(auth_init, Name): const-ify

[heimdal.git] / ChangeLog

2000-01-12  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos4.c (do_version4): check if preauth was required and
        bail-out if so since there's no way that could be done in v4.
        Return NULL_KEY as an error to the client (which is non-obvious,
        but what can you do?)

2000-01-09  Assar Westerlund  <assar@sics.se>

        * lib/krb5/principal.c (krb5_sname_to_principal): use
        krb5_expand_hostname_realms
        * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
        * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
        variant of krb5_expand_hostname that tries until it expands into
        something that's digestable by krb5_get_host_realm, returning also
        the result from that function.

2000-01-08  Assar Westerlund  <assar@sics.se>

        * Release 0.2m

2000-01-08  Assar Westerlund  <assar@sics.se>

        * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN

        * lib/krb5/Makefile.am: bump version to 7:1:0

        * lib/krb5/principal.c (krb5_sname_to_principal): use
        krb5_expand_hostname
        * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
        ai_canonname being set in any of the addresses returnedby
        getaddrinfo.  glibc apparently returns the reverse lookup of every
        address in ai_canonname.

2000-01-06  Assar Westerlund  <assar@sics.se>

        * Release 0.2l

2000-01-06  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: set version to 7:0:0
        * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'

        * lib/hdb/Makefile.am: set version to 4:1:1

        * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
        * lib/krb5/get_in_tkt.c (add_padata): change types to make
        everything work out
        (krb5_get_in_cred): remove const to make types match
        * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
        * lib/krb5/principal.c (krb5_sname_to_principal): handle not
        getting back a canonname

2000-01-06  Assar Westerlund  <assar@sics.se>

        * Release 0.2k

2000-01-06  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
        we actually parse the port number.  based on a patch from Leif
        Johansson <leifj@it.su.se>

2000-01-02  Assar Westerlund  <assar@sics.se>

        * admin/purge.c: remove all non-current and old entries from a
        keytab

        * admin: break up ktutil.c into files

        * admin/ktutil.c (list): support --verbose (also listning time
        stamps)
        (kt_add, kt_get): set timestamp in newly created entries
        (kt_change): add `change' command

        * admin/srvconvert.c (srvconv): set timestamp in newly created
        entries
        * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
        always go the a predicatble position on error
        * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
        * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
        (fkt_next_entry_int): return timestamp
        * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp

1999-12-30  Assar Westerlund  <assar@sics.se>

        * configure.in (krb4): use `-ldes' in tests

1999-12-26  Assar Westerlund  <assar@sics.se>

        * lib/hdb/print.c (event2string): handle events without principal.
        From Luke Howard <lukeh@PADL.COM>

1999-12-25  Assar Westerlund  <assar@sics.se>

        * Release 0.2j

Tue Dec 21 18:03:17 1999  Assar Westerlund  <assar@sics.se>

        * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
        related systems

        * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
        related systems

        * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
        related systems

1999-12-20  Assar Westerlund  <assar@sics.se>

        * Release 0.2i

1999-12-20  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1

        * lib/krb5/send_to_kdc.c (send_via_proxy): free data
        * lib/krb5/send_to_kdc.c (send_via_proxy): new function use
        getaddrinfo instead of gethostbyname{,2}
        * lib/krb5/get_for_creds.c: use getaddrinfo instead of
        getnodebyname{,2}

1999-12-17  Assar Westerlund  <assar@sics.se>

        * Release 0.2h

1999-12-17  Assar Westerlund  <assar@sics.se>

        * Release 0.2g

1999-12-16  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: bump version to 6:2:1

        * lib/krb5/principal.c (krb5_sname_to_principal): handle
        ai_canonname not being set
        * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
        ai_canonname not being set

        * appl/test/uu_server.c: print messages to stderr
        * appl/test/tcp_server.c: print messages to stderr
        * appl/test/nt_gss_server.c: print messages to stderr
        * appl/test/gssapi_server.c: print messages to stderr

        * appl/test/tcp_client.c (proto): remove shadowing `context'
        * appl/test/common.c (client_doit): add forgotten ntohs

1999-12-13  Assar Westerlund  <assar@sics.se>

        * configure.in (VERISON): bump to 0.2g-pre

1999-12-12  Assar Westerlund  <assar@sics.se>

        * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
        robust and handle extra dot at the beginning of default_domain

1999-12-12  Assar Westerlund  <assar@sics.se>

        * Release 0.2f

1999-12-12  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: bump version to 6:1:1
        
        * lib/krb5/changepw.c (get_kdc_address): use
        `krb5_get_krb_changepw_hst'

        * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add

        * lib/krb5/get_host_realm.c: add support for _kerberos.domain
        (according to draft-ietf-cat-krb-dns-locate-01.txt)

1999-12-06  Assar Westerlund  <assar@sics.se>

        * Release 0.2e

1999-12-06  Assar Westerlund  <assar@sics.se>

        * lib/krb5/changepw.c (krb5_change_password): use the correct
        address

        * lib/krb5/Makefile.am: bump version to 6:0:1

        * lib/asn1/Makefile.am: bump version to 1:4:0

1999-12-04  Assar Westerlund  <assar@sics.se>

        * configure.in: move AC_KRB_IPv6 to make sure it's performed
        before AC_BROKEN
        (el_init): use new feature of AC_FIND_FUNC_NO_LIBS

        * appl/test/uu_client.c: use client_doit
        * appl/test/test_locl.h (client_doit): add prototype
        * appl/test/tcp_client.c: use client_doit
        * appl/test/nt_gss_client.c: use client_doit
        * appl/test/gssapi_client.c: use client_doit
        * appl/test/common.c (client_doit): move identical code here and
        start using getaddrinfo

        * appl/kf/kf.c (doit): rewrite to use getaddrinfo
        * kdc/hprop.c: re-write to use getaddrinfo
        * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
        * lib/krb5/expand_hostname.c (krb5_expand_hostname): use
        getaddrinfo
        * lib/krb5/changepw.c: re-write to use getaddrinfo
        * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo

1999-12-03  Assar Westerlund  <assar@sics.se>

        * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
        getnameinfo, gai_strerror
        (socklen_t): check for

1999-11-23  Assar Westerlund  <assar@sics.se>

        * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
        within unicode characters.  this should probably be done in some
        arbitrarly complex way to do it properly and you would have to
        know what character encoding was used for the password and salt
        string.

        * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
        (INADDR_ANY)
        (ipv6_uninteresting): remove unused macro

1999-11-22  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/krb5.h: rc4->arcfour

        * lib/krb5/crypto.c: rc4->arcfour

1999-11-17  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5_locl.h: add <rc4.h>
        * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
        * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
        not be totally different from some small company up in the
        north-west corner of the US

        * lib/krb5/get_addrs.c (find_all_addresses): change code to
        actually increment buf_size

1999-11-14  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
        * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
        scanning optional
        * lib/krb5/context.c (init_context_from_config_file): set
        `scan_interfaces'

        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
        * lib/krb5/add_et_list.c (krb5_add_et_list): new function

1999-11-12  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_default_realm.c (krb5_get_default_realm,
        krb5_get_default_realms): set realms if they were unset
        * lib/krb5/context.c (init_context_from_config_file): don't
        initialize default realms here.  it's done lazily instead.
        
        * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
        * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
        bit constants are unsigned
        * lib/asn1/gen.c (define_type): make length in sequences be
        unsigned.

        * configure.in: remove duplicate test for setsockopt test for
        struct tm.tm_isdst

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
        preauthentication information if we get back ERR_PREAUTH_REQUIRED
        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
        preauthentication generation code.  it's now in krb5_get_in_cred
        
        * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
        tm.tm_gmtoff and timezone
        
1999-11-11  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/main.c: make this work with multi-db

        * kdc/kdc_locl.h: make this work with multi-db

        * kdc/config.c: make this work with multi-db

1999-11-09  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/misc.c: update for multi-database code

        * kdc/main.c: update for multi-database code

        * kdc/kdc_locl.h: update

        * kdc/config.c: allow us to have more than one database

1999-11-04  Assar Westerlund  <assar@sics.se>

        * Release 0.2d

        * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
        (krb5_context_data has changed and some code do (might) access
        fields directly)

        * lib/krb5/krb5.h (krb5_context_data): add `etypes_des'

        * lib/krb5/get_cred.c (init_tgs_req): use
        krb5_keytype_to_enctypes_default

        * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
        function

        * lib/krb5/context.c (set_etypes): new function
        (init_context_from_config_file): set both `etypes' and `etypes_des'

1999-11-02  Assar Westerlund  <assar@sics.se>

        * configure.in (VERSION): bump to 0.2d-pre

1999-10-29  Assar Westerlund  <assar@sics.se>

        * lib/krb5/principal.c (krb5_parse_name): check memory allocations

1999-10-28  Assar Westerlund  <assar@sics.se>

        * Release 0.2c

        * lib/krb5/dump_config.c (print_tree): check for empty tree

        * lib/krb5/string-to-key-test.c (tests): update the test cases
        with empty principals so that they actually use an empty realm and
        not the default.  use the correct etype for 3DES

        * lib/krb5/Makefile.am: bump version to 4:1:0

        * kdc/config.c (configure): more careful with the port string

1999-10-26  Assar Westerlund  <assar@sics.se>

        * Release 0.2b

1999-10-20  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: bump version to 4:0:0
        (krb524_convert_creds_kdc and potentially some other functions
        have changed prototypes)

        * lib/hdb/Makefile.am: bump version to 4:0:1

        * lib/asn1/Makefile.am: bump version to 1:3:0

        * configure.in (LIB_roken): add dbopen.  getcap in roken
        references dbopen and with shared libraries we need to add this
        dependency.

        * lib/krb5/verify_krb5_conf.c (main): support speicifying the
        configuration file to test on the command line

        * lib/krb5/config_file.c (parse_binding): handle line with no
        whitespace before =
        (krb5_config_parse_file_debug): set lineno earlier so that we don't
        use it unitialized

        * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
        more include files for these tests

        * lib/krb5/set_default_realm.c (krb5_set_default_realm): use
        krb5_config_get_strings, which means that your configuration file
        should look like:
        
        [libdefaults]
          default_realm = realm1 realm2 realm3

        * lib/krb5/set_default_realm.c (config_binding_to_list): fix
        copy-o.  From Michal Vocu <michal@karlin.mff.cuni.cz>

        * kdc/config.c (configure): add a missing strdup.  From Michal
        Vocu <michal@karlin.mff.cuni.cz>

1999-10-17  Assar Westerlund  <assar@sics.se>

        * Release 0.2a

        * configure.in: only test for db.h with using berkeley_db. remember
        to link with LIB_tgetent when checking for el_init. add xnlock

        * appl/Makefile.am: add xnlock

        * kdc/kerberos5.c (find_etype): support null keys

        * kdc/kerberos4.c (get_des_key): support null keys

        * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
        calculation

1999-10-16  Johan Danielsson  <joda@pdc.kth.se>

        * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc

1999-10-12  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning

1999-10-10  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm

        * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const

        * lib/krb5/crypto.c (krb5_string_to_salttype): new function

        * **/*.[ch]: const-ize

1999-10-06  Assar Westerlund  <assar@sics.se>
        
        * lib/krb5/creds.c (krb5_compare_creds): const-ify
        
        * lib/krb5/cache.c: clean-up and comment-up

        * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
        strings

        * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
        correct realm part

        * kdc/connect.c (handle_tcp): things work much better when ret is
        initialized

1999-10-03  Assar Westerlund  <assar@sics.se>

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
        type of the session key

        * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
        correctly

        * lib/krb5/creds.c (krb5_compare_creds): fix spelling of
        krb5_enctypes_compatible_keys

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
        credentials from the KDC if the existing one doesn't have a DES
        session key.

        * lib/45/get_ad_tkt.c (get_ad_tkt): update to new
        krb524_convert_creds_kdc

1999-10-03  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const

        * lib/krb5/keytab_memory.c: make krb5_mkt_ops const

        * lib/krb5/keytab_file.c: make krb5_fkt_ops const

1999-10-01  Assar Westerlund  <assar@sics.se>

        * lib/krb5/config_file.c: rewritten to allow error messages

        * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
        (libkrb5_la_SOURCES): add config_file_netinfo.c

        * lib/krb5/verify_krb5_conf.c: new program for verifying that
        krb5.conf is corret

        * lib/krb5/config_file_netinfo.c: moved netinfo code here from
        config_file.c

1999-09-28  Assar Westerlund  <assar@sics.se>

        * kdc/hpropd.c (dump_krb4): kludge default_realm

        * lib/asn1/check-der.c: add test cases for Generalized time and
        make sure we return the correct value

        * lib/asn1/der_put.c: simplify by using der_put_length_and_tag

        * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
        krb5_verify_user that tries in all the local realms

        * lib/krb5/set_default_realm.c: add support for having several
        default realms

        * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'

        * lib/krb5/get_default_realm.c (krb5_get_default_realms): add

        * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
        `default_realms'

        * lib/krb5/context.c: change from `default_realm' to
        `default_realms'

        * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
        krb5_get_default_realms

        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c

        * lib/krb5/copy_host_realm.c: new file

1999-09-27  Johan Danielsson  <joda@pdc.kth.se>

        * lib/asn1/der_put.c (encode_generalized_time): encode length

        * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
        that allows more intelligent matching of the application version

1999-09-26  Assar Westerlund  <assar@sics.se>

        * lib/asn1/asn1_print.c: add err.h

        * kdc/config.c (configure): use parse_bytes

        * appl/test/nt_gss_common.c: use the correct header file

1999-09-24  Johan Danielsson  <joda@pdc.kth.se>

        * kuser/klist.c: add a `--cache' flag

        * kuser/kinit.c (main): only get default value for `get_v4_tgt' if
        it's explicitly set in krb5.conf

1999-09-23  Assar Westerlund  <assar@sics.se>

        * lib/asn1/asn1_print.c (tag_names); add another univeral tag

        * lib/asn1/der.h: update universal tags

1999-09-22  Assar Westerlund  <assar@sics.se>

        * lib/asn1/asn1_print.c (loop): print length of octet string

1999-09-21  Johan Danielsson  <joda@pdc.kth.se>

        * admin/ktutil.c (kt_get): add `--help'

1999-09-21  Assar Westerlund  <assar@sics.se>

        * kuser/Makefile.am: add kdecode_ticket

        * kuser/kdecode_ticket.c: new debug program

        * appl/test/nt_gss_server.c: new program to test against `Sample *
        SSPI Code' in Windows 2000 RC1 SDK.

