xref: /freebsd/crypto/heimdal/ChangeLog (revision 77a0943ded95b9e6438f7db70c4a28e4d93946d4)

2000-02-20  Assar Westerlund  <assar@sics.se>

	* Release 0.2p

2000-02-19  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: set version to 9:1:0

	* lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
	that realms is filled in even when getaddrinfo fails or does not
	return any canonical name

	* kdc/connect.c (descr): add sockaddr and string representation
	(*): re-write to use the above mentioned

2000-02-16  Assar Westerlund  <assar@sics.se>

	* lib/krb5/addr_families.c (krb5_parse_address): use
	krb5_sockaddr2address to copy the result from getaddrinfo.

2000-02-14  Assar Westerlund  <assar@sics.se>

	* Release 0.2o

2000-02-13  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: set version to 9:0:0

	* kdc/kaserver.c (do_authenticate): return the kvno of the server
	and not the client.  Thanks to Brandon S. Allbery KF8NH
	<allbery@kf8nh.apk.net> and Chaskiel M Grundman
	<cg2v@andrew.cmu.edu> for debugging.

	* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
	old kvno, return an error reply and write a message in the log.

2000-02-12  Assar Westerlund  <assar@sics.se>

	* appl/test/gssapi_server.c (proto): with `--fork', create a child
	and send over/receive creds with export/import_sec_context
	* appl/test/gssapi_client.c (proto): with `--fork', create a child
	and send over/receive creds with export/import_sec_context
	* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)

2000-02-11  Assar Westerlund  <assar@sics.se>

	* kdc/kdc_locl.h: remove keyfile add explicit_addresses
	* kdc/connect.c (init_sockets): pay attention to
	explicit_addresses some more comments.  better error messages.
	* kdc/config.c: add some comments.
	remove --key-file.
	add --addresses.

	* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
	proper abstraction

2000-02-07  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec

2000-02-07  Assar Westerlund  <assar@sics.se>

	* Release 0.2n

2000-02-07  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: set version to 8:0:0
	* lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
	(krb5_kt_add_entry): set timestamp

2000-02-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5.h: add macros for accessing krb5_realm
	* lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
	of `int32_t'

	* lib/krb5/replay.c (checksum_authenticator): update to new API
	for md5

	* lib/krb5/krb5.h: remove des.h, it's not needed and applications
	should not have to make sure to find it.

2000-02-03  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
	`out_key' to avoid conflicting with label.  reported by Sean Doran
	<smd@ebone.net>

2000-02-02  Assar Westerlund  <assar@sics.se>

	* lib/krb5/expand_hostname.c: remember to lower-case host names.
	bug reported by <amu@mit.edu>

	* kdc/kerberos4.c (do_version4): look at check_ticket_addresses
	and emulate that by setting krb_ignore_ip_address (not a great
	interface but it doesn't seem like the time to go around fixing
	libkrb stuff now)

2000-02-01  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.c: change --noaddresses into --no-addresses

2000-01-28  Assar Westerlund  <assar@sics.se>

	* kpasswd/kpasswd.c (main): make sure the ticket is not
	forwardable and not proxiable

2000-01-26  Assar Westerlund  <assar@sics.se>

	* lib/krb5/crypto.c: update to pseudo-standard APIs for
	md4,md5,sha.  some changes to libdes calls to make them more
	portable.

2000-01-21  Assar Westerlund  <assar@sics.se>

	* lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
 	clean up the correct creds.

2000-01-16  Assar Westerlund  <assar@sics.se>

	* lib/krb5/principal.c (append_component): change parameter to
	`const char *'.  check malloc
	* lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
	const-ize
	* lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
	const
	* lib/krb5/principal.c (replace_chars): also add space here
	* lib/krb5/principal.c: (quotable_chars): add space

2000-01-12  Assar Westerlund  <assar@sics.se>

	* kdc/kerberos4.c (do_version4): check if preauth was required and
	bail-out if so since there's no way that could be done in v4.
	Return NULL_KEY as an error to the client (which is non-obvious,
	but what can you do?)

2000-01-09  Assar Westerlund  <assar@sics.se>

	* lib/krb5/principal.c (krb5_sname_to_principal): use
	krb5_expand_hostname_realms
	* lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
	variant of krb5_expand_hostname that tries until it expands into
	something that's digestable by krb5_get_host_realm, returning also
	the result from that function.

2000-01-08  Assar Westerlund  <assar@sics.se>

	* Release 0.2m

2000-01-08  Assar Westerlund  <assar@sics.se>

	* configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN

	* lib/krb5/Makefile.am: bump version to 7:1:0

	* lib/krb5/principal.c (krb5_sname_to_principal): use
	krb5_expand_hostname
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
	ai_canonname being set in any of the addresses returnedby
	getaddrinfo.  glibc apparently returns the reverse lookup of every
	address in ai_canonname.

