.5: add [appdefaults]
223 * lib/krb5/init_creds_pw.c: remove configuration reading that is
224 now done in krb5_get_init_creds_opt_set_default_flags
225 * lib/krb5/init_creds.c
226 (krb5_get_init_creds_opt_set_default_flags): add reading of
227 libdefaults versions of these and add no_addresses
229 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
230 when preauth was required and we retry
232 2001-05-25 Assar Westerlund <assar@sics.se>
234 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
236 * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
239 2001-05-22 Assar Westerlund <assar@sics.se>
241 * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
244 2001-05-17 Assar Westerlund <assar@sics.se>
248 2001-05-17 Assar Westerlund <assar@sics.se>
250 * lib/krb5/Makefile.am: bump version to 16:0:0
251 * lib/hdb/Makefile.am: bump version to 7:1:0
252 * lib/asn1/Makefile.am: bump version to 5:0:0
253 * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
254 * lib/krb5/codec.c: remove dead code
256 2001-05-17 Johan Danielsson <joda@pdc.kth.se>
258 * kdc/config.c: actually check the ticket addresses
260 2001-05-15 Assar Westerlund <assar@sics.se>
262 * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
265 * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
266 `errno' (called system_error) to allow callers to make sure they
267 pass the current and relevant value. update callers
269 2001-05-14 Johan Danielsson <joda@pdc.kth.se>
271 * lib/krb5/verify_user.c: krb5_verify_user_opt
273 * lib/krb5/krb5.h: verify_opt
275 * kdc/kerberos5.c: pass context to krb5_domain_x500_decode
277 2001-05-14 Assar Westerlund <assar@sics.se>
279 * kpasswd/kpasswdd.c: adapt to new address functions
280 * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
281 * kdc/connect.c: adapt to changing address functions
282 * kdc/config.c: new krb5_config_parse_file
283 * kdc/524.c: new krb5_sockaddr2address
284 * lib/krb5/*: add some krb5_{set,clear}_error_string
286 * lib/asn1/k5.asn1 (LR_TYPE): add
287 * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
289 2001-05-11 Assar Westerlund <assar@sics.se>
291 * kdc/kerberos5.c (tsg_rep): fix typo in variable name
293 * kpasswd/kpasswd-generator.c (nop_prompter): update prototype
294 * lib/krb5/init_creds_pw.c: update to new prompter, use prompter
295 types and send two prompts at once when changning password
296 * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
297 * lib/krb5/krb5.h (krb5_prompt): add type
298 (krb5_prompter_fct): add anem
300 * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
301 paramaters to krb5_cc_next_cred (as MIT does, and not as they
302 document). From "Jacques A. Vidrine" <n@nectar.com>
304 2001-05-11 Johan Danielsson <joda@pdc.kth.se>
306 * lib/krb5/Makefile.am: store-test
308 * lib/krb5/store-test.c: simple bit storage test
310 * lib/krb5/store.c: add more byteorder storage flags
312 * lib/krb5/krb5.h: add more byteorder storage flags
314 * kdc/kerberos5.c: don't use NULL where we mean 0
316 * kdc/kerberos5.c: put referral test code in separate function,
317 and test for KRB5_NT_SRV_INST
319 2001-05-10 Assar Westerlund <assar@sics.se>
321 * admin/list.c (do_list): do not close the keytab if opening it
323 * admin/list.c (do_list): always print complete names. print
324 everything to stdout.
325 * admin/list.c: print both v5 and v4 list by default
326 * admin/remove.c (kt_remove): reorganize some. open the keytab
327 (defaulting to the modify one).