        * appl/test/Makefile.am: add nt_gss_client and nt_gss_server

        * lib/asn1/der_get.c (decode_general_string): remember to advance
        ret over the length-len

        * lib/asn1/Makefile.am: add asn1_print

        * lib/asn1/asn1_print.c: new program for printing DER-structures

        * lib/asn1/der_put.c: make functions more consistent

        * lib/asn1/der_get.c: make functions more consistent

1999-09-20  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/kerberos5.c: be more informative in pa-data error messages

1999-09-16  Assar Westerlund  <assar@sics.se>

        * configure.in: test for strlcpy, strlcat

1999-09-14  Assar Westerlund  <assar@sics.se>

        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
        KRB5_LIBOS_PWDINTR when interrupted

        * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
        value from des_read_pw_string

        * kuser/kinit.c (main): don't print any error if reading the
        password was interrupted

        * kpasswd/kpasswd.c (main): don't print any error if reading the
        password was interrupted

        * kdc/string2key.c (main): check the return value from fgets

        * kdc/kstash.c (main): check return value from des_read_pw_string

        * admin/ktutil.c (kt_add): check the return-value from fgets and
        overwrite the password for paranoid reasons

        * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
        newline if it's there

1999-09-13  Assar Westerlund  <assar@sics.se>

        * kdc/hpropd.c (main): remove bogus error with `--print'.  remove
        sysloging of number of principals transferred

        * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
        principals
        (main): get rid of bogus opening of hdb database when propagating
        ka-server database

1999-09-12  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition

        * lib/krb5/krb5.h (krb5_context_data): add keytab types

        * configure.in: revert back awk test, not worked around in
        roken.awk

        * lib/krb5/keytab_krb4.c: remove O_BINARY

        * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's.  From
        Love <lha@e.kth.se>

        * lib/krb5/keytab_file.c: remove O_BINARY

        * lib/krb5/keytab.c: move the list of keytab types to the context

        * lib/krb5/fcache.c: remove O_BINARY

        * lib/krb5/context.c (init_context_from_config_file): register all
        standard cache and keytab types
        (krb5_free_context): free `kt_types'

        * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
        standard types of credential caches to context

        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c

1999-09-10  Assar Westerlund  <assar@sics.se>

        * lib/krb5/keytab.c: add comments and clean-up

        * admin/ktutil.c: add `ktutil copy'

        * lib/krb5/keytab_krb4.c: new file

        * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field

        * lib/krb5/Makefile.am: add keytab_krb4.c

        * lib/krb5/keytab.c: add krb4 and correct some if's

        * admin/srvconvert.c (srvconv): move common code

        * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables

        * lib/krb5/keytab.c: move out file and memory functions

        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
        keytab_memory.c

        * lib/krb5/keytab_memory.c: new file

        * lib/krb5/keytab_file.c: new file

        * kpasswd/kpasswdd.c: move out password quality functions

1999-09-07  Assar Westerlund  <assar@sics.se>

        * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c.  From
        Love <lha@e.kth.se>

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
        return value from `krb5_sendto_kdc'

1999-09-06  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
        remove the sending of data.  add a parameter `limit'.  let callers
        send the date themselves (and preferably with net_write on tcp
        sockets)
        (send_and_recv_tcp): read first the length field and then only that
        many bytes

1999-09-05  Assar Westerlund  <assar@sics.se>

        * kdc/connect.c (handle_tcp): try to print warning `TCP data of
        strange type' less often

        * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
        return on EOF.  always free data.  check return value from
        realloc.
        (send_and_recv_tcp, send_and_recv_http): check advertised length
        against actual length

1999-09-01  Johan Danielsson  <joda@pdc.kth.se>

        * configure.in: check for sgi capabilities

1999-08-27  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
        extra addresses

        * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
        add --realm flag

        * lib/krb5/address.c (krb5_append_addresses): remove duplicates

1999-08-26  Johan Danielsson  <joda@pdc.kth.se>

        * lib/hdb/keytab.c: HDB keytab backend

1999-08-25  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/keytab.c
        (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
        pointer

1999-08-24  Johan Danielsson  <joda@pdc.kth.se>

        * kpasswd/kpasswdd.c: add `--keytab' flag

1999-08-23  Assar Westerlund  <assar@sics.se>

        * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
        instead of the non-standard `s6_addr32'.  From Yoshinobu Inoue
        <shin@kame.net> by way of the KAME repository

1999-08-18  Assar Westerlund  <assar@sics.se>

        * configure.in (--enable-new-des3-code): remove check for `struct
        addrinfo'

        * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
        des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
        compatability

        * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
        derivation) just got assigned etype 16 by <bcn@isi.edu>.  keep the
        old etype at 7.

1999-08-16  Assar Westerlund  <assar@sics.se>

        * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
        krb5_net_read actually returns -1

        * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
        krb5_net_read actually returns -1

        * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
        returned -1

        * appl/test/tcp_server.c (proto): only trust errno if
        krb5_net_read actually returns -1

        * appl/kf/kfd.c (proto): be more careful with the return value
        from krb5_net_read

1999-08-13  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_addrs.c (get_addrs_int): try the different ways
        sequentially instead of just one.  this helps if your heimdal was
        built with v6-support but your kernel doesn't have it, for
        example.

1999-08-12  Assar Westerlund  <assar@sics.se>

        * kdc/hpropd.c: add inetd flag.  default means try to figure out
        if stdin is a socket or not.

        * Makefile.am (ACLOCAL): just use `cf', this variable is only used
        when the current directory is $(top_srcdir) anyways and having
        $(top_srcdir) there breaks if it's a relative path

1999-08-09  Johan Danielsson  <joda@pdc.kth.se>

        * configure.in: check for setproctitle

1999-08-05  Assar Westerlund  <assar@sics.se>

        * lib/krb5/principal.c (krb5_sname_to_principal): remember to call
        freehostent

        * appl/test/tcp_client.c: call freehostent

        * appl/kf/kf.c (doit): call freehostent

        * appl/kf/kf.c: make v6 friendly and simplify

        * appl/kf/kfd.c: make v6 friendly and simplify

        * appl/test/tcp_server.c: simplify by using krb5_err instead of
        errx
        
        * appl/test/tcp_client.c: simplify by using krb5_err instead of
        errx

        * appl/test/tcp_server.c: make v6 friendly and simplify

        * appl/test/tcp_client.c: make v6 friendly and simplify

1999-08-04  Assar Westerlund  <assar@sics.se>

        * Release 0.1m

1999-08-04  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.c (main): some more KRB4-conditionalizing

        * lib/krb5/get_in_tkt.c: type correctness

        * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
        flags.  From Miroslav Ruda <ruda@ics.muni.cz>

        * kuser/kinit.c (main): add config file support for forwardable
        and krb4 support.  From Miroslav Ruda <ruda@ics.muni.cz>

        * kdc/kerberos5.c (as_rep): add an empty X500-compress string as
        transited.
        (fix_transited_encoding): check length.
        From Miroslav Ruda <ruda@ics.muni.cz>

        * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
        principals in some other realm. From Miroslav Ruda
        <ruda@ics.muni.cz>
        (main): rename sa_len -> sin_len, sa_lan is a define on some
        platforms.

        * appl/kf/kfd.c: add regpag support. From Miroslav Ruda
        <ruda@ics.muni.cz>

        * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
        From Miroslav Ruda <ruda@ics.muni.cz>

        * lib/krb5/config_file.c (parse_list): don't run past end of line

        * appl/test/gss_common.h: new prototypes

        * appl/test/gssapi_client.c: use gss_err instead of abort

        * appl/test/gss_common.c (gss_verr, gss_err): add

1999-08-03  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
        otherwise it doesn't build with shared libraries

        * kdc/hpropd.c: v6-ify

        * kdc/hprop.c: v6-ify

1999-08-01  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname

1999-07-31  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
        function that takes a FQDN

        * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c

        * lib/krb5/expand_hostname.c: new file

1999-07-28  Assar Westerlund  <assar@sics.se>

        * Release 0.1l

1999-07-28  Assar Westerlund  <assar@sics.se>

        * lib/asn1/Makefile.am: bump version to 1:2:0

        * lib/krb5/Makefile.am: bump version to 3:1:0

        * configure.in: more inet_pton to roken

        * lib/krb5/principal.c (krb5_sname_to_principal): use
        getipnodebyname

1999-07-26  Assar Westerlund  <assar@sics.se>

        * Release 0.1k

1999-07-26  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/Makefile.am: bump version number (changed function
        signatures)

        * lib/hdb/Makefile.am: bump version number (changes to some
        function signatures)

1999-07-26  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: bump version to 3:0:2

        * lib/hdb/Makefile.am: bump version to 2:1:0

        * lib/asn1/Makefile.am: bump version to 1:1:0

1999-07-26  Assar Westerlund  <assar@sics.se>

        * Release 0.1j

1999-07-26  Assar Westerlund  <assar@sics.se>

        * configure.in: rokenize inet_ntop

        * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
        
        * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
        
        * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
        
        * lib/krb5/store.c: lots of changes from size_t to ssize_t
        (krb5_ret_stringz): check return value from realloc

        * lib/krb5/mk_safe.c: some type correctness
        
        * lib/krb5/mk_priv.c: some type correctness
        
        * lib/krb5/krb5.h (krb5_storage): change return values of
        functions from size_t to ssize_t
        
1999-07-24  Assar Westerlund  <assar@sics.se>

        * Release 0.1i

        * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
        in lib/roken/roken.awk

        * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
        step over addresses if there's no `sa_lan' field

        * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
        using `struct sockaddr_storage'

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
        `struct sockaddr_storage'

        * lib/krb5/changepw.c (krb5_change_password): simplify by using
        `struct sockaddr_storage'

        * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
        simplify by using `struct sockaddr_storage'

        * kpasswd/kpasswdd.c (*): simplify by using `struct
        sockaddr_storage'

        * kdc/connect.c (*): simplify by using `struct sockaddr_storage'

        * configure.in (sa_family_t): just test for existence
        (sockaddr_storage): also specify include file

        * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
        (sa_family_t): test for
        (struct sockaddr_storage): test for

        * kdc/hprop.c (propagate_database): typo, NULL should be
        auth_context

        * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
        AF_INET6

        * appl/kf/kf.c (main): use warnx

        * appl/kf/kf.c (proto): remove shadowing context

        * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
        case of getting back an `sockaddr_in6' address when sizeof(struct
        sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
        tell us how large the address is.  This obviously doesn't work
        with unknown protocol types.

1999-07-24  Assar Westerlund  <assar@sics.se>

        * Release 0.1h

1999-07-23  Assar Westerlund  <assar@sics.se>

        * appl/kf/kfd.c: clean-up and more paranoia

        * etc/services.append: add kf

        * appl/kf/kf.c: rename tk_file to ccache for consistency.  clean-up

1999-07-22  Assar Westerlund  <assar@sics.se>

        * lib/krb5/n-fold-test.c (main): print the correct data

        * appl/Makefile.am (SUBDIRS): add kf

        * appl/kf: new program.  From Miroslav Ruda <ruda@ics.muni.cz>

        * kdc/hprop.c: declare some variables unconditionally to simplify
        things

        * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
        (otherwise the modifier in the database doesn't get set)

        * kdc/hpropd.c: clean-up and re-organize

        * kdc/hprop.c: clean-up and re-organize

        * configure.in (SunOS): define to xy for SunOS x.y

1999-07-19  Assar Westerlund  <assar@sics.se>

        * configure.in (AC_BROKEN): test for copyhostent, freehostent,
        getipnodebyaddr, getipnodebyname

1999-07-15  Assar Westerlund  <assar@sics.se>

        * lib/asn1/check-der.c: more test cases for integers

        * lib/asn1/der_length.c (length_int): handle the case of the
        largest negative integer by not calling abs

1999-07-14  Assar Westerlund  <assar@sics.se>

        * lib/asn1/check-der.c (generic_test): check malloc return value
        properly

        * lib/krb5/Makefile.am: add string_to_key_test

        * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
        the context

        * lib/krb5/n-fold-test.c (main): return a relevant return value

        * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
        some clean-up.

1999-07-12  Assar Westerlund  <assar@sics.se>

        * configure.in: handle not building X programs

1999-07-06  Assar Westerlund  <assar@sics.se>

        * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
        variable
        (ipv6_sockaddr2port): fix typo

        * etc/services.append: beginning of a file with services

        * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
        there's no prefix.  also clean-up a little bit.

        * kdc/hprop.c (--kaspecials): new flag for handling special KA
        server entries.  From "Brandon S. Allbery KF8NH"
        <allbery@kf8nh.apk.net>

1999-07-05  Assar Westerlund  <assar@sics.se>

        * kdc/connect.c (handle_tcp): make sure we have data before
        starting to look for HTTP

        * kdc/connect.c (handle_tcp): always do getpeername, we can't
        trust recvfrom to return anything sensible

1999-07-04  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
        all enctypes

        * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry

        * admin/srvconvert.c (srvconv): better error messages

1999-07-03  Assar Westerlund  <assar@sics.se>

        * lib/krb5/principal.c (unparse_name): error check malloc properly

        * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
        properly

        * lib/krb5/crypto.c (*): do some malloc return-value checks
        properly

        * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
        krb5_data_alloc

        * lib/hdb/hdb.c (hdb_process_master_key): check return value from
        malloc

        * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
        information for TSequenceOf.

        * kdc/kerberos5.c (get_pa_etype_info): check return value from
        malloc

1999-07-02  Assar Westerlund  <assar@sics.se>

        * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
        0 and malloc returns NULL

1999-06-29  Assar Westerlund  <assar@sics.se>

        * lib/krb5/addr_families.c (ipv6_parse_addr): implement

1999-06-24  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
        as an addrport one

        * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
        add
        (krb5_auth_context): add local and remote port

        * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
        local and remote address and add them to the krb-cred packet

        * lib/krb5/auth_context.c: save the local and remove ports in the
        auth_context

        * lib/krb5/address.c (krb5_make_addrport): create an address of
        type KRB5_ADDRESS_ADDRPORT from (addr, port)

        * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
        grabbing the port number out of the sockaddr

1999-06-23  Assar Westerlund  <assar@sics.se>

        * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
        increase possible verbosity.

        * lib/krb5/config_file.c (parse_list): handle blank lines at
        another place
        
        * kdc/connect.c (add_port_string): don't return a value

        * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
        cache if the principals are different.  close and NULL the old one
        so that we create a new one.

        * configure.in: move around cgywin et al
        (LIB_kdb): set at the end of krb4-block
        (krb4): test for krb_enable_debug and krb_disable_debug

1999-06-16  Assar Westerlund  <assar@sics.se>

        * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
        destruction of the v5 one fails

        * lib/krb5/crypto.c (DES3_postproc): new version that does the
        right thing
        (*): don't put and recover length in 3DES encoding
        other small fixes

1999-06-15  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_default_principal.c: rewrite to use
        get_default_username

        * lib/krb5/Makefile.am: add n-fold-test

        * kdc/connect.c: add fallbacks for all lookups by service name
        (handle_tcp): break-up and clean-up

1999-06-09  Assar Westerlund  <assar@sics.se>

        * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
        the loopback address as uninteresting

        * lib/krb5/get_addrs.c: new magic flag to get loopback address if
        there are no other addresses.
        (krb5_get_all_client_addrs): use that flag

1999-06-04  Assar Westerlund  <assar@sics.se>

        * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
        length
        (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
        (encrypt_internal_derived): don't include the length and don't
        decrease by the checksum size twice
        (_get_derived_key): the constant should be 5 bytes

1999-06-02  Johan Danielsson  <joda@pdc.kth.se>

        * configure.in: use KRB_CHECK_X
        
        * configure.in: check for netinet/ip.h
        
1999-05-31  Assar Westerlund  <assar@sics.se>

        * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
        on RTLD_NOW

1999-05-23  Assar Westerlund  <assar@sics.se>

        * appl/test/uu_server.c: removed unused stuff

        * appl/test/uu_client.c: removed unused stuff

1999-05-21  Assar Westerlund  <assar@sics.se>

        * kuser/kgetcred.c (main): correct error message

        * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
        directly, avoiding redundant lookups and memory leaks

        * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
        local and remote addresses

        * lib/krb5/get_default_principal.c (get_logname): also try
        $USERNAME
        
        * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)

        * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
        have a libresolv (currently by checking for res_search)

1999-05-18  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/connect.c (handle_tcp): remove %-escapes in request

1999-05-14  Assar Westerlund  <assar@sics.se>

        * Release 0.1g

        * admin/ktutil.c (kt_remove): -t should be -e

        * configure.in (CHECK_NETINET_IP_AND_TCP): use

        * kdc/hpropd.c: support for dumping to krb4.  From Miroslav Ruda
        <ruda@ics.muni.cz>

        * admin/ktutil.c (kt_add): new option `--no-salt'.  From Miroslav
        Ruda <ruda@ics.muni.cz>

        * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
        and innetgr with roken versions

        * kuser/kgetcred.c: new program

Tue May 11 14:09:33 1999  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/mcache.c: fix paste-o
        
1999-05-10  Johan Danielsson  <joda@pdc.kth.se>

        * configure.in: don't use uname

1999-05-10  Assar Westerlund  <assar@sics.se>

        * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
        arguments :-)

        * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
        
        * appl/test/tcp_server.c (setsockopt): cast to get rid of a
        warning

        * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
        == NULL

        * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
        warning

        * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
        setting the default ccache.

        * configure.in (getsockopt, setsockopt): test for
        (AM_INIT_AUTOMAKE): bump version to 0.1g

        * appl/Makefile.am (SUBDIRS): add kx
        
        * lib/hdb/convert_db.c (main): handle the case of no master key
        
1999-05-09  Assar Westerlund  <assar@sics.se>

        * Release 0.1f

        * kuser/kinit.c: add --noaddresses
        
        * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
        empty sit of list as to not ask for any addresses.
        