2000-01-06  Assar Westerlund  <assar@sics.se>

	* Release 0.2l

2000-01-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: set version to 7:0:0
	* lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'

	* lib/hdb/Makefile.am: set version to 4:1:1

	* kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
	* lib/krb5/get_in_tkt.c (add_padata): change types to make
	everything work out
	(krb5_get_in_cred): remove const to make types match
	* lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
	* lib/krb5/principal.c (krb5_sname_to_principal): handle not
	getting back a canonname

2000-01-06  Assar Westerlund  <assar@sics.se>

	* Release 0.2k

2000-01-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
	we actually parse the port number.  based on a patch from Leif
	Johansson <leifj@it.su.se>

2000-01-02  Assar Westerlund  <assar@sics.se>

	* admin/purge.c: remove all non-current and old entries from a
	keytab

	* admin: break up ktutil.c into files

	* admin/ktutil.c (list): support --verbose (also listning time
	stamps)
	(kt_add, kt_get): set timestamp in newly created entries
	(kt_change): add `change' command

	* admin/srvconvert.c (srvconv): set timestamp in newly created
	entries
	* lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
	always go the a predicatble position on error
	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
	* lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
	(fkt_next_entry_int): return timestamp
	* lib/krb5/krb5.h (krb5_keytab_entry): add timestamp

1999-12-30  Assar Westerlund  <assar@sics.se>

	* configure.in (krb4): use `-ldes' in tests

1999-12-26  Assar Westerlund  <assar@sics.se>

	* lib/hdb/print.c (event2string): handle events without principal.
  	From Luke Howard <lukeh@PADL.COM>

1999-12-25  Assar Westerlund  <assar@sics.se>

	* Release 0.2j

Tue Dec 21 18:03:17 1999  Assar Westerlund  <assar@sics.se>

	* lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
 	related systems

	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
 	related systems

	* include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
 	related systems

1999-12-20  Assar Westerlund  <assar@sics.se>

	* Release 0.2i

1999-12-20  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1

	* lib/krb5/send_to_kdc.c (send_via_proxy): free data
	* lib/krb5/send_to_kdc.c (send_via_proxy): new function use
	getaddrinfo instead of gethostbyname{,2}
	* lib/krb5/get_for_creds.c: use getaddrinfo instead of
	getnodebyname{,2}

1999-12-17  Assar Westerlund  <assar@sics.se>

	* Release 0.2h

1999-12-17  Assar Westerlund  <assar@sics.se>

	* Release 0.2g

1999-12-16  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: bump version to 6:2:1

	* lib/krb5/principal.c (krb5_sname_to_principal): handle
	ai_canonname not being set
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
	ai_canonname not being set

	* appl/test/uu_server.c: print messages to stderr
	* appl/test/tcp_server.c: print messages to stderr
	* appl/test/nt_gss_server.c: print messages to stderr
	* appl/test/gssapi_server.c: print messages to stderr

	* appl/test/tcp_client.c (proto): remove shadowing `context'
	* appl/test/common.c (client_doit): add forgotten ntohs

1999-12-13  Assar Westerlund  <assar@sics.se>

	* configure.in (VERISON): bump to 0.2g-pre

1999-12-12  Assar Westerlund  <assar@sics.se>

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
 	robust and handle extra dot at the beginning of default_domain

1999-12-12  Assar Westerlund  <assar@sics.se>

	* Release 0.2f

1999-12-12  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: bump version to 6:1:1

	* lib/krb5/changepw.c (get_kdc_address): use
 	`krb5_get_krb_changepw_hst'

	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add

	* lib/krb5/get_host_realm.c: add support for _kerberos.domain
 	(according to draft-ietf-cat-krb-dns-locate-01.txt)

1999-12-06  Assar Westerlund  <assar@sics.se>

	* Release 0.2e

1999-12-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/changepw.c (krb5_change_password): use the correct
 	address

	* lib/krb5/Makefile.am: bump version to 6:0:1

	* lib/asn1/Makefile.am: bump version to 1:4:0

1999-12-04  Assar Westerlund  <assar@sics.se>

	* configure.in: move AC_KRB_IPv6 to make sure it's performed
 	before AC_BROKEN
	(el_init): use new feature of AC_FIND_FUNC_NO_LIBS

	* appl/test/uu_client.c: use client_doit
	* appl/test/test_locl.h (client_doit): add prototype
	* appl/test/tcp_client.c: use client_doit
	* appl/test/nt_gss_client.c: use client_doit
	* appl/test/gssapi_client.c: use client_doit
	* appl/test/common.c (client_doit): move identical code here and
	start using getaddrinfo

	* appl/kf/kf.c (doit): rewrite to use getaddrinfo
	* kdc/hprop.c: re-write to use getaddrinfo
	* lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): use
	getaddrinfo
	* lib/krb5/changepw.c: re-write to use getaddrinfo
	* lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo

1999-12-03  Assar Westerlund  <assar@sics.se>

	* configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
	getnameinfo, gai_strerror
	(socklen_t): check for

1999-12-02  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key

1999-11-23  Assar Westerlund  <assar@sics.se>

	* lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
 	within unicode characters.  this should probably be done in some
 	arbitrarly complex way to do it properly and you would have to
 	know what character encoding was used for the password and salt
 	string.

	* lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
	(INADDR_ANY)
	(ipv6_uninteresting): remove unused macro

1999-11-22  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.h: rc4->arcfour

	* lib/krb5/crypto.c: rc4->arcfour

1999-11-17  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5_locl.h: add <rc4.h>
	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
	* lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
	not be totally different from some small company up in the
	north-west corner of the US

	* lib/krb5/get_addrs.c (find_all_addresses): change code to
 	actually increment buf_size

1999-11-14  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
 	scanning optional
	* lib/krb5/context.c (init_context_from_config_file): set
 	`scan_interfaces'

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
	* lib/krb5/add_et_list.c (krb5_add_et_list): new function

1999-11-12  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_default_realm.c (krb5_get_default_realm,
	krb5_get_default_realms): set realms if they were unset
	* lib/krb5/context.c (init_context_from_config_file): don't
	initialize default realms here.  it's done lazily instead.

	* lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
	* lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
	bit constants are unsigned
	* lib/asn1/gen.c (define_type): make length in sequences be
	unsigned.

	* configure.in: remove duplicate test for setsockopt test for
	struct tm.tm_isdst

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
	preauthentication information if we get back ERR_PREAUTH_REQUIRED
	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
	preauthentication generation code.  it's now in krb5_get_in_cred

	* configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
	tm.tm_gmtoff and timezone

1999-11-11  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/main.c: make this work with multi-db

	* kdc/kdc_locl.h: make this work with multi-db

	* kdc/config.c: make this work with multi-db

1999-11-09  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/misc.c: update for multi-database code

	* kdc/main.c: update for multi-database code

	* kdc/kdc_locl.h: update

	* kdc/config.c: allow us to have more than one database

1999-11-04  Assar Westerlund  <assar@sics.se>

	* Release 0.2d

	* lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
 	(krb5_context_data has changed and some code do (might) access
 	fields directly)

	* lib/krb5/krb5.h (krb5_context_data): add `etypes_des'

	* lib/krb5/get_cred.c (init_tgs_req): use
 	krb5_keytype_to_enctypes_default

	* lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
 	function

	* lib/krb5/context.c (set_etypes): new function
	(init_context_from_config_file): set both `etypes' and `etypes_des'

1999-11-02  Assar Westerlund  <assar@sics.se>

	* configure.in (VERSION): bump to 0.2d-pre

1999-10-29  Assar Westerlund  <assar@sics.se>

	* lib/krb5/principal.c (krb5_parse_name): check memory allocations

1999-10-28  Assar Westerlund  <assar@sics.se>

	* Release 0.2c

	* lib/krb5/dump_config.c (print_tree): check for empty tree

	* lib/krb5/string-to-key-test.c (tests): update the test cases
 	with empty principals so that they actually use an empty realm and
 	not the default.  use the correct etype for 3DES

	* lib/krb5/Makefile.am: bump version to 4:1:0

	* kdc/config.c (configure): more careful with the port string

1999-10-26  Assar Westerlund  <assar@sics.se>

	* Release 0.2b

1999-10-20  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: bump version to 4:0:0
 	(krb524_convert_creds_kdc and potentially some other functions
 	have changed prototypes)

	* lib/hdb/Makefile.am: bump version to 4:0:1

	* lib/asn1/Makefile.am: bump version to 1:3:0

	* configure.in (LIB_roken): add dbopen.  getcap in roken
 	references dbopen and with shared libraries we need to add this
 	dependency.

	* lib/krb5/verify_krb5_conf.c (main): support speicifying the
 	configuration file to test on the command line

	* lib/krb5/config_file.c (parse_binding): handle line with no
 	whitespace before =
	(krb5_config_parse_file_debug): set lineno earlier so that we don't
	use it unitialized

	* configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
 	more include files for these tests

	* lib/krb5/set_default_realm.c (krb5_set_default_realm): use
 	krb5_config_get_strings, which means that your configuration file
 	should look like:

	[libdefaults]
	  default_realm = realm1 realm2 realm3

	* lib/krb5/set_default_realm.c (config_binding_to_list): fix
 	copy-o.  From Michal Vocu <michal@karlin.mff.cuni.cz>

	* kdc/config.c (configure): add a missing strdup.  From Michal
 	Vocu <michal@karlin.mff.cuni.cz>

1999-10-17  Assar Westerlund  <assar@sics.se>

	* Release 0.2a

	* configure.in: only test for db.h with using berkeley_db. remember
 	to link with LIB_tgetent when checking for el_init. add xnlock

	* appl/Makefile.am: add xnlock

	* kdc/kerberos5.c (find_etype): support null keys

	* kdc/kerberos4.c (get_des_key): support null keys

	* lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
 	calculation

1999-10-16  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc

1999-10-12  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning

1999-10-10  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm

	* lib/krb5/krb5.h (krb5_ccache_data): make `ops' const

	* lib/krb5/crypto.c (krb5_string_to_salttype): new function

	* **/*.[ch]: const-ize

1999-10-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/creds.c (krb5_compare_creds): const-ify

	* lib/krb5/cache.c: clean-up and comment-up

	* lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
 	strings

	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
 	correct realm part

	* kdc/connect.c (handle_tcp): things work much better when ret is
 	initialized

1999-10-03  Assar Westerlund  <assar@sics.se>

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
 	type of the session key

	* lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
 	correctly

	* lib/krb5/creds.c (krb5_compare_creds): fix spelling of
 	krb5_enctypes_compatible_keys

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
 	credentials from the KDC if the existing one doesn't have a DES
 	session key.