328 * admin/purge.c (kt_purge): reorganize some. open the keytab
329 (defaulting to the modify one). correct usage strings
330 * admin/list.c (kt_list): reorganize some. open the keytab
331 * admin/get.c (kt_get): reorganize some. open the keytab
332 (defaulting to the modify one)
333 * admin/copy.c (kt_copy): default to modify key name. re-organise
334 * admin/change.c (kt_change): reorganize some. open the keytab
335 (defaulting to the modify one)
336 * admin/add.c (kt_add): reorganize some. open the keytab
337 (defaulting to the modify one)
338 * admin/ktutil.c (main): do not open the keytab, let every
339 sub-function handle it
341 * kdc/config.c (configure): call free_getarg_strings
343 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
346 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
347 `use_dns' parameter boolean
349 * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
350 * lib/krb5/context.c (init_context_from_config_file): set
351 default_keytab_modify
352 * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
353 ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
354 (KEYTAB_DEFAULT_MODIFY): add
355 * lib/krb5/keytab.c (krb5_kt_default_modify_name): add
356 (krb5_kt_resolve): set error string for failed keytab type
358 2001-05-08 Assar Westerlund <assar@sics.se>
360 * lib/krb5/crypto.c (encryption_type): make field names more
362 (create_checksum): separate usage and type
363 (krb5_create_checksum): add a separate type parameter
364 (encrypt_internal): only free once on mismatched checksum length
366 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
367 realm we didn't manage to reach any KDC for in the error string
369 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
370 the entire subkey. from <tmartin@mirapoint.com>
372 2001-05-07 Johan Danielsson <joda@pdc.kth.se>
374 * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
375 KT_NOTFOUND if the file is empty
377 2001-05-07 Assar Westerlund <assar@sics.se>
379 * lib/krb5/fcache.c: call krb5_set_error_string when open fails
381 * lib/krb5/keytab_file.c: call krb5_set_error_string when open
384 * lib/krb5/warn.c (_warnerr): print error_string in context in
385 preference to error string derived from error code
386 * kuser/kinit.c (main): try to print the error string
387 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
388 error strings for errors
390 * lib/krb5/krb5.h (krb5_context_data): add error_string and
392 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
393 * lib/krb5/error_string.c: new file
395 2001-05-02 Johan Danielsson <joda@pdc.kth.se>
397 * lib/krb5/time.c: krb5_string_to_deltat
399 * lib/krb5/sock_principal.c: one less data copy
401 * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
403 * lib/krb5/get_default_principal.c: change this slightly
405 * lib/krb5/crypto.c: make checksum_types into an array of pointers
407 * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
410 2001-04-29 Assar Westerlund <assar@sics.se>
412 * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
413 the right realm if we fail to find a non-krbtgt service in the
414 database and the second component does a succesful non-dns lookup
415 to get the real realm (which has to be different from the
416 originally-supplied realm). this should help windows 2000 clients
417 that always start their lookups in `their' realm and do not have
418 any idea of how to map hostnames into realms
419 * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
421 2001-04-27 Johan Danielsson <joda@pdc.kth.se>
423 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
424 parameter to request use of dns or not
426 2001-04-25 Assar Westerlund <assar@sics.se>
428 * admin/get.c (kt_get): allow specification of encryption types
429 * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
430 close an unopened ccache, noted by <marc@mit.edu>
432 * lib/krb5/krb5.h (krb5_any_ops): add declaration
433 * lib/krb5/context.c (init_context_from_config_file): register
436 * lib/krb5/keytab_any.c: new file, implementing union of keytabs
437 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
439 * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
440 == NULL. noted by <marc@mit.edu>
442 2001-04-19 Johan Danielsson <joda@pdc.kth.se>
444 * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
445 else, from Jacques Vidrine
447 2001-04-18 Johan Danielsson <joda@pdc.kth.se>
449 * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
451 * lib/asn1/Makefile.am: add asn1_ENCTYPE.x
453 * lib/krb5/krb5.h: adapt to asn1 changes
455 * lib/asn1/k5.asn1: move enctypes here
457 * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
460 * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
463 * lib/asn1/lex.l: use strtol to parse constants
465 2001-04-06 Johan Danielsson <joda@pdc.kth.se>
467 * kuser/kinit.c: add simple support for running commands