1999-05-08  Assar Westerlund  <assar@sics.se>

        * acconfig.h (_GNU_SOURCE): define this to enable (used)
        extensions on glibc-based systems such as linux

1999-05-03  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
        `*out_creds' properly

        * lib/krb5/creds.c (krb5_compare_creds): just verify that the
        keytypes/enctypes are compatible, not that they are the same

        * kuser/kdestroy.c (cache): const-correctness

1999-05-03  Johan Danielsson  <joda@pdc.kth.se>

        * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
        version

        * lib/hdb/convert_db.c: add support for upgrading database
        versions

        * kdc/misc.c: add flags to fetch

        * kdc/kstash.c: unlink keyfile on failure, chmod to 400

        * kdc/hpropd.c: add --print option

        * kdc/hprop.c: pass flags to hdb_foreach

        * lib/hdb/convert_db.c: add some flags

        * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
        build prototype headers
        
        * lib/hdb/hdb_locl.h: update prototypes

        * lib/hdb/print.c: move printable version of entry from kadmin

        * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
        sealed or not; add flags to hdb_foreach

        * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
        NDBM_nextkey

        * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey

        * lib/hdb/common.c: add flags to _hdb_{fetch,store}

        * lib/hdb/hdb.h: add master_key_version to struct hdb, update
        prototypes

        * lib/hdb/hdb.asn1: make mkvno optional, update version to 2

        * configure.in: --enable-netinfo

        * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO

        * config.sub: fix for crays

        * config.guess: new version from automake 1.4
        
        * config.sub: new version from automake 1.4

Wed Apr 28 00:21:17 1999  Assar Westerlund  <assar@sics.se>

        * Release 0.1e

        * lib/krb5/mcache.c (mcc_get_next): get the current cursor
        correctly

        * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
        From Ake Sandgren <ake@cs.umu.se>

1999-04-27  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/kerberos5.c: fix arguments to decrypt_ticket
        
1999-04-25  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
        DCE secd's that are not able to handle MD5 checksums by defaulting
        to MD4 if the keytype was DES-CBC-CRC
        
        * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
        
        * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
        `cksumtype'

        * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
        secd
        (init_tgs_req): add all supported enctypes for the keytype in
        `in_creds->session.keytype' if it's set

        * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
        encryption types
        (do_checksum): new function
        (verify_checksum): take the checksum to use from the checksum message
        and not from the crypto struct
        (etypes): add F_PSEUDO flags
        (krb5_keytype_to_enctypes): new function

        * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
        and cksumtype
        (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
        (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
        (krb5_auth_setenctype): comment out, it's rather bogus anyway

Sun Apr 25 16:55:50 1999  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/krb5_locl.h: fix for stupid aix warnings

        * lib/krb5/fcache.c (erase_file): don't malloc
        
Sat Apr 24 18:35:21 1999  Johan Danielsson  <joda@pdc.kth.se>

        * kdc/config.c: pass context to krb5_config_file_free

        * kuser/kinit.c: add `--fcache-version' to set cache version to
        create

        * kuser/klist.c: print cache version if verbose

        * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort

        * lib/krb5/principal.c: abort -> krb5_abortx

        * lib/krb5/mk_rep.c: abort -> krb5_abortx

        * lib/krb5/config_file.c: abort -> krb5_abortx

        * lib/krb5/context.c (init_context_from_config_file): init
        fcache_version; add krb5_{get,set}_fcache_version

        * lib/krb5/keytab.c: add support for reading (and writing?) old
        version keytabs

        * lib/krb5/cache.c: add krb5_cc_get_version

        * lib/krb5/fcache.c: add support for reading and writing old
        version cache files

        * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags

        * lib/krb5/store_emem.c (krb5_storage_emem): zero flags

        * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags

        * lib/krb5/store.c: add flags to change how various fields are
        stored, used for old cache version support
        
        * lib/krb5/krb5.h: add support for reading and writing old version
        cache files, and keytabs
        
Wed Apr 21 00:09:26 1999  Assar Westerlund  <assar@sics.se>

        * configure.in: fix test for readline.h remember to link with
        $LIB_tgetent when trying linking with readline

        * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
        is given, request a postdated ticket.

        * lib/krb5/data.c (krb5_data_free): free data as long as it's not
        NULL

Tue Apr 20 20:18:14 1999  Assar Westerlund  <assar@sics.se>

        * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen

        * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add

        * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
        KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
        invalid

Tue Apr 20 12:42:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * kpasswd/kpasswdd.c: don't try to load library by default; get
        library and function name from krb5.conf

        * kpasswd/sample_passwd_check.c: sample password checking
        functions

Mon Apr 19 22:22:19 1999  Assar Westerlund  <assar@sics.se>

        * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
        krb5_data_alloc and be careful with checking allocation and sizes.

        * kuser/klist.c (--tokens): conditionalize on KRB4

        * kuser/kinit.c (renew_validate): set all flags
        (main): fix cut-n-paste error when setting start-time

        * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
        ticket should be > than current time
        (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket

        * kuser/kinit.c (renew_validate): use the client realm instead of
        the local realm when renewing tickets.

        * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
        (krb5_get_forwarded_creds): correct freeing of out_creds

        * kuser/kinit.c (renew_validate): hopefully fix up freeing of
        memory

        * configure.in: do all the krb4 tests with "$krb4" != "no"

        * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
        keyvalue if it's NULL.  noticed by Ake Sandgren <ake@cs.umu.se>

        * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
        instead of just taking the first one.  fix all callers.  From
        "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

        * kdc/kdc_locl.h (enable_kaserver): declaration
        
        * kdc/hprop.c (ka_convert): print the failing principal.  AFS 3.4a
        creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around.  From
        "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

        * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning

        * kdc/connect.c (add_standard_ports, process_request): look at
        enable_kaserver.  From "Brandon S. Allbery KF8NH"
        <allbery@kf8nh.apk.net>

        * kdc/config.c: new flag --kaserver and config file option
        enable-kaserver.  From "Brandon S. Allbery KF8NH"
        <allbery@kf8nh.apk.net>

Mon Apr 19 12:32:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: check for dlopen, and dlfcn.h

        * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
        check library

        * configure.in: add appl/su

Sun Apr 18 15:46:53 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
        cache

Fri Apr 16 17:58:51 1999  Assar Westerlund  <assar@sics.se>

        * configure.in: LIB_kdb: -L should be before -lkdb
        test for prototype of strsep
        
Thu Apr 15 11:34:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/Makefile.am: update version

        * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
        ALLOC_SEQ

        * lib/krb5/fcache.c: add some support for reading and writing old
        cache formats;
        (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
        krb5_ret_creds

        * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
        initialize host_byteorder

        * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
        host_byteorder

        * lib/krb5/store_emem.c (krb5_storage_emem): initialize
        host_byteorder

        * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
        (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
        check host_byteorder flag; (krb5_store_creds): add;
        (krb5_ret_creds): add

        * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
        storage of numbers

        * lib/krb5/heim_err.et: add `host not found' error

        * kdc/connect.c: don't use data after clearing decriptor

        * lib/krb5/auth_context.c: abort -> krb5_abortx

        * lib/krb5/warn.c: add __attribute__; add *abort functions

        * configure.in: check for __attribute__

        * kdc/connect.c: log bogus requests

Tue Apr 13 18:38:05 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
        for all DES keys

1999-04-12  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit

        * lib/krb5/get_cred.c (init_tgs_req): some more error checking

        * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
        value from malloc

Sun Apr 11 03:47:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/krb5.conf.5: update to reality

        * lib/krb5/krb5_425_conv_principal.3: update to reality

1999-04-11  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_host_realm.c: handle more than one realm for a host

        * kpasswd/kpasswd.c (main): use krb5_program_setup and
        print_version

        * kdc/string2key.c (main): use krb5_program_setup and
        print_version

Sun Apr 11 02:35:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
        work, and check built-in list of host-type first-components

        * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm

        * lib/krb5/context.c: add srv_* flags to context

        * lib/krb5/principal.c: add default v4_name_convert entries

        * lib/krb5/krb5.h: add srv_* flags to context

Sat Apr 10 22:52:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * kadmin/kadmin.c: complain about un-recognised commands

        * admin/ktutil.c: complain about un-recognised commands

Sat Apr 10 15:41:49 1999  Assar Westerlund  <assar@sics.se>

        * kadmin/load.c (doit): fix error message

        * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
        fail to match.
        (krb5_get_wrapped_length): new function

        * configure.in: security/pam_modules.h: check for

        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
        around `ret_as_reply' semantics by only freeing it when ret == 0

Fri Apr  9 20:24:04 1999  Assar Westerlund  <assar@sics.se>

        * kuser/klist.c (print_cred_verbose): handle the case of a bad
        enctype

        * configure.in: test for more header files
        (LIB_roken): set

Thu Apr  8 15:01:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: fixes for building w/o krb4

        * ltmain.sh: update to libtool 1.2d

        * ltconfig: update to libtool 1.2d

Wed Apr  7 23:37:26 1999  Assar Westerlund  <assar@sics.se>

        * kdc/hpropd.c: fix some error messages to be more understandable.

        * kdc/hprop.c (ka_dump): remove unused variables

        * appl/test/tcp_server.c: remove unused variables

        * appl/test/gssapi_server.c: remove unused variables

        * appl/test/gssapi_client.c: remove unused variables

Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code

        * kuser/klist.c: make it compile w/o krb4

        * kuser/kdestroy.c: make it compile w/o krb4

        * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
        strings

Mon Apr  5 16:13:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: test for MIPS ABI; new test_package

Thu Apr  1 11:00:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * include/Makefile.am: clean krb5-private.h

        * Release 0.1d

        * kpasswd/kpasswdd.c (doit): pass context to
        krb5_get_all_client_addrs

        * kdc/connect.c (init_sockets): pass context to
        krb5_get_all_server_addrs

        * lib/krb5/get_in_tkt.c (init_as_req): pass context to
        krb5_get_all_client_addrs

        * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
        krb5_get_all_client_addrs

        * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses

        * lib/krb5/krb5.h: add support for adding an extra set of
        addresses

        * lib/krb5/context.c: add support for adding an extra set of
        addresses

        * lib/krb5/addr_families.c: add krb5_parse_address

        * lib/krb5/address.c: krb5_append_addresses

        * lib/krb5/config_file.c (parse_binding): don't zap everything
        after first whitespace

        * kuser/kinit.c (renew_validate): don't allocate out

        * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
        allocate out_creds

        * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
        out_creds pointer;
        (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
        free more memory

        * lib/krb5/crypto.c (encrypt_internal): free checksum

        * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
        and ticket

        * kuser/Makefile.am: remove kfoo

        * lib/Makefile.am: add auth

        * lib/kadm5/iprop.h: getarg.h

        * lib/kadm5/replay_log.c: use getarg

        * lib/kadm5/ipropd_slave.c: use getarg

        * lib/kadm5/ipropd_master.c: use getarg

        * lib/kadm5/dump_log.c: use getarg

        * kpasswd/kpasswdd.c: use getarg

        * Makefile.am.common: make a more working check-local target

        * lib/asn1/main.c: use getargs

Mon Mar 29 20:19:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * kuser/klist.c (print_cred_verbose): use krb5_print_address

        * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int

        * lib/krb5/addr_families.c (krb5_print_address): handle unknown
        address types; (ipv6_print_addr): print in 16-bit groups (as it
        should)

        * lib/krb5/crc.c: crc_{init_table,update} ->
        _krb5_crc_{init_table,update}

        * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
        crc_{init_table,update} -> _krb5_crc_{init_table,update}

        * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int

        * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int

        * lib/krb5/krb5_locl.h: include krb5-private.h

        * kdc/connect.c (addr_to_string): use krb5_print_address

        * lib/krb5/addr_families.c (krb5_print_address): int -> size_t

        * lib/krb5/addr_families.c: add support for printing ipv6
        addresses, either with inet_ntop, or ugly for-loop

        * kdc/524.c: check that the ticket came from a valid address; use
        the address of the connection as the address to put in the v4
        ticket (if this address is AF_INET)

        * kdc/connect.c: pass addr to do_524

        * kdc/kdc_locl.h: prototype for do_524

Sat Mar 27 17:48:31 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
        setlim; check for auth modules; siad.h, getpwnam_r;
        lib/auth/Makefile, lib/auth/sia/Makefile

        * lib/krb5/crypto.c: n_fold -> _krb5_n_fold

        * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold

Thu Mar 25 04:35:21 1999  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
        it

        * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'

        * lib/hdb/ndbm.c (NDBM_destroy): clear master key

        * lib/hdb/db.c (DB_destroy): clear master key
        (DB_open): check malloc

        * kdc/connect.c (init_sockets): free addresses

        * kadmin/kadmin.c (main): make code more consistent.  always free
        configuration information.

        * kadmin/init.c (create_random_entry): free the entry

Wed Mar 24 04:02:03 1999  Assar Westerlund  <assar@sics.se>

        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
        re-organize the code to always free `kdc_reply'

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
        freeing memory

        * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close

        * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'

        * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
        header

        * configure.in (db_185.h): check for

        * admin/srvcreate.c: new file. contributed by Daniel Kouril
        <kouril@informatics.muni.cz>

        * admin/ktutil.c: srvcreate: new command

        * kuser/klist.c: add support for printing AFS tokens

        * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
        tokens.  based on code by Love <lha@stacken.kth.se>

        * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries

        * configure.in: sys/ioccom.h: test for

        * kuser/klist.c (main): don't print `no ticket file' with --test.
        From: Love <lha@e.kth.se>

        * kpasswd/kpasswdd.c (doit): more braces to make gcc happy

        * kdc/connect.c (init_socket): get rid of a stupid warning

        * include/bits.c (my_strupr): cast away some stupid warnings

Tue Mar 23 14:34:44 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
        loops, please

Tue Mar 23 00:00:45 1999  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/Makefile.am (install_build_headers): recover from make
        rewriting the names of the headers kludge to help solaris make

        * lib/krb5/Makefile.am: kludge to help solaris make

        * lib/hdb/Makefile.am: kludge to help solaris make

        * configure.in (LIB_kdb): make sure there's a -L option in here by
        adding $(LIB_krb4)

        * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
        unsigned

        * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
        remove the `dnl' to work around an automake flaw

Sun Mar 21 15:08:49 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/get_default_realm.c: char* -> krb5_realm

Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * include/bits.c: <bind/bitypes.h>

        * lib/krb5/Makefile.am: create krb5-private.h

Sat Mar 20 00:08:59 1999  Assar Westerlund  <assar@sics.se>

        * configure.in (gethostname): remove duplicate

Fri Mar 19 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/hdb/Makefile.am: add version-info

        * lib/gssapi/Makefile.am: add version-info

        * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
        to check_PROGRAMS

        * lib/Makefile.am: add 45

        * lib/kadm5/Makefile.am: split in client and server libraries
        (breaks shared libraries otherwise)

Thu Mar 18 11:33:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * include/kadm5/Makefile.am: clean a lot of header files (since
        automake lacks a clean-hook)

        * include/Makefile.am: clean a lot of header files (since automake
        lacks a clean-hook)

        * lib/kadm5/Makefile.am: fix build-installation of headers

        * lib/krb5/Makefile.am: remove include_dir hack

        * lib/hdb/Makefile.am: remove include_dir hack

        * lib/asn1/Makefile.am: remove include_dir hack

        * include/Makefile.am: remove include_dir hack

        * doc/whatis.texi: define sub for html

        * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h

        * lib/asn1/Makefile.am: der.h

        * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h

        * kdc/Makefile.am: remove junk

        * kadmin/Makefile.am: sl.a -> sl.la

        * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS

        * admin/Makefile.am: sl.a -> sl.la

        * configure.in: condition KRB5; AC_CHECK_XAU

        * Makefile.am: include Makefile.am.common

        * include/kadm5/Makefile.am: include Makefile.am.common; don't
        install headers from here

        * include/Makefile.am: include Makefile.am.common; don't install
        headers from here

        * doc/Makefile.am: include Makefile.am.common

        * lib/krb5/Makefile.am: include Makefile.am.common

        * lib/kadm5/Makefile.am: include Makefile.am.common

        * lib/hdb/Makefile.am: include Makefile.am.common

        * lib/gssapi/Makefile.am: include Makefile.am.common

        * lib/asn1/Makefile.am: include Makefile.am.common

        * lib/Makefile.am: include Makefile.am.common

        * lib/45/Makefile.am: include Makefile.am.common

        * kuser/Makefile.am: include Makefile.am.common

        * kpasswd/Makefile.am: include Makefile.am.common

        * kdc/Makefile.am: include Makefile.am.common

        * kadmin/Makefile.am: include Makefile.am.common

        * appl/test/Makefile.am: include Makefile.am.common

        * appl/afsutil/Makefile.am: include Makefile.am.common

        * appl/Makefile.am: include Makefile.am.common

        * admin/Makefile.am: include Makefile.am.common

Wed Mar 17 03:04:38 1999  Assar Westerlund  <assar@sics.se>

        * lib/krb5/store.c (krb5_store_stringz): braces fix

        * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix

        * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix

        * kdc/connect.c (loop): braces fix

        * lib/krb5/config_file.c: cast to unsigned char to make is* happy

        * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy

        * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
        be consistent

        * kadmin/util.c (timeval2str): more braces to make gcc happy

        * kadmin/load.c: cast in is* to get rid of stupid warning

        * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
        warning

        * kdc/kaserver.c: malloc checks and fixes

        * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
        dot (if any) when looking up realms.