	* lib/45/get_ad_tkt.c (get_ad_tkt): update to new
 	krb524_convert_creds_kdc

1999-10-03  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c: make krb5_akf_ops const

	* lib/krb5/keytab_memory.c: make krb5_mkt_ops const

	* lib/krb5/keytab_file.c: make krb5_fkt_ops const

1999-10-01  Assar Westerlund  <assar@sics.se>

	* lib/krb5/config_file.c: rewritten to allow error messages

	* lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
	(libkrb5_la_SOURCES): add config_file_netinfo.c

	* lib/krb5/verify_krb5_conf.c: new program for verifying that
	krb5.conf is corret

	* lib/krb5/config_file_netinfo.c: moved netinfo code here from
 	config_file.c

1999-09-28  Assar Westerlund  <assar@sics.se>

	* kdc/hpropd.c (dump_krb4): kludge default_realm

	* lib/asn1/check-der.c: add test cases for Generalized time and
 	make sure we return the correct value

	* lib/asn1/der_put.c: simplify by using der_put_length_and_tag

	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
 	krb5_verify_user that tries in all the local realms

	* lib/krb5/set_default_realm.c: add support for having several
 	default realms

	* lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'

	* lib/krb5/get_default_realm.c (krb5_get_default_realms): add

	* lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
 	`default_realms'

	* lib/krb5/context.c: change from `default_realm' to
 	`default_realms'

	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
 	krb5_get_default_realms

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c

	* lib/krb5/copy_host_realm.c: new file

1999-09-27  Johan Danielsson  <joda@pdc.kth.se>

	* lib/asn1/der_put.c (encode_generalized_time): encode length

	* lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
	that allows more intelligent matching of the application version

1999-09-26  Assar Westerlund  <assar@sics.se>

	* lib/asn1/asn1_print.c: add err.h

	* kdc/config.c (configure): use parse_bytes

	* appl/test/nt_gss_common.c: use the correct header file

1999-09-24  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/klist.c: add a `--cache' flag

	* kuser/kinit.c (main): only get default value for `get_v4_tgt' if
	it's explicitly set in krb5.conf

1999-09-23  Assar Westerlund  <assar@sics.se>

	* lib/asn1/asn1_print.c (tag_names); add another univeral tag

	* lib/asn1/der.h: update universal tags

1999-09-22  Assar Westerlund  <assar@sics.se>

	* lib/asn1/asn1_print.c (loop): print length of octet string

1999-09-21  Johan Danielsson  <joda@pdc.kth.se>

	* admin/ktutil.c (kt_get): add `--help'

1999-09-21  Assar Westerlund  <assar@sics.se>

	* kuser/Makefile.am: add kdecode_ticket

	* kuser/kdecode_ticket.c: new debug program

	* appl/test/nt_gss_server.c: new program to test against `Sample *
 	SSPI Code' in Windows 2000 RC1 SDK.

	* appl/test/Makefile.am: add nt_gss_client and nt_gss_server

	* lib/asn1/der_get.c (decode_general_string): remember to advance
 	ret over the length-len

	* lib/asn1/Makefile.am: add asn1_print

	* lib/asn1/asn1_print.c: new program for printing DER-structures

	* lib/asn1/der_put.c: make functions more consistent

	* lib/asn1/der_get.c: make functions more consistent

1999-09-20  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/kerberos5.c: be more informative in pa-data error messages

1999-09-16  Assar Westerlund  <assar@sics.se>

	* configure.in: test for strlcpy, strlcat

1999-09-14  Assar Westerlund  <assar@sics.se>

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
 	KRB5_LIBOS_PWDINTR when interrupted

	* lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
 	value from des_read_pw_string

	* kuser/kinit.c (main): don't print any error if reading the
 	password was interrupted

	* kpasswd/kpasswd.c (main): don't print any error if reading the
 	password was interrupted

	* kdc/string2key.c (main): check the return value from fgets

	* kdc/kstash.c (main): check return value from des_read_pw_string

	* admin/ktutil.c (kt_add): check the return-value from fgets and
 	overwrite the password for paranoid reasons

	* lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
 	newline if it's there

1999-09-13  Assar Westerlund  <assar@sics.se>

	* kdc/hpropd.c (main): remove bogus error with `--print'.  remove
 	sysloging of number of principals transferred

	* kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
 	principals
	(main): get rid of bogus opening of hdb database when propagating
	ka-server database

1999-09-12  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5_locl.h (O_BINARY): add fallback definition

	* lib/krb5/krb5.h (krb5_context_data): add keytab types

	* configure.in: revert back awk test, not worked around in
 	roken.awk

	* lib/krb5/keytab_krb4.c: remove O_BINARY

	* lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's.  From
	Love <lha@e.kth.se>

	* lib/krb5/keytab_file.c: remove O_BINARY

	* lib/krb5/keytab.c: move the list of keytab types to the context

	* lib/krb5/fcache.c: remove O_BINARY

	* lib/krb5/context.c (init_context_from_config_file): register all
 	standard cache and keytab types
	(krb5_free_context): free `kt_types'

	* lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
 	standard types of credential caches to context

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c

1999-09-10  Assar Westerlund  <assar@sics.se>

	* lib/krb5/keytab.c: add comments and clean-up

	* admin/ktutil.c: add `ktutil copy'

	* lib/krb5/keytab_krb4.c: new file

	* lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field

	* lib/krb5/Makefile.am: add keytab_krb4.c

	* lib/krb5/keytab.c: add krb4 and correct some if's

	* admin/srvconvert.c (srvconv): move common code

	* lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables

	* lib/krb5/keytab.c: move out file and memory functions

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
 	keytab_memory.c

	* lib/krb5/keytab_memory.c: new file

	* lib/krb5/keytab_file.c: new file

	* kpasswd/kpasswdd.c: move out password quality functions

1999-09-07  Assar Westerlund  <assar@sics.se>

	* lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c.  From
 	Love <lha@e.kth.se>

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
 	return value from `krb5_sendto_kdc'

1999-09-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
 	remove the sending of data.  add a parameter `limit'.  let callers
 	send the date themselves (and preferably with net_write on tcp
 	sockets)
	(send_and_recv_tcp): read first the length field and then only that
	many bytes