469 2001-03-26 Assar Westerlund <assar@sics.se>
471 * lib/hdb/hdb-ldap.c: change order of includes to allow it to work
472 with more versions of openldap
474 * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
476 (*): update callers of krb5_km_error
477 (check_tgs_flags): handle renews requesting non-renewable tickets
479 * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
482 * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
485 * lib/krb5/crypto.c (create_checksum): change so that `type == 0'
486 means pick from the `crypto' (context) and otherwise use that
487 type. this is not a large change in practice and allows callers
488 to specify the exact checksum algorithm to use
490 2001-03-13 Assar Westerlund <assar@sics.se>
492 * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
493 to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
494 integrity'. this helps for talking to old (pre 0.3d) KDCs
496 2001-03-12 Assar Westerlund <assar@pdc.kth.se>
498 * lib/krb5/crypto.c (krb5_derive_key): new function, used by
500 * lib/krb5/string-to-key-test.c: add new test vectors posted by
501 Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
503 * lib/krb5/n-fold-test.c: more test vectors from same source
504 * lib/krb5/derived-key-test.c: more tests from same source
506 2001-03-06 Assar Westerlund <assar@sics.se>
508 * acconfig.h: include roken_rename.h when appropriate
510 2001-03-06 Assar Westerlund <assar@sics.se>
512 * lib/krb5/krb5.h (krb5_enctype): remove trailing comma
514 2001-03-04 Assar Westerlund <assar@sics.se>
516 * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
517 compatibility with MIT krb5
519 2001-03-02 Assar Westerlund <assar@sics.se>
521 * kuser/kinit.c (main): only request a renewable ticket when
522 explicitly requested. it still gets a renewable one if the renew
524 * kuser/kinit.c (renew_validate): treat -1 as flags not being set
526 2001-02-28 Johan Danielsson <joda@pdc.kth.se>
528 * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
530 2001-02-27 Johan Danielsson <joda@pdc.kth.se>
532 * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
534 2001-02-25 Assar Westerlund <assar@sics.se>
536 * configure.in: do not use -R when testing for des functions
538 2001-02-14 Assar Westerlund <assar@sics.se>
540 * configure.in: test for lber.h when trying to link against
541 openldap to handle openldap v1, from Sumit Bose
544 2001-02-19 Assar Westerlund <assar@sics.se>
546 * lib/asn1/libasn1.h: add string.h (for memset)
548 2001-02-15 Assar Westerlund <assar@sics.se>
550 * lib/krb5/warn.c (_warnerr): add printf attributes
551 * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
552 returned by getaddrinfo before trying the next kdc. from
555 * lib/krb5/krb5.conf.5: fix default_realm in example
557 * kdc/connect.c: fix a few kdc_log format types
559 * configure.in: try to handle libdes/libcrypto ont requiring -L
561 2001-02-10 Assar Westerlund <assar@sics.se>
563 * lib/asn1/gen_decode.c (generate_type_decode): zero the data at
564 the beginning of the generated function, and add a label `fail'
565 that the code jumps to in case of errors that frees all allocated
568 2001-02-07 Assar Westerlund <assar@sics.se>
570 * configure.in: aix dce: fix misquotes, from Ake Sandgren
573 * configure.in (dpagaix_LDFLAGS): try to add export file
575 2001-02-05 Assar Westerlund <assar@sics.se>
577 * lib/krb5/krb5_keytab.3: new man page, contributed by
580 * kdc/kaserver.c: update to new db_fetch4
582 2001-02-05 Assar Westerlund <assar@assaris.sics.se>
586 2001-01-30 Assar Westerlund <assar@sics.se>
588 * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
590 (kdb_prop): decrypt key properly
591 * kdc/hprop.c: handle building with KRB4 always try to decrypt v4
592 data with the master key leave it up to the v5 how to encrypt with
595 * kdc/kstash.c: include file name in error messages
596 * kdc/hprop.c: fix a typo and check some more return values
597 * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
598 correctly. From Jacques Vidrine <n@nectar.com>
599 * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
602 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
604 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
605 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
606 * kdc/misc.c (db_fetch): return an error code. change callers to
607 look at this and try to print it in log messages
609 * lib/krb5/crypto.c (decrypt_internal_derived): check that there's
612 2001-01-29 Assar Westerlund <assar@sics.se>
614 * kdc/hprop.c (realm_buf): move it so it becomes properly
617 * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
618 hdb_unseal_keys, hdb_seal_keys): check that we have the correct
619 master key and that we manage to decrypt the key properly,
620 returning an error code. fix all callers to check return value.