Fri Mar 12 13:57:56 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/get_host_realm.c: add dns support

        * lib/krb5/set_default_realm.c: use krb5_free_host_realm

        * lib/krb5/free_host_realm.c: check for NULL realmlist

        * lib/krb5/context.c: don't print warning if there is no krb5.conf

Wed Mar 10 19:29:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: use AC_WFLAGS

Mon Mar  8 11:49:43 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * Release 0.1c

        * kuser/klist.c: use print_version

        * kuser/kdestroy.c: use print_version

        * kdc/hpropd.c: use print_version

        * kdc/hprop.c: use print_version

        * kdc/config.c: use print_version

        * kadmin/kadmind.c: use print_version

        * kadmin/kadmin.c: use print_version

        * appl/test/common.c: use print_version

        * appl/afsutil/afslog.c: use print_version

Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
        HAVE_STRUCT_SOCKADDR_SA_LEN

        * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13

Sun Feb 28 18:19:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/asn1/gen.c: make `BIT STRING's unsigned

        * lib/asn1/{symbol.h,gen.c}: add TUInteger type

        * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
        krb5_get_init_creds_password

        * lib/krb5/fcache.c (fcc_gen_new): implement

Sat Feb 27 22:41:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * doc/install.texi: krb4 is now automatically detected

        * doc/misc.texi: update procedure to set supported encryption
        types

        * doc/setup.texi: change some silly wordings

Sat Feb 27 22:17:30 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/keytab.c (fkt_remove_entry): make this work

        * admin/ktutil.c: add minimally working `get' command

Sat Feb 27 19:44:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/hdb/convert_db.c: more typos

        * include/Makefile.am: remove EXTRA_DATA (as of autoconf
        2.13/automake 1.4)

        * appl/Makefile.am: OTP_dir

Fri Feb 26 17:37:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * doc/setup.texi: add kadmin section

        * lib/asn1/check-der.c: fix printf warnings

Thu Feb 25 11:16:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: -O does not belong in WFLAGS

Thu Feb 25 11:05:57 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/asn1/der_put.c: fix der_put_int

Tue Feb 23 20:35:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * configure.in: use AC_BROKEN_GLOB

Mon Feb 22 15:12:44 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * configure.in: check for glob

Mon Feb 22 11:32:42 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

        * Release 0.1b

Sat Feb 20 15:48:06 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
        des3-cbc-md5

        * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
        what the draft said it should

        * lib/hdb/convert_db.c: little program for database conversion

        * lib/hdb/db.c (DB_open): try to open database w/o .db extension

        * lib/hdb/ndbm.c (NDBM_open): add test for database format

        * lib/hdb/db.c (DB_open): add test for database format

        * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
        unsigned

        * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
        EncryptionKey, and add a new function `hdb_set_master_keyfile' to
        do what `hdb_set_master_key' used to do

        * kdc/kstash.c: add `--convert-file' option to change keytype of
        existing master key file

Fri Feb 19 07:04:14 1999  Assar Westerlund  <assar@squid.pdc.kth.se>

        * Release 0.1a

Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
        is now a `u_char *'

        * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'

        * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
        orig_host

        (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
        RSA_MD5_DES3_verify): initialize ret

        * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
        gssapi_krb5_init.  ask for KEYTYPE_DES credentials

        * kadmin/get.c (print_entry_long): print the keytypes and salts
        available for the principal

        * configure.in (WFLAGS): add `-O' to catch unitialized variables
        and such
        (gethostname, mkstemp, getusershell, inet_aton): more tests

        * lib/hdb/hdb.h: update prototypes

        * configure.in: homogenize broken detection with krb4

        * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
        `error'

        * lib/asn1/Makefile.am (check-der): add

        * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
        of `unsigned'

        * lib/asn1/der_length.c (length_unsigned): new function
        (length_int): handle signed integers

        * lib/asn1/der_put.c (der_put_unsigned): new function
        (der_put_int): handle signed integers

        * lib/asn1/der_get.c (der_get_unsigned): new function
        (der_get_int): handle signed integers

        * lib/asn1/der.h: all integer functions take `int' instead of
        `unsigned'

        * lib/asn1/lex.l (filename): unused. remove.

        * lib/asn1/check-der.c: new test program for der encoding and
        decoding.

Mon Feb  1 04:09:06 1999  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
        gethostbyname2 with AF_INET6 if we actually have IPv6.  From
        "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

        * lib/krb5/changepw.c (get_kdc_address): dito

Sun Jan 31 06:26:36 1999  Assar Westerlund  <assar@sics.se>

        * kdc/connect.c (parse_prots): always bind to AF_INET, there are
        v6-implementations without support for `mapped V4 addresses'.
        From Jun-ichiro itojun Hagino <itojun@kame.net>

Sat Jan 30 22:38:27 1999  Assar Westerlund  <assar@juguete.sics.se>

        * Release 0.0u

Sat Jan 30 13:43:02 1999  Assar Westerlund  <assar@sics.se>

        * lib/krb5/Makefile.am: explicit rules for *.et files

        * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
        krb5_get_credentials was succesful.
        (get_new_cache): return better error codes and return earlier.
        (get_cred_cache): only delete default_client if it's different
        from client
        (kadm5_c_init_with_context): return a more descriptive error.

        * kdc/kerberos5.c (check_flags): handle NULL client or server

        * lib/krb5/sendauth.c (krb5_sendauth): return the error in
        `ret_error' iff != NULL

        * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
        new functions

        * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
        type-correctness

        * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR

        * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use

        * lib/krb5/get_cred.c: KRB5_TGS_NAME: use

        * lib/kafs/afskrb5.c (afslog_uid_int): update to changes

        * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
        instead of rename, but shouldn't this just call rename?

        * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
        error if the principal wasn't found.

        * lib/hdb/ndbm.c (NDBM_seq): unseal key

        * lib/hdb/db.c (DB_seq): unseal key

        * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]

        * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
        finding cross-realm tgts in the v4 database

        * kadmin/mod.c (mod_entry): check the number of arguments.  check
        that kadm5_get_principal worked.

        * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
        we weren't able to remove it.

        * admin/ktutil.c: less drive-by-deleting.  From Love
        <lha@e.kth.se>

        * kdc/connect.c (parse_ports): copy the string before mishandling
        it with strtok_r

        * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
        kvnos

        * kadmin/kadmind.c (main): convert `debug_port' to network byte
        order

        * kadmin/kadmin.c: allow specification of port number.

        * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
        `kadmind_port'.

        * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
        initalize_kadm5_error_table_r.
        allow specification of port number.
        
        From Love <lha@stacken.kth.se>

        * kuser/klist.c: add option -t | --test

Sat Dec  5 19:49:34 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/context.c: remove ktype_is_etype

        * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE

        * configure.in: fix for AIX install; better tests for AIX dynamic
        AFS libs; `--enable-new-des3-code'

Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * appl/afsutil/Makefile.am: link with extra libs for aix

        * kuser/Makefile.am: link with extra libs for aix

Sun Nov 29 01:56:21 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add.  almost
        the same as krb5_get_all_client_addrs except that it includes
        loopback addresses

        * kdc/connect.c (init_socket): bind to a particular address
        (init_sockets): get all local addresses and bind to them all

        * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
        methods
        (find_af, find_atype): new functions.  use them.

        * configure.in: add hesiod

Wed Nov 25 11:37:48 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03

Mon Nov 23 12:53:48 1998  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/log.c: rename delete -> remove

        * lib/kadm5/delete_s.c: rename delete -> remove

        * lib/hdb/common.c: rename delete -> remove

Sun Nov 22 12:26:26 1998  Assar Westerlund  <assar@sics.se>

        * configure.in: check for environ and `struct spwd'

Sun Nov 22 11:42:45 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
        ktype_is_etype

        * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
        etypes
        (em): sort entries

Sun Nov 22 06:54:48 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/init_creds_pw.c: more type correctness

        * lib/krb5/get_cred.c: re-structure code.  remove limits on ASN1
        generated bits.

Sun Nov 22 01:49:50 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * kdc/hprop.c (v4_prop): fix bogus indexing

Sat Nov 21 21:39:20 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/verify_init.c (fail_verify_is_ok): new function
        (krb5_verify_init_creds): if we cannot get a ticket for
        host/`hostname` and fail_verify_is_ok just return.  use
        krb5_rd_req

Sat Nov 21 23:12:27 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/free.c (krb5_xfree): new function

        * lib/krb5/creds.c (krb5_free_creds_contents): new function

        * lib/krb5/context.c: more type correctness

        * lib/krb5/checksum.c: more type correctness

        * lib/krb5/auth_context.c (krb5_auth_con_init): more type
        correctness

        * lib/asn1/der_get.c (der_get_length): fix test of len
        (der_get_tag): more type correctness

        * kuser/klist.c (usage): void-ize

        * admin/ktutil.c (kt_remove): some more type correctness.

Sat Nov 21 16:49:20 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * kuser/klist.c: try to list enctypes as keytypes

        * kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
        to set list of enctypes to use

        * kadmin/load.c: load strings as hex

        * kadmin/dump.c: dump hex as string is possible

        * admin/ktutil.c: use print_version()

        * configure.in, acconfig.h: test for hesiod

Sun Nov 15 17:28:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/krb5/crypto.c: add some crypto debug code

        * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
        buffer when encoding ticket

        * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'

        * kdc/kerberos5.c: allow mis-match of tgt session key, and service
        session key

        * admin/ktutil.c: keytype -> enctype

Fri Nov 13 05:35:48 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
        
Sat Nov  7 19:56:31 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_cred.c (add_cred): add termination NULL pointer

Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_req.c: adapt to new crypto api

        * lib/krb5/rd_rep.c: adapt to new crypto api

        * lib/krb5/rd_priv.c: adopt to new crypto api

        * lib/krb5/rd_cred.c: adopt to new crypto api

        * lib/krb5/principal.c: ENOMEM -> ERANGE

        * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api

        * lib/krb5/mk_req_ext.c: adopt to new crypto api

        * lib/krb5/mk_req.c: get enctype from auth_context keyblock

        * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api

        * lib/krb5/mk_priv.c: adopt to new crypto api

        * lib/krb5/keytab.c: adopt to new crypto api

        * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api

        * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api

        * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api

        * lib/krb5/get_in_tkt.c: adopt to new crypto api

        * lib/krb5/get_cred.c: adopt to new crypto api

        * lib/krb5/generate_subkey.c: use new crypto api

        * lib/krb5/context.c: rename etype functions to enctype ditto

        * lib/krb5/build_auth.c: use new crypto api

        * lib/krb5/auth_context.c: remove enctype and cksumtype from
        auth_context

Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>

        * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'

Tue Sep 15 18:41:38 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * admin/ktutil.c: fix printing of unrecognized keytypes

Tue Sep 15 17:02:33 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

        * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
        using AFS3 salt

Tue Aug 25 23:30:52 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
        `use_admin_kdc'

        * lib/krb5/changepw.c (get_kdc_address): use
        krb5_get_krb_admin_hst

        * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function

        * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'

        * lib/krb5/context.c (krb5_get_use_admin_kdc,
        krb5_set_use_admin_kdc): new functions

Tue Aug 18 22:24:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/crypto.c: remove all calls to abort(); check return
        value from _key_schedule;
        (RSA_MD[45]_DES_verify): zero tmp and res;
        (RSA_MD5_DES3_{verify,checksum}): implement

Mon Aug 17 20:18:46 1998  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos4.c (swap32): conditionalize

        * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function

        * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
        returned from gethostby*() isn't a FQDN, try with the original
        hostname

        * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
        and correct key usage

        * lib/krb5/crypto.c (verify_checksum): make static

        * admin/ktutil.c (kt_list): use krb5_enctype_to_string

Sun Aug 16 20:57:56 1998  Assar Westerlund  <assar@sics.se>

        * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt

        * kadmin/ank.c (ank): print principal name in prompt

        * lib/krb5/crypto.c (hmac): always allocate space for checksum.
        never trust c.checksum.length
        (_get_derived_key): try to return the derived key

Sun Aug 16 19:48:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
        (get_checksum_key): assume usage is `formatted'
        (create_checksum,verify_checksum): moved the guts of the krb5_*
        functions here, both take `formatted' key-usages
        (encrypt_internal_derived): fix various bogosities
        (derive_key): drop key_type parameter (already given by the
        encryption_type)

        * kdc/kerberos5.c (check_flags): handle case where client is NULL

        * kdc/connect.c (process_request): return zero after processing
        kerberos 4 request

Sun Aug 16 18:38:15 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/crypto.c: merge x-*.[ch] into one file

        * lib/krb5/cache.c: remove residual from krb5_ccache_data

Fri Aug 14 16:28:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
        separate function (will eventually end up someplace else)

        * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key

        * configure.in, acconfig.h: test for four valued krb_put_int

Thu Aug 13 23:46:29 1998  Assar Westerlund  <assar@emma.pdc.kth.se>

        * Release 0.0t

Thu Aug 13 22:40:17 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/config_file.c (parse_binding): remove trailing
        whitespace

Wed Aug 12 20:15:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
        to krb5_create_checksum

        * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
        few typos

Wed Aug  5 12:39:54 1998  Assar Westerlund  <assar@emma.pdc.kth.se>

        * Release 0.0s

Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die

Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kdc_locl.h: proto for `get_des_key'

        * configure.in: test for four valued el_init

        * kuser/klist.c: keytype -> enctype

        * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'

        * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys

        * kdc/kaserver.c: use `get_des_key'

        * kdc/524.c: use new crypto api

        * kdc/kerberos4.c: use new crypto api

        * kdc/kerberos5.c: always treat keytypes as enctypes; use new
        crypto api

        * kdc/kstash.c: adapt to new crypto api

        * kdc/string2key.c: adapt to new crypto api

        * admin/srvconvert.c: add keys for all possible enctypes

        * admin/ktutil.c: keytype -> enctype

        * lib/gssapi/init_sec_context.c: get enctype from auth_context
        keyblock

        * lib/hdb/hdb.c: remove hdb_*_keytype2key

        * lib/kadm5/set_keys.c: adapt to new crypto api

        * lib/kadm5/rename_s.c: adapt to new crypto api

        * lib/kadm5/get_s.c: adapt to new crypto api

        * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
        des-cbc-md5, and des3-cbc-sha1

        * lib/krb5/heim_err.et: error message for unsupported salt

        * lib/krb5/codec.c: short-circuit these functions, since they are
        not needed any more

        * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api

Mon Jul 13 23:00:59 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
        hostent->h_addr_list, use a copy instead

Mon Jul 13 15:00:31 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/config_file.c (parse_binding, parse_section): make sure
        everything is ok before adding to linked list

        * lib/krb5/config_file.c: skip ws before checking for comment

Wed Jul  8 10:45:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/asn1/k5.asn1: hmac-sha1-des3 = 12

Tue Jun 30 18:08:05 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
        unopened file

        * lib/krb5/mk_priv.c: realloc correctly

        * lib/krb5/get_addrs.c (find_all_addresses): init j

        * lib/krb5/context.c (krb5_init_context): print error if parsing
        of config file produced an error.

        * lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
        ignore more spaces

        * lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
        krb5_encode_ETYPE_INFO): initialize `ret'

        * lib/krb5/build_auth.c (krb5_build_authenticator): realloc
        correctly

        * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'

        * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
        with default_client

        * kuser/kinit.c (main): initialize `ticket_life'

        * kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
        (tgs_rep2): initialize `krbtgt'

        * kdc/connect.c (do_request): check for errors from `sendto'

        * kdc/524.c (do_524): initialize `ret'

        * kadmin/util.c (foreach_principal): don't clobber `ret'

        * kadmin/del.c (del_entry): don't apply on zeroth argument

        * kadmin/cpw.c (do_cpw_entry): initialize `ret'

Sat Jun 13 04:14:01 1998  Assar Westerlund  <assar@juguete.sics.se>

        * Release 0.0r

Sun Jun  7 04:13:14 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/addr_families.c: fall-back definition of
        IN6_ADDR_V6_TO_V4

        * configure.in: only set CFLAGS if it wasn't set look for
        dn_expand and res_search

Mon Jun  1 21:28:07 1998  Assar Westerlund  <assar@sics.se>

        * configure.in: remove duplicate seteuid

Sat May 30 00:19:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
        runtime dependencies on libkrb with some shared library
        implementations

Fri May 29 00:09:02 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kuser/kinit_options.c: Default options for kinit.