1999-09-05  Assar Westerlund  <assar@sics.se>

	* kdc/connect.c (handle_tcp): try to print warning `TCP data of
 	strange type' less often

	* lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
  	return on EOF.  always free data.  check return value from
 	realloc.
	(send_and_recv_tcp, send_and_recv_http): check advertised length
	against actual length

1999-09-01  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: check for sgi capabilities

1999-08-27  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
	extra addresses

	* kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
	add --realm flag

	* lib/krb5/address.c (krb5_append_addresses): remove duplicates

1999-08-26  Johan Danielsson  <joda@pdc.kth.se>

	* lib/hdb/keytab.c: HDB keytab backend

1999-08-25  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab.c
	(krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
	pointer

1999-08-24  Johan Danielsson  <joda@pdc.kth.se>

	* kpasswd/kpasswdd.c: add `--keytab' flag

1999-08-23  Assar Westerlund  <assar@sics.se>

	* lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
 	instead of the non-standard `s6_addr32'.  From Yoshinobu Inoue
 	<shin@kame.net> by way of the KAME repository

1999-08-18  Assar Westerlund  <assar@sics.se>

	* configure.in (--enable-new-des3-code): remove check for `struct
 	addrinfo'

	* lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
 	des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
 	compatability

	* lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
 	derivation) just got assigned etype 16 by <bcn@isi.edu>.  keep the
 	old etype at 7.

1999-08-16  Assar Westerlund  <assar@sics.se>

	* lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
 	krb5_net_read actually returns -1

	* lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
 	krb5_net_read actually returns -1

	* appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
 	returned -1

	* appl/test/tcp_server.c (proto): only trust errno if
 	krb5_net_read actually returns -1

	* appl/kf/kfd.c (proto): be more careful with the return value
 	from krb5_net_read

1999-08-13  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_addrs.c (get_addrs_int): try the different ways
 	sequentially instead of just one.  this helps if your heimdal was
 	built with v6-support but your kernel doesn't have it, for
 	example.

1999-08-12  Assar Westerlund  <assar@sics.se>

	* kdc/hpropd.c: add inetd flag.  default means try to figure out
 	if stdin is a socket or not.

	* Makefile.am (ACLOCAL): just use `cf', this variable is only used
 	when the current directory is $(top_srcdir) anyways and having
 	$(top_srcdir) there breaks if it's a relative path

1999-08-09  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: check for setproctitle

1999-08-05  Assar Westerlund  <assar@sics.se>

	* lib/krb5/principal.c (krb5_sname_to_principal): remember to call
 	freehostent

	* appl/test/tcp_client.c: call freehostent

	* appl/kf/kf.c (doit): call freehostent

	* appl/kf/kf.c: make v6 friendly and simplify

	* appl/kf/kfd.c: make v6 friendly and simplify

	* appl/test/tcp_server.c: simplify by using krb5_err instead of
 	errx

	* appl/test/tcp_client.c: simplify by using krb5_err instead of
 	errx

	* appl/test/tcp_server.c: make v6 friendly and simplify

	* appl/test/tcp_client.c: make v6 friendly and simplify

1999-08-04  Assar Westerlund  <assar@sics.se>

	* Release 0.1m

1999-08-04  Assar Westerlund  <assar@sics.se>

	* kuser/kinit.c (main): some more KRB4-conditionalizing

	* lib/krb5/get_in_tkt.c: type correctness

	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
 	flags.  From Miroslav Ruda <ruda@ics.muni.cz>

	* kuser/kinit.c (main): add config file support for forwardable
 	and krb4 support.  From Miroslav Ruda <ruda@ics.muni.cz>

	* kdc/kerberos5.c (as_rep): add an empty X500-compress string as
 	transited.
	(fix_transited_encoding): check length.
	From Miroslav Ruda <ruda@ics.muni.cz>

	* kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
 	principals in some other realm. From Miroslav Ruda
 	<ruda@ics.muni.cz>
	(main): rename sa_len -> sin_len, sa_lan is a define on some
	platforms.

	* appl/kf/kfd.c: add regpag support. From Miroslav Ruda
 	<ruda@ics.muni.cz>

	* appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
  	From Miroslav Ruda <ruda@ics.muni.cz>

	* lib/krb5/config_file.c (parse_list): don't run past end of line

	* appl/test/gss_common.h: new prototypes

	* appl/test/gssapi_client.c: use gss_err instead of abort

	* appl/test/gss_common.c (gss_verr, gss_err): add

1999-08-03  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
 	otherwise it doesn't build with shared libraries

	* kdc/hpropd.c: v6-ify

	* kdc/hprop.c: v6-ify

1999-08-01  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname

1999-07-31  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
 	function that takes a FQDN

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c

	* lib/krb5/expand_hostname.c: new file

1999-07-28  Assar Westerlund  <assar@sics.se>

	* Release 0.1l

1999-07-28  Assar Westerlund  <assar@sics.se>

	* lib/asn1/Makefile.am: bump version to 1:2:0

	* lib/krb5/Makefile.am: bump version to 3:1:0

	* configure.in: more inet_pton to roken

	* lib/krb5/principal.c (krb5_sname_to_principal): use
 	getipnodebyname

1999-07-26  Assar Westerlund  <assar@sics.se>

	* Release 0.1k

1999-07-26  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/Makefile.am: bump version number (changed function
	signatures)

	* lib/hdb/Makefile.am: bump version number (changes to some
	function signatures)

1999-07-26  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: bump version to 3:0:2