622 * tools/krb5-config.in: use @LIB_des_appl@
623 * tools/Makefile.am (krb5-config): add LIB_des_appl
624 * configure.in (LIB_des): set correctly
625 (LIB_des_appl): add for the use by krb5-config.in
627 * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
628 to make sure of not dropping data when doing it over a socket.
629 (this might break when used with ordinary files on win32)
631 * lib/hdb/hdb_err.et (NO_MKEY): add
633 * kdc/kerberos5.c (as_rep): be paranoid and check
634 krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
636 * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
637 lib/krb5/krb5_auth_context.3: add new man pages, contributed by
640 * use the openssl api for md4/md5/sha and handle openssl/*.h
642 * kdc/kaserver.c (do_getticket): check length of ticket. noted by
645 2001-01-28 Assar Westerlund <assar@sics.se>
647 * configure.in: send -R instead of -rpath to libtool to set
648 runtime library paths
650 * lib/krb5/Makefile.am: remove all dependencies on libkrb
652 2001-01-27 Assar Westerlund <assar@sics.se>
654 * appl/rcp: add port of bsd rcp changed to use existing rsh,
655 contributed by Richard Nyberg <rnyberg@it.su.se>
657 2001-01-27 Johan Danielsson <joda@pdc.kth.se>
659 * lib/krb5/get_port.c: don't warn if the port name can't be found,
662 2001-01-26 Johan Danielsson <joda@pdc.kth.se>
664 * kdc/hprop.c: make it possible to convert a v4 dump file without
665 having any v4 libraries; the kdb backend still require them
667 * kdc/v4_dump.c: include shadow definition of kdb Principal, so we
668 don't have to depend on any v4 libraries
670 * kdc/hprop.h: include shadow definition of kdb Principal, so we
671 don't have to depend on any v4 libraries
673 * lib/hdb/print.c: reduce number of memory allocations
675 * lib/hdb/mkey.c: add support for reading krb4 /.k files
677 2001-01-19 Assar Westerlund <assar@sics.se>
679 * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
680 for realms document capath better
682 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
683 at kpasswd_server before admin_server
685 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
686 [libdefaults]capath for better hint of realm to send request to.
687 this allows the client to specify `realm routing information' in
688 case it cannot be done at the server (which is preferred)
690 * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
691 zero when we were expecting a sequence number. MIT krb5 cannot
692 generate a sequence number of zero, instead generating no sequence
694 * lib/krb5/rd_safe.c (krb5_rd_safe): dito
696 2001-01-11 Assar Westerlund <assar@sics.se>
698 * kpasswd/kpasswdd.c: add --port option
700 2001-01-10 Assar Westerlund <assar@sics.se>
702 * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
703 just before returning
705 2001-01-09 Assar Westerlund <assar@sics.se>
707 * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
709 2001-01-05 Johan Danielsson <joda@pdc.kth.se>
711 * kuser/kinit.c: call a time `time', and not `seconds'
713 * lib/krb5/init_creds.c: not much point in setting the anonymous
716 * lib/krb5/krb5_appdefault.3: document appdefault_time
718 2001-01-04 Johan Danielsson <joda@pdc.kth.se>
720 * lib/krb5/verify_user.c: use
721 krb5_get_init_creds_opt_set_default_flags
723 * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
725 * lib/krb5/init_creds.c: new function
726 krb5_get_init_creds_opt_set_default_flags to set options from
729 * lib/krb5/rd_cred.c: make this match the MIT function
731 * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
733 (krb5_appdefault_time): new function
735 2001-01-03 Assar Westerlund <assar@sics.se>
737 * kdc/hpropd.c (main): handle EOF when reading from stdin