        * kuser/kauth_options.c: Default options for kauth.

        * kuser/kinit.c: Implement lots a new options.

        * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
        is not NULL; set endtime to min of new starttime + old_life, and
        requested endtime

        * lib/krb5/init_creds_pw.c (get_init_creds_common): if the
        forwardable or proxiable flags are set in options, set the
        kdc-flags to the value specified, and not always to one

Thu May 28 21:28:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c: Optionally compare client address to addresses
        in ticket.

        * kdc/connect.c: Pass client address to as_rep() and tgs_rep().

        * kdc/config.c: Add check_ticket_addresses, and
        allow_null_ticket_addresses variables.

Tue May 26 14:03:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/kadm5/create_s.c: possibly make DES keys version 4 salted

        * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
        before zapping version 4 salts

Sun May 24 05:22:17 1998  Assar Westerlund  <assar@sics.se>

        * Release 0.0q

        * lib/krb5/aname_to_localname.c: new file

        * lib/gssapi/init_sec_context.c (repl_mutual): no output token

        * lib/gssapi/display_name.c (gss_display_name): zero terminate
        output.

Sat May 23 19:11:07 1998  Assar Westerlund  <assar@sics.se>

        * lib/gssapi/display_status.c: new file

        * Makefile.am: send -I to aclocal

        * configure.in: remove duplicate setenv

Sat May 23 04:55:19 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kadmin/util.c (foreach_principal): Check for expression before
        wading through the whole database.

        * kadmin/kadmin.c: Pass NULL password to
        kadm5_*_init_with_password.

        * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
        of `password' parameter to init_with_password.

        * lib/kadm5/init_s.c: implement init_with_{skey,creds}*

        * lib/kadm5/server.c: Better arguments for
        kadm5_init_with_password.

Sat May 16 07:10:36 1998  Assar Westerlund  <assar@sics.se>

        * kdc/hprop.c: conditionalize ka-server reading support on
        KASERVER_DB

        * configure.in: new option `--enable-kaserver-db'

Fri May 15 19:39:18 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/get_cred.c: Better error if local tgt couldn't be
        found.

Tue May 12 21:11:02 1998  Assar Westerlund  <assar@sics.se>

        * Release 0.0p

        * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
        encryption type in auth_context if it's compatible with the type
        of the session key

Mon May 11 21:11:14 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/hprop.c: add support for ka-server databases

        * appl/ftp/ftpd: link with -lcrypt, if needed

Fri May  1 07:29:52 1998  Assar Westerlund  <assar@sics.se>

        * configure.in: don't test for winsock.h

Sat Apr 18 21:43:11 1998  Johan Danielsson  <joda@puffer.pdc.kth.se>

        * Release 0.0o

Sat Apr 18 00:31:11 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/sock_principal.c: Save hostname.

Sun Apr  5 11:29:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/mk_req_ext.c: Use same enctype as in ticket.

        * kdc/hprop.c (v4_prop): Check for null key.

Fri Apr  3 03:54:54 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/str2key.c: Fix DES3 string-to-key.

        * lib/krb5/keytab.c: Get default keytab name from context.

        * lib/krb5/context.c: Get `default_keytab_name' value.

        * kadmin/util.c (foreach_principal): Print error message if
        `kadm5_get_principals' fails.

        * kadmin/kadmind.c: Use `kadmind_loop'.

        * lib/kadm5/server.c: Replace several other functions with
        `kadmind_loop'.

Sat Mar 28 09:49:18 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
        of O_APPEND

        * configure.in: generate ftp Makefiles

        * kuser/klist.c (print_cred_verbose): print IPv4-address in a
        portable way.

        * admin/srvconvert.c (srvconv): return 0 if successful

Tue Mar 24 00:40:33 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
        keytab entries, and change default keytab to `/etc/krb5.keytab'.

Mon Mar 23 23:43:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.

        * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
        Fix bug in checking of pad.

        * lib/gssapi/{un,}wrap.c: Add support for just integrity
        protecting data.
        
        * lib/gssapi/accept_sec_context.c: Use
        `gssapi_krb5_verify_8003_checksum'.

        * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.

        * lib/gssapi/init_sec_context.c: Zero cred, and store session key
        properly in auth-context.

Sun Mar 22 00:47:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/kadm5/delete_s.c: Check immutable bit.

        * kadmin/kadmin.c: Pass client name to kadm5_init.

        * lib/kadm5/init_c.c: Get creds for client name passed in.

        * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.

Sat Mar 21 22:57:13 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/mk_error.c: Verify that error_code is in the range
        [0,127].

        * kdc/kerberos5.c: Move checking of principal flags to new
        function `check_flags'.

Sat Mar 21 14:38:51 1998  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt

        * configure.in: define SunOS if running solaris

Sat Mar 21 00:26:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/kadm5/server.c: Unifdef test for same principal when
        changing password.

        * kadmin/util.c: If kadm5_get_principals failes, we might still be
        able to perform the requested opreration (for instance someone if
        trying to change his own password).

        * lib/kadm5/init_c.c: Try to get ticket via initial request, if
        not possible via tgt.

        * lib/kadm5/server.c: Check for principals changing their own
        passwords.

        * kdc/kerberos5.c (tgs_rep2): check for interesting flags on
        involved principals.

        * kadmin/util.c: Fix order of flags.

Thu Mar 19 16:54:10 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos4.c: Return sane error code if krb_rd_req fails.

Wed Mar 18 17:11:47 1998  Assar Westerlund  <assar@sics.se>

        * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6

Wed Mar 18 09:58:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
        free keyseed; use correct keytab

Tue Mar 10 09:56:16 1998  Assar Westerlund  <assar@sics.se>

        * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives

Mon Mar 16 23:58:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * Release 0.0n

Fri Mar  6 00:41:30 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/gssapi/{accept_sec_context,release_cred}.c: Use
        krb5_kt_close/krb5_kt_resolve.
        
        * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
        to lookup hosts, so CNAMEs can be ignored.

        * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
        Add support for using proxy.

        * lib/krb5/context.c: Initialize `http_proxy' from
        `libdefaults/http_proxy'.

        * lib/krb5/krb5.h: Add `http_proxy' to context.

        * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
        specifications.

Wed Mar  4 01:47:29 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * admin/ktutil.c: Implement `add' and `remove' functions. Make
        `--keytab' a global option.

        * lib/krb5/keytab.c: Implement remove with files. Add memory
        operations.

Tue Mar  3 20:09:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/keytab.c: Use function pointers.

        * admin: Remove kdb_edit.

Sun Mar  1 03:28:42 1998  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/dump_log.c: print operation names

Sun Mar  1 03:04:12 1998  Assar Westerlund  <assar@sics.se>

        * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
        
        * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
        remove arbitrary limit

        * kdc/hprop-common.c: use krb5_{read,write}_message

        * lib/kadm5/ipropd_master.c (send_diffs): more careful use
        krb5_{write,read}_message

        * lib/kadm5/ipropd_slave.c (get_creds): get credentials for
        `iprop/master' directly.
        (main): use `krb5_read_message'

Sun Mar  1 02:05:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kadmin/kadmin.c: Cleanup commands list, and add help strings.

        * kadmin/get.c: Add long, short, and terse (equivalent to `list')
        output formats. Short is the default.

        * kadmin/util.c: Add `include_time' flag to timeval2str.

        * kadmin/init.c: Max-life and max-renew can, infact, be zero.

        * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.

        * kadmin/util.c: Add function `foreach_principal', that loops over
        all principals matching an expression.

        * kadmin/kadmin.c: Add usage string to `privileges'.

        * lib/kadm5/get_princs_s.c: Also try to match aganist the
        expression appended with `@default-realm'.

        * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
        excludes the realm if it's the same as the default realm.

Fri Feb 27 05:02:21 1998  Assar Westerlund  <assar@sics.se>

        * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
        headers and functions error -> com_err

        (krb5_get_init_creds_keytab): use krb5_keytab_key_proc

        * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
        global

        * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'

        * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.

Fri Feb 27 04:49:24 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
        This should be fixed the correct way.

        * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
        (send_diffs): compare versions correctly
        (main): reorder handling of events

        * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion

Thu Feb 26 02:22:35 1998  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/ipropd_{slave,master}.c: new files

        * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
        argument

        * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
        et_list *'

        * aux/make-proto.pl: Should work with perl4

Mon Feb 16 17:20:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
        {asn1,krb5}_err.h).

Thu Feb 12 03:28:40 1998  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
        is larger than max_skew, return KRB5KRB_AP_ERR_SKEW

        * lib/kadm5/log.c (get_version): globalize

        * lib/kadm5/kadm5_locl.h: include <sys/file.h>

        * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY

        * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
        initializing local struct in declaration.

Sat Jan 31 17:28:58 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/524.c: Use krb5_decode_EncTicketPart.

        * kdc/kerberos5.c: Check at runtime whether to use enctypes
        instead of keytypes. If so use the same value to encrypt ticket,
        and kdc-rep as well as `keytype' for session key. Fix some obvious
        bugs with the handling of additional tickets.

        * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
        krb5_decode_Authenticator.

        * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.

        * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.

        * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
        type, and not a key type.  Use krb5_encode_EncAPRepPart.

        * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.

        * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.

        * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.

        * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.

        * lib/krb5/build_auth.c: Use krb5_encode_Authenticator.

        * lib/krb5/codec.c: Enctype conversion stuff.

        * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
        setuid. Get configuration for libdefaults ktype_is_etype, and
        default_etypes.

        * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
        krb5_convert_etype to krb5_decode_keytype, and add
        krb5_decode_keyblock.

Fri Jan 23 00:32:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.

        * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
        from protocol keytypes (that really are enctypes) to internal
        representation.

Thu Jan 22 21:24:36 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
        on keys in the database; and also a new `pa-key-info' padata-type.

        * kdc/kerberos5.c: If pre-authentication fails, return a list of
        keytypes, salttypes, and salts.

        * lib/krb5/init_creds_pw.c: Add better support for
        pre-authentication, by looking at hints from the KDC.

        * lib/krb5/get_in_tkt.c: Add better support for specifying what
        pre-authentication to use.

        * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
        KEYTYPE_DES_AFS3.

        * lib/krb5/krb5.h: Add pre-authentication structures.

        * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.

Wed Jan 21 06:20:40 1998  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
        `log_context.socket_name' and `log_context.socket_fd'

        * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
        to inform the possible running ipropd of an update.

Wed Jan 21 01:34:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_in_tkt.c: Return error-packet to caller.

        * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.

        * kdc/kerberos5.c: Add some support for using enctypes instead of
        keytypes.

        * lib/krb5/get_cred.c: Fixes to send authorization-data to the
        KDC.

        * lib/krb5/build_auth.c: Only generate local subkey if there is
        none.

        * lib/krb5/krb5.h: Add krb5_authdata type.

        * lib/krb5/auth_context.c: Add
        krb5_auth_con_set{,localsub,remotesub}key.

        * lib/krb5/init_creds_pw.c: Return some error if prompter
        functions return failure.

Wed Jan 21 01:16:13 1998  Assar Westerlund  <assar@sics.se>

        * kpasswd/kpasswd.c: detect bad password.  use krb5_err.

        * kadmin/util.c (edit_entry): remove unused variables

Tue Jan 20 22:58:31 1998  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.

        * lib/kadm5/kadm5_locl.h: add kadm5_log_context and
        kadm5_log*-functions

        * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
        log

        * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
        log

        * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
        log_context

        * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
        log

        * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
        log

        * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
        log

        * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
        log

        * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log

        * lib/kadm5/replay_log.c: new file

        * lib/kadm5/dump_log.c: new file

        * lib/kadm5/log.c: new file

        * lib/krb5/str2key.c (get_str): initialize pad space to zero

        * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL

        * kpasswd/kpasswdd.c: rewritten to use the kadm5 API

        * kpasswd/Makefile.am: link with kadm5srv

        * kdc/kerberos5.c (tgs_rep): initialize `i'

        * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp

        * include/Makefile.am: added admin.h

Sun Jan 18 01:41:34 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.

        * lib/krb5/mcache.c (mcc_store_cred): restore linked list if
        copy_creds fails.

Tue Jan  6 04:17:56 1998  Assar Westerlund  <assar@sics.se>

        * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}

        * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.

        * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
        krb5_getportbyname

        * kadmin/kadmind.c (main): htons correctly.
        moved kadm5_server_{recv,send}

        * kadmin/kadmin.c (main): only set admin_server if explicitly
        given

Mon Jan  5 23:34:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/hdb/ndbm.c: Implement locking of database.

        * kdc/kerberos5.c: Process AuthorizationData.

Sat Jan  3 22:07:07 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/string2key.c: Use AFS string-to-key from libkrb5.

        * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.

        * lib/krb5/krb5.h: Add value for AFS salts.

        * lib/krb5/str2key.c: Add support for AFS string-to-key.

        * lib/kadm5/rename_s.c: Use correct salt.

        * lib/kadm5/ent_setup.c: Always enable client. Only set max-life
        and max-renew if != 0.

        * lib/krb5/config_file.c: Add context to all krb5_config_*get_*.

Thu Dec 25 17:03:25 1997  Assar Westerlund  <assar@sics.se>

        * kadmin/ank.c (ank): don't zero password if --random-key was
        given.

Tue Dec 23 01:56:45 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0m

        * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'

        * kadmin/util.c (edit_time): only set mask if != 0
        (edit_attributes): only set mask if != 0

        * kadmin/init.c (init): create `default'

Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>

        * kadmin/util.c (str2deltat, str2attr, get_deltat): return value
        as pointer and have return value indicate success.
        
        (get_response): check NULL from fgets
        
        (edit_time, edit_attributes): new functions for reading values and
        offering list of answers on '?'
        
        (edit_entry): use edit_time and edit_attributes

        * kadmin/ank.c (add_new_key): test the return value of
        `krb5_parse_name'

        * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
        that the checksum has to be keyed, even though later drafts do.
        Accept unkeyed checksums to be compatible with MIT.

        * kadmin/kadmin_locl.h: add some prototypes.

        * kadmin/util.c (edit_entry): return a value

        * appl/afsutil/afslog.c (main): return a exit code.

        * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes

        * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.

        * lib/krb5/build_auth.c (krb5_build_authenticator): use
        krb5_{free,copy}_keyblock instead of the _contents versions

Fri Dec 12 14:20:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey

Mon Dec  8 08:48:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid

Sat Dec  6 10:09:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
        keyblock

Sat Dec  6 08:26:10 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0l

Thu Dec  4 03:38:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/send_to_kdc.c: Add TCP client support.

        * lib/krb5/store.c: Add k_{put,get}_int.

        * kadmin/ank.c: Set initial kvno to 1.

        * kdc/connect.c: Send version 5 TCP-reply as length+data.

Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug

        * kdc/kaserver.c (create_reply_ticket): use a random nonce in the
        reply packet.

        * kdc/connect.c (init_sockets): less reallocing.

        * **/*.c: changed `struct fd_set' to `fd_set'

Sat Nov 29 05:12:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_default_principal.c: More guessing.

Thu Nov 20 02:55:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/rd_req.c: Use principal from ticket if no server is
        given.

Tue Nov 18 02:58:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kuser/klist.c: Use krb5_err*().

Sun Nov 16 11:57:43 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
        commands.

Sun Nov 16 02:52:20 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
        `enctype'

        * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
        if set.

        * lib/krb5/get_cred.c: handle the case of a specific keytype

        * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
        parameter instead of guessing it.

        * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
        `enctype'

        * appl/test/common.c (common_setup): don't use `optarg'

        * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
        (krb5_kt_get_entry): retrieve the latest version if kvno == 0

        * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE

        * lib/krb5/creds.c (krb5_compare_creds): check for
        KRB5_TC_MATCH_KEYTYPE

        * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
        unused variable

        * lib/krb5/creds.c (krb5_copy_creds_contents): only free the
        contents if we fail.

Sun Nov 16 00:32:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kpasswd/kpasswdd.c: Get password expiration time from config
        file.

        * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.

Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
        restructured and fixed.

        * lib/krb5/addr_families.c (krb5_h_addr2addr): new function.