	* lib/hdb/Makefile.am: bump version to 2:1:0

	* lib/asn1/Makefile.am: bump version to 1:1:0

1999-07-26  Assar Westerlund  <assar@sics.se>

	* Release 0.1j

1999-07-26  Assar Westerlund  <assar@sics.se>

	* configure.in: rokenize inet_ntop

	* lib/krb5/store_fd.c: lots of changes from size_t to ssize_t

	* lib/krb5/store_mem.c: lots of changes from size_t to ssize_t

	* lib/krb5/store_emem.c: lots of changes from size_t to ssize_t

	* lib/krb5/store.c: lots of changes from size_t to ssize_t
	(krb5_ret_stringz): check return value from realloc

	* lib/krb5/mk_safe.c: some type correctness

	* lib/krb5/mk_priv.c: some type correctness

	* lib/krb5/krb5.h (krb5_storage): change return values of
	functions from size_t to ssize_t

1999-07-24  Assar Westerlund  <assar@sics.se>

	* Release 0.1i

	* configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
 	in lib/roken/roken.awk

	* lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
 	step over addresses if there's no `sa_lan' field

	* lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
 	using `struct sockaddr_storage'

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
 	`struct sockaddr_storage'

	* lib/krb5/changepw.c (krb5_change_password): simplify by using
 	`struct sockaddr_storage'

	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
 	simplify by using `struct sockaddr_storage'

	* kpasswd/kpasswdd.c (*): simplify by using `struct
 	sockaddr_storage'

	* kdc/connect.c (*): simplify by using `struct sockaddr_storage'

	* configure.in (sa_family_t): just test for existence
	(sockaddr_storage): also specify include file

	* configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
	(sa_family_t): test for
	(struct	sockaddr_storage): test for

	* kdc/hprop.c (propagate_database): typo, NULL should be
 	auth_context

	* lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
 	AF_INET6

	* appl/kf/kf.c (main): use warnx

	* appl/kf/kf.c (proto): remove shadowing context

	* lib/krb5/get_addrs.c (find_all_addresses): try to handle the
 	case of getting back an `sockaddr_in6' address when sizeof(struct
 	sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
 	tell us how large the address is.  This obviously doesn't work
 	with unknown protocol types.

1999-07-24  Assar Westerlund  <assar@sics.se>

	* Release 0.1h

1999-07-23  Assar Westerlund  <assar@sics.se>

	* appl/kf/kfd.c: clean-up and more paranoia

	* etc/services.append: add kf

	* appl/kf/kf.c: rename tk_file to ccache for consistency.  clean-up

1999-07-22  Assar Westerlund  <assar@sics.se>

	* lib/krb5/n-fold-test.c (main): print the correct data

	* appl/Makefile.am (SUBDIRS): add kf

	* appl/kf: new program.  From Miroslav Ruda <ruda@ics.muni.cz>

	* kdc/hprop.c: declare some variables unconditionally to simplify
 	things

	* kpasswd/kpasswdd.c: initialize kadm5 connection for every change
 	(otherwise the modifier in the database doesn't get set)

	* kdc/hpropd.c: clean-up and re-organize

	* kdc/hprop.c: clean-up and re-organize

 	* configure.in (SunOS): define to xy for SunOS x.y

1999-07-19  Assar Westerlund  <assar@sics.se>

	* configure.in (AC_BROKEN): test for copyhostent, freehostent,
 	getipnodebyaddr, getipnodebyname

1999-07-15  Assar Westerlund  <assar@sics.se>

	* lib/asn1/check-der.c: more test cases for integers

	* lib/asn1/der_length.c (length_int): handle the case of the
 	largest negative integer by not calling abs

1999-07-14  Assar Westerlund  <assar@sics.se>

	* lib/asn1/check-der.c (generic_test): check malloc return value
 	properly

	* lib/krb5/Makefile.am: add string_to_key_test

	* lib/krb5/prog_setup.c (krb5_program_setup): always initialize
 	the context

	* lib/krb5/n-fold-test.c (main): return a relevant return value

	* lib/krb5/krbhst.c: do SRV lookups for admin server as well.
  	some clean-up.

1999-07-12  Assar Westerlund  <assar@sics.se>

	* configure.in: handle not building X programs

1999-07-06  Assar Westerlund  <assar@sics.se>

	* lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
 	variable
	(ipv6_sockaddr2port): fix typo

	* etc/services.append: beginning of a file with services

	* lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
 	there's no prefix.  also clean-up a little bit.

	* kdc/hprop.c (--kaspecials): new flag for handling special KA
 	server entries.  From "Brandon S. Allbery KF8NH"
 	<allbery@kf8nh.apk.net>

1999-07-05  Assar Westerlund  <assar@sics.se>

	* kdc/connect.c (handle_tcp): make sure we have data before
 	starting to look for HTTP

	* kdc/connect.c (handle_tcp): always do getpeername, we can't
 	trust recvfrom to return anything sensible

1999-07-04  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
 	all enctypes

	* kpasswd/kpasswdd.c (change): fetch the salt-type from the entry

	* admin/srvconvert.c (srvconv): better error messages

1999-07-03  Assar Westerlund  <assar@sics.se>

	* lib/krb5/principal.c (unparse_name): error check malloc properly

	* lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
 	properly

	* lib/krb5/crypto.c (*): do some malloc return-value checks
 	properly

	* lib/hdb/hdb.c (hdb_process_master_key): simplify by using
 	krb5_data_alloc

	* lib/hdb/hdb.c (hdb_process_master_key): check return value from
 	malloc

	* lib/asn1/gen_decode.c (decode_type): fix generation of decoding
 	information for TSequenceOf.