Wed Nov 12 01:36:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
        methods fail.

Tue Nov 11 22:22:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kadmin/kadmin.c: Add `-l' flag to use local database.

        * lib/kadm5/acl.c: Use KADM5_PRIV_ALL.

        * lib/kadm5: Use function pointer trampoline for easier dual use
        (without radiation-hardening capability).

Tue Nov 11 05:15:22 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/encrypt.c (krb5_etype_valid): new function

        * lib/krb5/creds.c (krb5_copy_creds_contents): zero target

        * lib/krb5/context.c (valid_etype): remove

        * lib/krb5/checksum.c: remove dead code

        * lib/krb5/changepw.c (send_request): free memory on error.

        * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
        from malloc.

        * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
        failure correctly.
        (krb5_auth_con_setaddrs_from_fd): return error correctly.

        * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files

Tue Nov 11 02:53:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/auth_context.c: Implement auth_con_setuserkey.

        * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.

        * lib/krb5/keyblock.c: Rename krb5_free_keyblock to
        krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.

        * lib/krb5/rd_req.c: Use auth_context->keyblock if
        ap_options.use_session_key.

Tue Nov 11 02:35:17 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
        fix callers.

        * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>

        * include/Makefile.am: add xdbm.h

Tue Nov 11 01:58:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.

Mon Nov 10 22:41:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/ticket.c: Implement copy_ticket.

        * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.

        * lib/krb5/data.c: Implement free_data and copy_data.

Sun Nov  9 02:17:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.

        * kadmin/kadmin.c: Add get_privileges function.

        * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
        specification.

        * kdc/connect.c: Exit if no sockets could be bound.

        * kadmin/kadmind.c: Check return value from krb5_net_read().

        * lib/kadm5,kadmin: Fix memory leaks.

Fri Nov  7 02:45:26 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/kadm5/create_s.c: Get some default values from `default'
        principal.

        * lib/kadm5/ent_setup.c: Add optional default entry to get some
        values from.

Thu Nov  6 00:20:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/error/compile_et.awk: Remove generated destroy_*_error_table
        prototype

        * kadmin/kadmind.c: Crude admin server.

        * kadmin/kadmin.c: Update to use remote protocol.

        * kadmin/get.c: Fix principal formatting.

        * lib/kadm5: Add client support.

        * lib/kadm5/error.c: Error code mapping.

        * lib/kadm5/server.c: Kadmind support function.

        * lib/kadm5/marshall.c: Kadm5 marshalling.

        * lib/kadm5/acl.c: Simple acl system.

        * lib/kadm5/kadm5_locl.h: Add client stuff.

        * lib/kadm5/init_s.c: Initialize acl.

        * lib/kadm5/*:  Return values.

        * lib/kadm5/create_s.c: Correct kvno.

Wed Nov  5 22:06:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/log.c: Fix parsing of log destinations.

Mon Nov  3 20:33:55 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/principal.c: Reduce number of reallocs in unparse_name.

Sat Nov  1 01:40:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kadmin: Simple kadmin utility.

        * admin/ktutil.c: Print keytype.

        * lib/kadm5/get_s.c: Set correct n_key_data.

        * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
        master key.

        * lib/kadm5/destroy_s.c: Check for allocated context.

        * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().

Sat Nov  1 00:21:00 1997  Assar Westerlund  <assar@sics.se>

        * configure.in: test for readv, writev

Wed Oct 29 23:41:26 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/warn.c (_warnerr): handle the case of an illegal error
        code

        * kdc/kerberos5.c (encode_reply): return success

Wed Oct 29 18:01:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c (find_etype) Return correct index of selected
        etype.

Wed Oct 29 04:07:06 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0k

        * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
        environment variable

        * *: use the roken_get*-macros from roken.h for the benefit of
        Crays.

        * configure.in: add --{enable,disable}-otp.  check for compatible
        prototypes for gethostbyname, gethostbyaddr, getservbyname, and
        openlog (they have strange prototypes on Crays)

        * acinclude.m4: new macro `AC_PROTO_COMPAT'

Tue Oct 28 00:11:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/connect.c: Log bad requests.

        * kdc/kerberos5.c: Move stuff that's in common between as_rep and
        tgs_rep to separate functions.

        * kdc/kerberos5.c: Fix user-to-user authentication.

        * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
          - add a kdc-options argument to krb5_get_credentials, and rename
            it to krb5_get_credentials_with_flags
          - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
          - add some more user-to-user glue

        * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
        function, krb5_decrypt_ticket, so it is easier to decrypt and
        check a ticket without having an ap-req.

        * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
        flags.

        * lib/krb5/crc.c (crc_init_table): Check if table is already
        inited.

Sun Oct 26 04:51:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
        indefinite encoding.

        * lib/asn1/gen_glue.c (generate_units): Check for empty
        member-list.

Sat Oct 25 07:24:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/error/compile_et.awk: Allow specifying table-base.

Tue Oct 21 20:21:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c: Check version number of krbtgt.

Mon Oct 20 01:14:53 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
        case of unhidden prompts.

        * lib/krb5/str2key.c (string_to_key_internal): return error
        instead of aborting.  always free memory

        * admin/ktutil.c: add `help' command

        * admin/kdb_edit.c: implement new commands: add_random_key(ark),
        change_password(cpw), change_random_key(crk)

Thu Oct 16 05:16:36 1997  Assar Westerlund  <assar@sics.se>

        * kpasswd/kpasswdd.c: change all the keys in the database

        * kdc: removed all unsealing, now done by the hdb layer

        * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
        and `hdb_clear_master_key'

        * admin/misc.c: removed

Wed Oct 15 22:47:31 1997  Assar Westerlund  <assar@sics.se>

        * kuser/klist.c: print year as YYYY iff verbose

Wed Oct 15 20:02:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kuser/klist.c: print etype from ticket

Mon Oct 13 17:18:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * Release 0.0j

        * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
        used to decrypt the reply from DCE secds.

        * lib/krb5/auth_context.c: Add {get,set}enctype.

        * lib/krb5/get_cred.c: Fix for DCE secd.

        * lib/krb5/store.c: Store keytype twice, as MIT does.

        * lib/krb5/get_in_tkt.c: Use etype from reply.

Fri Oct 10 00:39:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/connect.c: check for leading '/' in http request

Tue Sep 30 21:50:18 1997  Assar Westerlund  <assar@assaris.pdc.kth.se>

        * Release 0.0i

Mon Sep 29 15:58:43 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
        the kvno or keytype before receiving the AP-REQ

        * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
        use from the keytype.

        * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
        cksumtype to use from the keytype.

        * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
        from the keytype.

        * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype

        * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
        what etype to use from the keytype.

        * lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
        handle other key types than DES

        * lib/krb5/encrypt.c (key_type): add `best_cksumtype'
        (krb5_keytype_to_cksumtype): new function

        * lib/krb5/build_auth.c (krb5_build_authenticator): figure out
        what etype to use from the keytype.

        * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
        and `enctype' to 0

        * admin/extkeytab.c (ext_keytab): extract all keys

        * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge

        * configure.in: check for <netinet6/in6.h>. check for -linet6
        
Tue Sep 23 03:00:53 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1

        * lib/krb5/rd_safe.c: fix check for keyed and collision-proof
        checksum

        * lib/krb5/context.c (valid_etype): remove hard-coded constants
        (default_etypes): include DES3

        * kdc/kerberos5.c: fix check for keyed and collision-proof
        checksum

        * admin/util.c (init_des_key, set_password): DES3 keys also

        * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
        no contact?

        * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'

Mon Sep 22 11:44:27 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
        the client is used to select wich key to encrypt the kdc rep with
        (in case of as-req), and with the server info to select the
        session key type. The server key the ticket is encrypted is based
        purely on the keys in the database.

        * kdc/string2key.c: Add keytype support. Default to version 5
        keys.

        * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.

        * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
        many *_to_* functions.

        * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
        to krb5_string_to_key().

        * lib/krb5/checksum.c: Some cleanup, and added: 
          - rsa-md5-des3 
          - hmac-sha1-des3 
          - keyed and collision proof flags to each checksum method
          - checksum<->string functions.

        * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.

Sun Sep 21 15:19:23 1997  Assar Westerlund  <assar@sics.se>

        * kdc/connect.c: use new addr_families functions

        * kpasswd/kpasswdd.c: use new addr_families functions.  Now works
        over IPv6

        * kuser/klist.c: use correct symbols for address families

        * lib/krb5/sock_principal.c: use new addr_families functions

        * lib/krb5/send_to_kdc.c: use new addr_families functions

        * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6

        * lib/krb5/get_addrs.c: use new addr_families functions

        * lib/krb5/changepw.c: use new addr_families functions.  Now works
        over IPv6

        * lib/krb5/auth_context.c: use new addr_families functions

        * lib/krb5/addr_families.c: new file

        * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6.  Updated
        uses.

        * acinclude.m4: new macro `AC_KRB_IPV6'.  Use it.

Sat Sep 13 23:04:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
        principals.

Sat Sep 13 00:59:36 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0h
        
        * appl/telnet/telnet/commands.c: AF_INET6 support

        * admin/misc.c: new file

        * lib/krb5/context.c: new configuration variable `max_retries'

        * lib/krb5/get_addrs.c: fixes and better #ifdef's

        * lib/krb5/config_file.c: implement krb5_config_get_int

        * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
        AF_INET6 support

        * kuser/klist.c: support for printing IPv6-addresses

        * kdc/connect.c: support AF_INET6

        * configure.in: test for gethostbyname2 and struct sockaddr_in6

Thu Sep 11 07:25:28 1997  Assar Westerlund  <assar@sics.se>

        * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
        PA-DATA'

Wed Sep 10 21:20:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c: Fixes for cross-realm, including (but not
        limited to):
          - allow client to be non-existant (should probably check for
            "local realm")
          - if server isn't found and it is a request for a krbtgt, try to
            find a realm on the way to the requested realm
          - update the transited encoding iff 
            client-realm != server-realm != tgt-realm

        * lib/krb5/get_cred.c: Several fixes for cross-realm.

Tue Sep  9 15:59:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/string2key.c: Fix password handling.

        * lib/krb5/encrypt.c: krb5_key_to_string

Tue Sep  9 07:46:05 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_addrs.c: rewrote.  Now should be able to handle
        aliases and IPv6 addresses

        * kuser/klist.c: try printing IPv6 addresses

        * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192

        * configure.in: check for <netinet/in6_var.h>

Mon Sep  8 02:57:14 1997  Assar Westerlund  <assar@sics.se>

        * doc: fixes

        * admin/util.c (init_des_key): increase kvno
        (set_password): return -1 if `des_read_pw_string' failed

        * admin/mod.c (doit2): check the return value from `set_password'

        * admin/ank.c (doit): don't add a new entry if `set_password'
        failed

Mon Sep  8 02:20:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/verify_init.c: fix ap_req_nofail semantics

        * lib/krb5/transited.c: something that might resemble
        domain-x500-compress

Mon Sep  8 01:24:42 1997  Assar Westerlund  <assar@sics.se>

        * kdc/hpropd.c (main): check number of arguments

        * appl/popper/pop_init.c (pop_init): check number of arguments

        * kpasswd/kpasswd.c (main): check number of arguments

        * kdc/string2key.c (main): check number of arguments

        * kuser/kdestroy.c (main): check number of arguments

        * kuser/kinit.c (main): check number of arguments

        * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
        break out of select when a signal arrives

        * kdc/main.c (main): use sigaction without SA_RESTART to break out
        of select when a signal arrives

        * kdc/kstash.c: default to HDB_DB_DIR "/m-key"

        * kdc/config.c (configure): add `--version'.  Check the number of
        arguments. Handle the case of there being no specification of port
        numbers.

        * admin/util.c: seal and unseal key at appropriate places

        * admin/kdb_edit.c (main): parse arguments, config file and read
        master key iff there's one.

        * admin/extkeytab.c (ext_keytab): unseal key while extracting

Sun Sep  7 20:41:01 1997  Assar Westerlund  <assar@sics.se>

        * lib/roken/roken.h: include <fcntl.h>

        * kdc/kerberos5.c (set_salt_padata): new function

        * appl/telnet/telnetd/telnetd.c: Rename some variables that
        conflict with cpp symbols on HP-UX 10.20

        * change all calls of `gethostbyaddr' to cast argument 1 to `const
        char *'

        * acconfig.h: only use SGTTY on nextstep

Sun Sep  7 14:33:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c: Check invalid flag.

Fri Sep  5 14:19:38 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.

        * lib/kafs: Move functions common to krb/krb5 modules to new file,
        and make things more modular.

        * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
        -> krb5_config_list

Thu Sep  4 23:39:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/get_addrs.c: Fix loopback test.

Thu Sep  4 04:45:49 1997  Assar Westerlund  <assar@sics.se>

        * lib/roken/roken.h: fallback definition of `O_ACCMODE'

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
        checking for a v4 reply

Wed Sep  3 18:20:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.

        * lib/hdb/hdb.c: new {seal,unseal}_keys functions

        * kdc/{hprop,hpropd}.c: Add support to dump database to stdout.

        * kdc/hprop.c: Don't use same master key as version 4.

        * admin/util.c: Don't dump core if no `default' is found.

Wed Sep  3 16:01:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/connect.c: Allow run time port specification.

        * kdc/config.c: Add flags for http support, and port
        specifications.

Tue Sep  2 02:00:03 1997  Assar Westerlund  <assar@sics.se>

        * include/bits.c: Don't generate ifndef's in bits.h.  Instead, use
        them when building the program.  This makes it possible to include
        bits.h without having defined all HAVE_INT17_T symbols.
        
        * configure.in: test for sigaction

        * doc: updated documentation.
        
Tue Sep  2 00:20:31 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * Release 0.0g

Mon Sep  1 17:42:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/data.c: don't return ENOMEM if len == 0

Sun Aug 31 17:15:49 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/hdb/hdb.asn1: Include salt type in salt.

        * kdc/hprop.h: Change port to 754.

        * kdc/hpropd.c: Verify who tries to transmit a database.

        * appl/popper: Use getarg and krb5_log.

        * lib/krb5/get_port.c: Add context parameter. Now takes port in
        host byte order.

Sat Aug 30 18:48:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/connect.c: Add timeout to select, and log about expired tcp
        connections.

        * kdc/config.c: Add `database' option.

        * kdc/hpropd.c: Log about duplicate entries.

        * lib/hdb/{db,ndbm}.c: Use common routines.

        * lib/hdb/common.c: Implement more generic fetch/store/delete
        functions.

        * lib/hdb/hdb.h: Add `replace' parameter to store.
        
        * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
        entries.

Fri Aug 29 03:13:23 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket

        * aux/make-proto.pl: fix __P for stone age mode

Fri Aug 29 02:45:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/45/mk_req.c: implementation of krb_mk_req that uses 524
        protocol

        * lib/krb5/init_creds_pw.c: make change_password and
        get_init_creds_common static

        * lib/krb5/krb5.h: Merge stuff from removed headerfiles.

        * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops

        * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops

Fri Aug 29 01:45:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/krb5.h: Remove all prototypes.

        * lib/krb5/convert_creds.c: Use `struct credentials' instead of
        `CREDENTIALS'.

Fri Aug 29 00:08:18 1997  Assar Westerlund  <assar@sics.se>

        * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
        and units for bit strings.

        * admin/util.c: flags2int, int2flags, and flag_units are now
        generated by asn1_compile

        * lib/roken/parse_units.c: generalised `parse_units' and
        `unparse_units' and added new functions `parse_flags' and
        `unparse_flags' that use these

        * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h

        * admin/util.c: Use {un,}parse_flags for printing and parsing
        hdbflags.

Thu Aug 28 03:26:12 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_addrs.c: restructured

        * lib/krb5/warn.c (_warnerr): leak less memory

        * lib/hdb/hdb.c (hdb_free_entry): zero keys
        (hdb_check_db_format): leak less memory

        * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
        NDBM__get, NDBM__put

        * lib/hdb/db.c (DB_seq): check for valid hdb_entries

Thu Aug 28 02:06:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.

Thu Aug 28 01:13:17 1997  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.1, klist.1, kdestroy.1: new man pages

        * kpasswd/kpasswd.1, kpasswdd.8: new man pages

        * kdc/kstash.8, hprop.8, hpropd.8: new man pages

        * admin/ktutil.8, admin/kdb_edit.8: new man pages

        * admin/mod.c: new file

        * admin/life.c: renamed gettime and puttime to getlife and putlife
        and moved them to life.c

        * admin/util.c: add print_flags, parse_flags, init_entry,
        set_created_by, set_modified_by, edit_entry, set_password.  Use
        them.