	* kdc/kerberos5.c (get_pa_etype_info): check return value from
 	malloc

1999-07-02  Assar Westerlund  <assar@sics.se>

	* lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
 	0 and malloc returns NULL

1999-06-29  Assar Westerlund  <assar@sics.se>

	* lib/krb5/addr_families.c (ipv6_parse_addr): implement

1999-06-24  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
 	as an addrport one

	* lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
 	add
	(krb5_auth_context): add local and remote port

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
 	local and remote address and add them to the krb-cred packet

	* lib/krb5/auth_context.c: save the local and remove ports in the
 	auth_context

	* lib/krb5/address.c (krb5_make_addrport): create an address of
 	type KRB5_ADDRESS_ADDRPORT from (addr, port)

	* lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
 	grabbing the port number out of the sockaddr

1999-06-23  Assar Westerlund  <assar@sics.se>

	* admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
  	increase possible verbosity.

	* lib/krb5/config_file.c (parse_list): handle blank lines at
 	another place

	* kdc/connect.c (add_port_string): don't return a value

 	* lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
 	cache if the principals are different.  close and NULL the old one
 	so that we create a new one.

	* configure.in: move around cgywin et al
	(LIB_kdb): set at the end of krb4-block
	(krb4): test for krb_enable_debug and krb_disable_debug

1999-06-16  Assar Westerlund  <assar@sics.se>

	* kuser/kdestroy.c (main): try to destroy v4 ticket even if the
 	destruction of the v5 one fails

	* lib/krb5/crypto.c (DES3_postproc): new version that does the
 	right thing
	(*): don't put and recover length in 3DES encoding
	other small fixes

1999-06-15  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_default_principal.c: rewrite to use
 	get_default_username

	* lib/krb5/Makefile.am: add n-fold-test

	* kdc/connect.c: add fallbacks for all lookups by service name
	(handle_tcp): break-up and clean-up

1999-06-09  Assar Westerlund  <assar@sics.se>

	* lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
 	the loopback address as uninteresting

	* lib/krb5/get_addrs.c: new magic flag to get loopback address if
 	there are no other addresses.
	(krb5_get_all_client_addrs): use that flag

1999-06-04  Assar Westerlund  <assar@sics.se>

	* lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
 	length
	(checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
	(encrypt_internal_derived): don't include the length and don't
	decrease by the checksum size twice
	(_get_derived_key): the constant should be 5 bytes

1999-06-02  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: use KRB_CHECK_X

	* configure.in: check for netinet/ip.h

1999-05-31  Assar Westerlund  <assar@sics.se>

	* kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
 	on RTLD_NOW

1999-05-23  Assar Westerlund  <assar@sics.se>

	* appl/test/uu_server.c: removed unused stuff

	* appl/test/uu_client.c: removed unused stuff

1999-05-21  Assar Westerlund  <assar@sics.se>

	* kuser/kgetcred.c (main): correct error message

	* lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
 	directly, avoiding redundant lookups and memory leaks

	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
 	local and remote addresses

	* lib/krb5/get_default_principal.c (get_logname): also try
 	$USERNAME

	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)

	* lib/krb5/principal.c (USE_RESOLVER): try to define only if we
	have a libresolv (currently by checking for res_search)

1999-05-18  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/connect.c (handle_tcp): remove %-escapes in request

1999-05-14  Assar Westerlund  <assar@sics.se>

	* Release 0.1g

	* admin/ktutil.c (kt_remove): -t should be -e

	* configure.in (CHECK_NETINET_IP_AND_TCP): use

	* kdc/hpropd.c: support for dumping to krb4.  From Miroslav Ruda
 	<ruda@ics.muni.cz>

	* admin/ktutil.c (kt_add): new option `--no-salt'.  From Miroslav
 	Ruda <ruda@ics.muni.cz>

	* configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
 	and innetgr with roken versions

	* kuser/kgetcred.c: new program

Tue May 11 14:09:33 1999  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/mcache.c: fix paste-o

1999-05-10  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: don't use uname

1999-05-10  Assar Westerlund  <assar@sics.se>

	* acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
	arguments :-)

	* appl/test/uu_server.c (setsockopt): cast to get rid of a warning

	* appl/test/tcp_server.c (setsockopt): cast to get rid of a
	warning

	* appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
	== NULL

	* appl/test/gssapi_server.c (setsockopt): cast to get rid of a
	warning

	* lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
	setting the default ccache.

	* configure.in (getsockopt, setsockopt): test for
	(AM_INIT_AUTOMAKE): bump version to 0.1g

	* appl/Makefile.am (SUBDIRS): add kx

	* lib/hdb/convert_db.c (main): handle the case of no master key

1999-05-09  Assar Westerlund  <assar@sics.se>

	* Release 0.1f

	* kuser/kinit.c: add --noaddresses

	* lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
	empty sit of list as to not ask for any addresses.