        * admin/get.c: use print_flags

        * admin: removed unused stuff.  use krb5_{warn,err}*

        * admin/ank.c: re-organized and abstracted.

        * admin/gettime.c: removed

Thu Aug 28 00:37:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.

        * lib/roken/base64.c: Add base64 functions.

        * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.

Wed Aug 27 00:29:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * include/Makefile.am: Don't make links to built files.

        * admin/kdb_edit.c: Add command to set the database path.

        * lib/hdb: Include version number in database.

Tue Aug 26 20:14:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * admin/ktutil: Merged v4 srvtab conversion.

Mon Aug 25 23:02:18 1997  Assar Westerlund  <assar@sics.se>

        * lib/roken/roken.h: add F_OK

        * lib/gssapi/acquire_creds.c: fix typo

        * configure.in: call AC_TYPE_MODE_T

        * acinclude.m4: Add AC_TYPE_MODE_T

Sun Aug 24 16:46:53 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0f

Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>

        * appl/popper/pop_pass.c: log poppers

        * kdc/kaserver.c: some more checks

        * kpasswd/kpasswd.c: removed `-p'

        * kuser/kinit.c: removed `-p'

        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
        KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
        krb-error text

        * lib/gssapi/import_name.c (input_name): more names types.

        * admin/load.c (parse_keys): handle the case of an empty salt

        * kdc/kaserver.c: fix up memory deallocation

        * kdc/kaserver.c: quick hack at talking kaserver protocol

        * kdc/kerberos4.c: Make `db-fetch4' global

        * configure.in: add --enable-kaserver

        * kdc/rx.h, kdc/kerberos4.h: new header files

        * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o

Sun Aug 24 03:52:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
        type conflicts.

        * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.

        * lib/des/{md4,md5,sha}.c: Now works on Crays.

Sat Aug 23 18:15:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * appl/afsutil/afslog.c: If no cells or files specified, get
        tokens for all local cells. Better test for files.

Thu Aug 21 23:33:38 1997  Assar Westerlund  <assar@sics.se>

        * lib/gssapi/v1.c: new file with v1 compatibility functions.

Thu Aug 21 20:36:13 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.

        * kdc/kerberos4.c: Check database when converting v4 principals.

        * kdc/kerberos5.c: Include kvno in Ticket.

        * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.

        * kuser/klist.c: Print version number of ticket, include more
        flags.

Wed Aug 20 21:26:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
        expiration.

Wed Aug 20 17:40:31 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
        there's an error.

        * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
        documentation and process KRB-ERROR's

Tue Aug 19 20:41:30 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos4.c: Fix memory leak in v4 protocol handler.

Mon Aug 18 05:15:09 1997  Assar Westerlund  <assar@sics.se>

        * lib/gssapi/accept_sec_context.c: Added
        `gsskrb5_register_acceptor_identity'

Sun Aug 17 01:40:20 1997  Assar Westerlund  <assar@sics.se>

        * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
        always pass server == NULL to krb5_rd_req.

        * lib/gssapi: new files: canonicalize_name.c export_name.c
        context_time.c compare_name.c release_cred.c acquire_cred.c
        inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>

        * lib/krb5/config_file.c: Add netinfo support from Luke Howard
        <lukeh@xedoc.com.au>

        * lib/editline/sysunix.c: sgtty-support from Luke Howard
        <lukeh@xedoc.com.au>

        * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
        Howard <lukeh@xedoc.com.au>

Sat Aug 16 00:44:47 1997  Assar Westerlund  <assar@koi.pdc.kth.se>

        * Release 0.0e

Sat Aug 16 00:23:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * appl/afsutil/afslog.c: Use new libkafs.

        * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.

        * lib/krb5/warn.c: Fix format string for *x type.

Fri Aug 15 22:15:01 1997  Assar Westerlund  <assar@sics.se>

        * admin/get.c (get_entry): print more information about the entry

        * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed

        * lib/krb5/config_file.c: new functions `krb5_config_get_time' and
        `krb5_config_vget_time'.  Use them.

Fri Aug 15 00:09:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * admin/ktutil.c: Keytab manipulation program.

        * lib/krb5/keytab.c: Return sane values from resolve and
        start_seq_get.

        * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.

        * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
        krb524_convert_creds_kdc.

        * lib/krb5/convert_creds.c: Implementation of
        krb524_convert_creds_kdc.

        * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL

        * kdc/524.c: A somewhat working 524-protocol module.

        * kdc/kerberos4.c: Add version 4 ticket encoding and encryption
        functions.

        * lib/krb5/context.c: Fix kdc_timeout.

        * lib/hdb/{ndbm,db}.c: Free name in close.

        * kdc/kerberos5.c (tgs_check_autenticator): Return error code

Thu Aug 14 21:29:03 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.

        * lib/krb5/store_emem.c: Fix reallocation bug.

Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>

        * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
        `krb5_sock_to_principal'.  Send server parameter to
        krb5_rd_req/krb5_recvauth.  Set addresses in auth_context.

        * lib/krb5/recvauth.c: Set addresses in auth_context if there
        aren't any

        * lib/krb5/auth_context.c: New function
        `krb5_auth_con_setaddrs_from_fd'

        * lib/krb5/sock_principal.c: new function
        `krb5_sock_to_principal'
        
        * lib/krb5/time.c: new file with `krb5_timeofday' and
        `krb5_us_timeofday'.  Use these functions.

        * kuser/klist.c: print KDC offset iff verbose

        * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
        [libdefaults]kdc_timesync is set.
        
        * lib/krb5/fcache.c: Implement version 4 of the ccache format.

Mon Aug 11 05:34:43 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory

        * lib/krb5/principal.c (krb5_unparse_name): allocate memory
        properly

        * kpasswd/kpasswd.c: Use `krb5_change_password'

        * lib/krb5/init_creds_pw.c (init_cred): set realm of server
        correctly.

        * lib/krb5/init_creds_pw.c: support changing of password when it
        has expired

        * lib/krb5/changepw.c: new file

        * kuser/klist.c: use getarg

        * admin/init.c (init): add `kadmin/changepw'

Mon Aug 11 04:30:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.

Mon Aug 11 00:03:24 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/config_file.c: implement support for #-comments

Sat Aug  9 02:21:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/hprop*.c: Add database propagation programs.

        * kdc/connect.c: Max request size.

Sat Aug  9 00:47:28 1997  Assar Westerlund  <assar@sics.se>

        * lib/otp: resurrected from krb4

        * appl/push: new program for fetching mail with POP.

        * appl/popper/popper.h: new include files.  new fields in `POP'

        * appl/popper/pop_pass.c: Implement both v4 and v5.

        * appl/popper/pop_init.c: Implement both v4 and v5.

        * appl/popper/pop_debug.c: use getarg.  Talk both v4 and v5

        * appl/popper: Popper from krb4.

        * configure.in: check for inline and <netinet/tcp.h> generate
        files in appl/popper, appl/push, and lib/otp

Fri Aug  8 05:51:02 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_cred.c: clean-up and try to free memory even when
        there're errors

        * lib/krb5/get_cred.c: adapt to new `extract_ticket'

        * lib/krb5/get_in_tkt.c: reorganize.  check everything and try to
        return memory even if there are errors.

        * kuser/kverify.c: new file

        * lib/krb5/free_host_realm.c: new file

        * lib/krb5/principal.c (krb5_sname_to_principal): implement
        different nametypes.  Also free memory.

        * lib/krb5/verify_init.c: more functionality

        * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum

        * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
        principals in creds.  Should also compare them with that received
        from the KDC

        * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
        krb5_ccache
        (krb5_cc_destroy): call krb5_cc_close
        (krb5_cc_retrieve_cred): delete the unused creds

Fri Aug  8 02:30:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/log.c: Allow better control of destinations of logging
        (like passing explicit destinations, and log-functions).

Fri Aug  8 01:20:39 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_default_principal.c: new file

        * kpasswd/kpasswdd.c: use krb5_log*

Fri Aug  8 00:37:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.

Fri Aug  8 00:37:17 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
        Print password expire information.

        * kdc/config.c: new variable `kdc_warn_pwexpire'

        * kpasswd/kpasswd.c: converted to getarg and get_init_creds

Thu Aug  7 22:17:09 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/mcache.c: new file

        * admin/gettime.c: new function puttime.  Use it.

        * lib/krb5/keyblock.c: Added krb5_free_keyblock and
        krb5_copy_keyblock

        * lib/krb5/init_creds_pw.c: more functionality

        * lib/krb5/creds.c: Added krb5_free_creds_contents and
        krb5_copy_creds.  Changed callers.

        * lib/krb5/config_file.c: new functions krb5_config_get and
        krb5_config_vget

        * lib/krb5/cache.c: cleanup added mcache
        
        * kdc/kerberos5.c: include last-req's of type 6 and 7, if
        applicable

Wed Aug  6 20:38:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.

Tue Aug  5 22:53:54 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
        prompter_posix.c: the beginning of an implementation of the cygnus
        initial-ticket API.

        * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global

        * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
        almost krb5_get_in_tkt but doesn't write the creds to the ccache.
        Small fixes in krb5_get_in_tkt

        * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
        loopback.

Mon Aug  4 20:20:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc: Make context global.

Fri Aug  1 17:23:56 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0d

        * lib/roken/flock.c: new file

        * kuser/kinit.c: check for and print expiry information in the
        `kdc_rep'

        * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL

        * kdc/kerberos5.c: Check the valid times on client and server.
        Check the password expiration.
        Check the require_preauth flag.
        Send an lr_type == 6 with pw_end.
        Set key.expiration to min(valid_end, pw_end)
        
        * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'

        * admin/util.c, admin/load.c: handle the new flags.

Fri Aug  1 16:56:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/hdb: Add some simple locking.

Sun Jul 27 04:44:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/log.c: Add some general logging functions.

        * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
        for this to work is that all involved principals has a des key in
        the database, and that the client has a version 4 (un-)salted
        key. Furthermore krb5_425_conv_principal has to do it's job, as
        present it's not very clever.

        * lib/krb5/principal.c: Quick patch to make 425_conv work
        somewhat.

        * lib/hdb/hdb.c: Add keytype->key and next key functions.

Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
        `cksum'.  It's allocated and freed by the caller

        * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.

        * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
        `client' to return as part of the KRB-ERROR

Thu Jul 24 08:13:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c: Unseal keys from database before use.

        * kdc/misc.c: New functions set_master_key, unseal_key and
        free_key.

        * lib/roken/getarg.c: Handle `-f arg' correctly.

Thu Jul 24 01:54:43 1997  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.c: implement `-l' aka `--lifetime'

        * lib/roken/parse_units.c, parse_time.c: new files

        * admin/gettime.c (gettime): use `parse_time'

        * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
        KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.

        * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
        addresses in auth_context bind one socket per interface.
        
        * kpasswd/kpasswd.c: use sequence numbers

        * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
        the timestamps

        * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
        from auth_context

        * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
        from auth_context

        * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
        not a comerr'd number.

        * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
        number in KRB-ERROR correctly.

        * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
        number in KRB-ERROR correctly.

        * lib/asn1/k5.asn1: Add `METHOD-DATA'

        * removed some memory leaks.

Wed Jul 23 07:53:18 1997  Assar Westerlund  <assar@sics.se>

        * Release 0.0c

        * lib/krb5/rd_cred.c, get_for_creds.c: new files

        * lib/krb5/get_host_realm.c: try default realm as last chance

        * kpasswd/kpasswdd.c: updated to hdb changes

        * appl/telnet/libtelnet/kerberos5.c: Implement forwarding

        * appl/telnet/libtelnet: removed totally unused files

        * admin/ank.c: fix prompts and generation of random keys

Wed Jul 23 04:02:32 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * admin/dump.c: Include salt in dump.

        * admin: Mostly updated for new db-format.

        * kdc/kerberos5.c: Update to use new db format. Better checking of
        flags and such. More logging.

        * lib/hdb/hdb.c: Use generated encode and decode functions.

        * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.

        * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
        in the reply.

Sun Jul 20 16:22:30 1997  Assar Westerlund  <assar@sics.se>

        * kuser/kinit.c: break if des_read_pw_string() != 0

        * kpasswd/kpasswdd.c: send a reply

        * kpasswd/kpasswd.c: restructured code.  better report on
        krb-error break if des_read_pw_string() != 0

        * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
        starttime and renew_till

        * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
        keyblock to krb5_verify_chekcsum

Sun Jul 20 06:35:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * Release 0.0b

        * kpasswd/kpasswd.c: Avoid using non-standard struct names.

Sat Jul 19 19:26:23 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
        `krb5_kt_start_seq_get'.  From <map@stacken.kth.se>

Sat Jul 19 04:07:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/asn1/k5.asn1: Update with more pa-data types from
        draft-ietf-cat-kerberos-revisions-00.txt

        * admin/load.c: Update to match current db-format.

        * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
        up. Send back an empty pa-data if the client has the v4 flag set.

        * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
        pa-data. DTRT if there is any pa-data in the reply.

        * lib/krb5/str2key.c: XOR with some sane value.

        * lib/hdb/hdb.h: Add `version 4 salted key' flag.

        * kuser/kinit.c: Ask for password before calling get_in_tkt. This
        makes it possible to call key_proc more than once.

        * kdc/string2key.c: Add flags to output version 5 (DES only),
        version 4, and AFS string-to-key of a password.

        * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
        ENOMEM).

Fri Jul 18 02:54:58 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
        name2name thing

        * kdc/misc.c: check result of hdb_open

        * admin/kdb_edit: updated to new sl

        * lib/sl: sl_func now returns an int. != 0 means to exit.

        * kpasswd/kpasswdd: A crude (but somewhat working) implementation
        of `draft-ietf-cat-kerb-chg-password-00.txt'

Fri Jul 18 00:55:39 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kuser/krenew.c: Crude ticket renewing program.

        * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
        get forwarded and renewed tickets.

        * kuser/kinit.c: Add `-r' flag.

        * lib/krb5/get_cred.c: Move most of contents of get_creds to new
        function get_kdc_cred, that always contacts the kdc and doesn't
        save in the cache. This is a hack.

        * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
        (a bit kludgy).

        * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.

        * lib/krb5/send_to_kdc.c: Get timeout from context.

        * lib/krb5/context.c: Add kdc_timeout to context struct.

Thu Jul 17 20:35:45 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kuser/klist.c: Print start time of ticket if available.

        * lib/krb5/get_host_realm.c: Return error if no realm was found.

Thu Jul 17 20:28:21 1997  Assar Westerlund  <assar@sics.se>

        * kpasswd: non-working kpasswd added

Thu Jul 17 00:21:22 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * Release 0.0a

        * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.

Wed Jul 16 03:37:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.

        * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
        subkey.

        * lib/krb5/principal.c (krb5_free_principal): Check for NULL.

        * lib/krb5/send_to_kdc.c: Check for NULL return from
        gethostbyname.

        * lib/krb5/set_default_realm.c: Try to get realm of local host if
        no default realm is available.

        * Remove non ASN.1 principal code.

Wed Jul 16 03:17:30 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
        error handing. Do some logging.

        * kdc/log.c: Some simple logging facilities.

        * kdc/misc.c (db_fetch): Take a krb5_principal.

        * kdc/connect.c: Pass address of request to as_rep and
        tgs_rep. Send KRB-ERROR.

        * lib/krb5/mk_error.c: Add more fields.

        * lib/krb5/get_cred.c: Print normal error code if no e_text is
        available.

Wed Jul 16 03:07:50 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
        Change encryption type of pa_enc_timestamp to DES-CBC-MD5

        * lib/krb5/context.c: recognize all encryption types actually
        implemented

        * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
        encryption type to `DES_CBC_MD5'

        *  lib/krb5/read_message.c, write_message.c: new files

Tue Jul 15 17:14:21 1997  Assar Westerlund  <assar@sics.se>

        * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.

        * lib/error/compile_et.awk: generate a prototype for the
        `destroy_foo_error_table' function.

Mon Jul 14 12:24:40 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
        with `kerberos.REALM'

        * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
        `max_skew'

        * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
        subkey

        * lib/krb5/build_auth.c (krb5_build_authenticator): always
        generate a subkey.

        * lib/krb5/address.c: implement `krb5_address_order'

        * lib/gssapi/import_name.c: Implement `gss_import_name'

        * lib/gssapi/external.c: Use new OID

        * lib/gssapi/encapsulate.c: New functions
        `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'.  Changed
        callers.

        * lib/gssapi/decapsulate.c: New function
        `gssaspi_krb5_verify_header'.  Changed callers.

        * lib/asn1/gen*.c: Give tags to generated structs.
        Use `err' and `asprintf'

        * appl/test/gss_common.c: new file

        * appl/test/gssapi_server.c: removed all krb5 calls

        * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
        verifying checksums.  Also start using session subkeys.

Mon Jul 14 12:08:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.

Sun Jul 13 03:07:44 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT

        * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
        `DES_encrypt_key_ivec'

        * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des

        * kdc/kerberos5.c (tgs_rep): support keyed checksums

        * lib/krb5/creds.c: new file

        * lib/krb5/get_in_tkt.c: better freeing

        * lib/krb5/context.c (krb5_free_context): more freeing

        * lib/krb5/config_file.c: New function `krb5_config_file_free'

        * lib/error/compile_et.awk: Generate a `destroy_' function.

        * kuser/kinit.c, klist.c: Don't leak memory.

Sun Jul 13 02:46:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kdc/connect.c: Check filedescriptor in select.

        * kdc/kerberos5.c: Remove most of the most common memory leaks.

        * lib/krb5/rd_req.c: Free allocated data.

        * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
        fields.

Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>

        * appl/telnet: Conditionalize the krb4-support.

        * configure.in: Test for krb4

Sat Jul 12 17:14:12 1997  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
        set the `pre_authent' flag

        * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.

        * lib/krb5/encrypt.c: Made `generate_random_block' global.

        * appl/test: Added gssapi_client and gssapi_server.

        * lib/krb5/data.c: Add `krb5_data_zero'

        * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'

        * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'

Sat Jul 12 16:45:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
        returns zero length from SIOCGIFCONF.

Sat Jul 12 16:38:34 1997  Assar Westerlund  <assar@sics.se>

        * appl/test: new programs
        
        * lib/krb5/rd_req.c: add address compare

        * lib/krb5/mk_req_ext.c: allow no checksum

        * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string

        * lib/krb5/address.c: fix `krb5_address_compare'

Sat Jul 12 15:03:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/get_addrs.c: Fix ip4 address extraction.

        * kuser/klist.c: Add verbose flag, and split main into smaller
        pieces.

        * lib/krb5/fcache.c: Save ticket flags.

        * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
        flags.

        * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.

Sat Jul 12 13:12:48 1997  Assar Westerlund  <assar@sics.se>

        * configure.in: Call `AC_KRB_PROG_LN_S'

        * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4

Sat Jul 12 00:57:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
        pass options.

Fri Jul 11 15:04:22 1997  Assar Westerlund  <assar@sics.se>

        * appl/telnet: telnet & telnetd seems to be working.
        
        * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
        krb5_config_vget_next

        * appl/telnet/libtelnet/kerberos5.c: update to current API

Thu Jul 10 14:54:39 1997  Assar Westerlund  <assar@sics.se>

        * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
        `krb5_kuserok'

        * appl/telnet: Added.

Thu Jul 10 05:09:25 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/error/compile_et.awk: Remove usage of sub, gsub, and
        functions for compatibility with awk.

        * include/bits.c: Must use signed char.

        * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
        here.

        * lib/error/error.c: Replace krb5_get_err_text with new function
        com_right.

        * lib/error/compile_et.awk: Avoid using static variables.

        * lib/error/error.c: Don't use krb5_locl.h

        * lib/error/error.h: Move definitions of error_table and
        error_list from krb5.h.

        * lib/error: Moved from lib/krb5.

Wed Jul  9 07:42:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.

Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
        according to pseudocode from 1510

Wed Jul  9 06:06:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/hdb/hdb.c: Add hdb_etype2key.

        * kdc/kerberos5.c: Check authenticator. Use more general etype
        functions.
        
Wed Jul  9 03:51:12 1997  Assar Westerlund  <assar@sics.se>

        * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
        draft-ietf-cat-kerberos-r-00.txt

        * lib/krb5/principal.c (krb5_parse_name): default to local realm
        if none given
        
        * kuser/kinit.c: New option `-p' and prompt

Wed Jul  9 02:30:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/keyblock.c: Keyblock generation functions.

        * lib/krb5/encrypt.c: Use functions from checksum.c.

        * lib/krb5/checksum.c: Move checksum functions here. Add
        krb5_cksumsize function.

Wed Jul  9 01:15:38 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/get_host_realm.c: implemented

        * lib/krb5/config_file.c: Redid part.  New functions:
        krb5_config_v?get_next

        * kuser/kdestroy.c: new program

        * kuser/kinit.c: new flag `-f'

        * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress

        * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN

        * lib/krb5/krb5.h: krb5_addresses == HostAddresses.  Changed all
        users.

        * lib/krb5/get_addrs.c: figure out all local addresses, possibly
        even IPv6!

        * lib/krb5/checksum.c: table-driven checksum

Mon Jul  7 21:13:28 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
        krb5_encrypt.

Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>

        * lib/roken/vsyslog.c: new file

        * lib/krb5/encrypt.c: add des-cbc-md4.
        adjust krb5_encrypt and krb5_decrypt to reality

Mon Jul  7 02:46:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/encrypt.c: Implement as a vector of function pointers.

        * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
        des-cbc-md5 in separate functions.

        * lib/krb5/krb5.h: Add more checksum and encryption types.

        * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.

Sun Jul  6 23:02:59 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files

        * lib/krb5/config_file.[ch]: new c-based configuration reading
        stuff

Wed Jul  2 23:12:56 1997  Assar Westerlund  <assar@sics.se>

        * configure.in: Set WFLAGS if using gcc

Wed Jul  2 17:47:03 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/asn1/der_put.c (der_put_int): Return size correctly.

        * admin/ank.c: Be compatible with the asn1 principal format.

Wed Jul  1 23:52:20 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/asn1: Now all decode_* and encode_* functions now take a
        final size_t* argument, that they return the size in. Return
        values are zero for success, and anything else (such as some
        ASN1_* constant) for error.

Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
        O_WRONLY | O_APPEND

        * lib/krb5/get_cred.c: removed stale prototype for
        `extract_ticket' and corrected call.

        * lib/asn1/gen_length.c (length_type): Make the length functions
        for SequenceOf non-destructive

        * admin/ank.c (doit): Fix reading of `y/n'.

Mon Jun 16 05:41:43 1997  Assar Westerlund  <assar@sics.se>

        * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number

        * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.

        * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
        KRB5_AUTH_CONTEXT_DO_SEQUENCE.  Verify 8003 checksum.

        * lib/gssapi/8003.c: New file.

        * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
        Authenticator.

        * lib/krb5/auth_context.c: New functions
        `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'

Tue Jun 10 00:35:54 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5: Preapre for use of some asn1-types.

        * lib/asn1/*.c (copy_*): Constness.

        * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
        octet_string.

        * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
        general_string

        * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
        have anything to do with asn1_compile.

        * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.

Sun Jun  8 03:51:55 1997  Assar Westerlund  <assar@sics.se>

        * kdc/kerberos5.c: Fix PA-ENC-TS-ENC

        * kdc/connect.c(process_request): Set `new'
        
        * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.

        * lib: Added editline,sl,roken.

Mon Jun  2 00:37:48 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/fcache.c: Move file cache from cache.c.

        * lib/krb5/cache.c: Allow more than one cache type.

Sun Jun  1 23:45:33 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * admin/extkeytab.c: Merged with kdb_edit.

Sun Jun  1 23:23:08 1997  Assar Westerlund  <assar@sics.se>

        * kdc/kdc.c: more support for ENC-TS-ENC

        * lib/krb5/get_in_tkt.c: redone to enable pre-authentication

Sun Jun  1 22:45:11 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/hdb/db.c: Merge fetch and store.

        * admin: Merge to one program.

        * lib/krb5/str2key.c: Fill in keytype and length.

Sun Jun  1 16:31:23 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
        lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
        KRB5_AUTH_CONTEXT_DO_SEQUENCE

        * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
        KRB_ERROR.  Some support for PA_ENC_TS_ENC.

        * lib/krb5/auth_context.c: implemented seq_number functions

        * lib/krb5/generate_subkey.c, generate_seq_number.c: new files

        * lib/gssapi/gssapi.h: avoid including <krb5.h>

        * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
        happy

        * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP

        * configure.in: adapted to automake 1.1p

Mon May 26 22:26:21 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/principal.c: Add contexts to many functions.

Thu May 15 20:25:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/verify_user.c: First stab at a verify user.

        * lib/auth/sia/sia5.c: SIA module for Kerberos 5.

Mon Apr 14 00:09:03 1997  Assar Westerlund  <assar@sics.se>

        * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
        able to (mostly) run gss-client and gss-server.
        
        * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
        krb5_kt_store_principal, krb5_kt_store_keyblock

        * lib/des/md5.[ch], sha.[ch]: new files

        * lib/asn1/der_get.c (generalizedtime2time): use `timegm'

        * lib/asn1/timegm.c: new file

        * admin/extkeytab.c: new program

        * admin/admin_locl.h: new file

        * admin/Makefile.am: Added extkeytab

        * configure.in: moved config to include
        removed timezone garbage
        added lib/gssapi and admin

        * Makefile.am: Added admin

Mon Mar 17 11:34:05 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/kdc.c: Use new copying functions, and free some data.

        * lib/asn1/Makefile.am: Try to not always rebuild generated files.

        * lib/asn1/der_put.c: Add fix_dce().

        * lib/asn1/der_{get,length,put}.c: Fix include files.

        * lib/asn1/der_free.c: Remove unused functions.
        
        * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
        gen_length, and gen_copy.

Sun Mar 16 18:13:52 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/sendauth.c: implemented functionality

        * lib/krb5/rd_rep.c: Use `krb5_decrypt'

        * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
        NULL

        * lib/krb5/principal.c (krb5_free_principal): added `context'
        argument.  Changed all callers.
        
        (krb5_sname_to_principal): new function

        * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
        argument.  Changed all callers

        * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files

        * lib/asn1/gen.c: Fix encoding and decoding of BitStrings

Fri Mar 14 11:29:00 1997  Assar Westerlund  <assar@sics.se>

        * configure.in: look for *dbm?

        * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
        Put trailing newline in asn1_files.

Fri Mar 14 05:06:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/get_in_tkt.c: Fix some memory leaks.

        * lib/krb5/krbhst.c: Properly free hostlist.

        * lib/krb5/decrypt.c: CRCs are 32 bits.

Fri Mar 14 04:39:15 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/asn1/gen.c: Generate one file for each type.

Fri Mar 14 04:13:47 1997  Assar Westerlund  <assar@sics.se>

        * lib/asn1/gen.c: Generate `length_FOO' functions

        * lib/asn1/der_length.c: new file

        * kuser/klist.c: renamed stime -> printable_time to avoid conflict
        on HP/UX

Fri Mar 14 03:37:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
        datums. Don't add .db to filename.

Fri Mar 14 02:49:51 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/dump.c: Database dump program.

        * kdc/ank.c: Trivial database editing program.

        * kdc/{kdc.c, load.c}: Use libhdb.

        * lib/hdb: New database routine library.

        * lib/krb5/error/Makefile.am: Add hdb_err.

Wed Mar 12 17:41:14 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.

        * lib/asn1/gen.c: Generate free functions.

        * Some specific free functions.

Wed Mar 12 12:30:13 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/krb5_mk_req_ext.c: new file

        * lib/asn1/gen.c: optimize the case with a simple type

        * lib/krb5/get_cred.c (krb5_get_credentials): Use
        `mk_req_extended' and remove old code.

        * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
        EncASRepPart, then with an EncTGSRepPart.

Wed Mar 12 08:26:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/store_emem.c: New resizable memory storage.

        * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c

        * lib/krb5/krb5.h: Add free entry to krb5_storage.

        * lib/krb5/decrypt.c: Make keyblock const.

Tue Mar 11 20:22:17 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.

        * lib/krb5/rd_req.c: Return whole asn.1 ticket in
        krb5_ticket->tkt.

        * lib/krb5/get_in_tkt.c: TGS -> AS

        * kuser/kfoo.c: Print error string rather than number.

        * kdc/kdc.c: Some kind of non-working TGS support.

Mon Mar 10 01:43:22 1997  Assar Westerlund  <assar@sics.se>

        * lib/asn1/gen.c: reduced generated code by 1/5

        * lib/asn1/der_put.c: (der_put_length_and_tag): new function

        * lib/asn1/der_get.c (der_match_tag_and_length): new function

        * lib/asn1/der.h: added prototypes

Mon Mar 10 01:15:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
        krb5_rd_req_with_keyblock.

        * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
        takes a precomputed keyblock.

        * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.

        * lib/krb5/mk_req.c: Calculate checksum of in_data.

Sun Mar  9 21:17:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/error/compile_et.awk: Add a declaration of struct
        error_list, and multiple inclusion block to header files.

Sun Mar  9 21:01:12 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_req.c: do some checks on times

        * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
        address.c}: new files

        * lib/krb5/auth_context.c: more code

        * configure.in: try to figure out timezone

Sat Mar  8 11:41:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/error/error.c: Try strerror if error code wasn't found.

        * lib/krb5/get_in_tkt.c: Remove realm parameter from
        krb5_get_salt.

        * lib/krb5/context.c: Initialize error table.

        * kdc: The beginnings of a kdc.

Sat Mar  8 08:16:28 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/rd_safe.c: new file

        * lib/krb5/checksum.c (krb5_verify_checksum): New function

        * lib/krb5/get_cred.c: use krb5_create_checksum

        * lib/krb5/checksum.c: new file

        * lib/krb5/store.c: no more arithmetic with void*

        * lib/krb5/cache.c: now seems to work again

Sat Mar  8 06:58:09 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.

        * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.

        * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
        
        * lib/krb5/{cache,keytab}.c: Use new storage functions.

        * lib/krb5/krb5.h: Protypes for new storage functions.

        * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
        data to more than file descriptors.

Sat Mar  8 01:01:17 1997  Assar Westerlund  <assar@sics.se>

        * lib/krb5/encrypt.c: New file.

        * lib/krb5/Makefile.am: More -I

        * configure.in: Test for big endian, random, rand, setitimer

        * lib/asn1/gen.c: perhaps even decodes bitstrings

Thu Mar  6 19:05:29 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

        * lib/krb5/config_file.y: Better return values on error.

Sat Feb  8 15:59:56 1997  Assar Westerlund  <assar@pdc.kth.se>

        * lib/asn1/parse.y: ifdef HAVE_STRDUP

        * lib/asn1/lex.l: ifdef strdup
        brange-dead version of list of special characters to make stupid
        lex accept it.

        * lib/asn1/gen.c: A DER integer should really be a `unsigned'

        * lib/asn1/der_put.c: A DER integer should really be a `unsigned'

        * lib/asn1/der_get.c: A DER integer should really be a `unsigned'

        * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
        needed.

        * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
        lib/krb/store.h: new files.

        * lib/krb5/keytab.c: now even with some functionality.

        * lib/asn1/gen.c: changed paramater from void * to Foo *

        * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
        string.

Sun Jan 19 06:17:39 1997  Assar Westerlund  <assar@pdc.kth.se>

        * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
        cc before getting new ones.

        * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.

        * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
        CRC should be stored LSW first. (?)

        * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
        `krb5_free_keyblock'

        * lib/**/Makefile.am: Rename foo libfoo.a

        * include/Makefile.in: Use test instead of [
        -e does not work with /bin/sh on psoriasis

        * configure.in: Search for awk
        create lib/krb/error/compile_et
        
Tue Jan 14 03:46:26 1997  Assar Westerlund  <assar@pdc.kth.se>

        * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c

Wed Dec 18 00:53:55 1996  Johan Danielsson  <joda@emma.pdc.kth.se>

        * kuser/kinit.c: Guess principal.

        * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
        warnings.

        * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.

        * lib/krb5/mk_req.c: Get client from cache.

        * lib/krb5/cache.c: Add better error checking some useful return
        values.

        * lib/krb5/krb5.h: Fix krb5_auth_context.

        * lib/asn1/der.h: Make krb5_data compatible with krb5.h

Tue Dec 17 01:32:36 1996  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/error: Add primitive error library.

Mon Dec 16 16:30:20 1996  Johan Danielsson  <joda@emma.pdc.kth.se>

        * lib/krb5/cache.c: Get correct address type from cache.

        * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.