1999-05-08  Assar Westerlund  <assar@sics.se>

	* acconfig.h (_GNU_SOURCE): define this to enable (used)
 	extensions on glibc-based systems such as linux

1999-05-03  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
	`*out_creds' properly

	* lib/krb5/creds.c (krb5_compare_creds): just verify that the
	keytypes/enctypes are compatible, not that they are the same

	* kuser/kdestroy.c (cache): const-correctness

1999-05-03  Johan Danielsson  <joda@pdc.kth.se>

	* lib/hdb/hdb.c (hdb_set_master_key): initialise master key
	version

	* lib/hdb/convert_db.c: add support for upgrading database
	versions

	* kdc/misc.c: add flags to fetch

	* kdc/kstash.c: unlink keyfile on failure, chmod to 400

	* kdc/hpropd.c: add --print option

	* kdc/hprop.c: pass flags to hdb_foreach

	* lib/hdb/convert_db.c: add some flags

	* lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
	build prototype headers

	* lib/hdb/hdb_locl.h: update prototypes

	* lib/hdb/print.c: move printable version of entry from kadmin

	* lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
	sealed or not; add flags to hdb_foreach

	* lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
	NDBM_nextkey

	* lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey

	* lib/hdb/common.c: add flags to _hdb_{fetch,store}

	* lib/hdb/hdb.h: add master_key_version to struct hdb, update
	prototypes

	* lib/hdb/hdb.asn1: make mkvno optional, update version to 2

	* configure.in: --enable-netinfo

	* lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO

	* config.sub: fix for crays

	* config.guess: new version from automake 1.4

	* config.sub: new version from automake 1.4

Wed Apr 28 00:21:17 1999  Assar Westerlund  <assar@sics.se>

	* Release 0.1e

	* lib/krb5/mcache.c (mcc_get_next): get the current cursor
 	correctly

	* acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
  	From Ake Sandgren <ake@cs.umu.se>

1999-04-27  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/kerberos5.c: fix arguments to decrypt_ticket

1999-04-25  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
	DCE secd's that are not able to handle MD5 checksums by defaulting
	to MD4 if the keytype was DES-CBC-CRC

	* lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype

	* lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
	`cksumtype'

	* lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
	secd
	(init_tgs_req): add all supported enctypes for the keytype in
	`in_creds->session.keytype' if it's set

	* lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
	encryption types
	(do_checksum): new function
	(verify_checksum): take the checksum to use from the checksum message
	and not from the crypto struct
	(etypes): add F_PSEUDO flags
	(krb5_keytype_to_enctypes): new function

	* lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
	and cksumtype
	(krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
	(krb5_auth_setkeytype, krb5_auth_getkeytype): implement
	(krb5_auth_setenctype): comment out, it's rather bogus anyway

Sun Apr 25 16:55:50 1999  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5_locl.h: fix for stupid aix warnings

	* lib/krb5/fcache.c (erase_file): don't malloc

Sat Apr 24 18:35:21 1999  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/config.c: pass context to krb5_config_file_free

	* kuser/kinit.c: add `--fcache-version' to set cache version to
	create

	* kuser/klist.c: print cache version if verbose

	* lib/krb5/transited.c (krb5_domain_x500_decode): don't abort

	* lib/krb5/principal.c: abort -> krb5_abortx

	* lib/krb5/mk_rep.c: abort -> krb5_abortx

	* lib/krb5/config_file.c: abort -> krb5_abortx

	* lib/krb5/context.c (init_context_from_config_file): init
	fcache_version; add krb5_{get,set}_fcache_version

	* lib/krb5/keytab.c: add support for reading (and writing?) old
	version keytabs

	* lib/krb5/cache.c: add krb5_cc_get_version

	* lib/krb5/fcache.c: add support for reading and writing old
	version cache files

	* lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags

	* lib/krb5/store_emem.c (krb5_storage_emem): zero flags

	* lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags

	* lib/krb5/store.c: add flags to change how various fields are
	stored, used for old cache version support

	* lib/krb5/krb5.h: add support for reading and writing old version
	cache files, and keytabs

Wed Apr 21 00:09:26 1999  Assar Westerlund  <assar@sics.se>

	* configure.in: fix test for readline.h remember to link with
 	$LIB_tgetent when trying linking with readline

	* lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
 	is given, request a postdated ticket.

	* lib/krb5/data.c (krb5_data_free): free data as long as it's not
 	NULL

Tue Apr 20 20:18:14 1999  Assar Westerlund  <assar@sics.se>

	* kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen

	* lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add

	* lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
 	KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
 	invalid

Tue Apr 20 12:42:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* kpasswd/kpasswdd.c: don't try to load library by default; get
 	library and function name from krb5.conf

	* kpasswd/sample_passwd_check.c: sample password checking
 	functions

Mon Apr 19 22:22:19 1999  Assar Westerlund  <assar@sics.se>

	* lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
 	krb5_data_alloc and be careful with checking allocation and sizes.

	* kuser/klist.c (--tokens): conditionalize on KRB4

	* kuser/kinit.c (renew_validate): set all flags
	(main): fix cut-n-paste error when setting start-time

	* kdc/kerberos5.c (check_tgs_flags): starttime of a validate
 	ticket should be > than current time
	(*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket

	* kuser/kinit.c (renew_validate): use the client realm instead of
 	the local realm when renewing tickets.

	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
	(krb5_get_forwarded_creds): correct freeing of out_creds

	* kuser/kinit.c (renew_validate): hopefully fix up freeing of
 	memory

	* configure.in: do all the krb4 tests with "$krb4" != "no"

	* lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
 	keyvalue if it's NULL.  noticed by Ake Sandgren <ake@cs.umu.se>

	* lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
 	instead of just taking the first one.  fix all callers.  From
 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

	* kdc/kdc_locl.h (enable_kaserver): declaration

	* kdc/hprop.c (ka_convert): print the failing principal.  AFS 3.4a
 	creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around.  From
 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

	* kdc/hpropd.c (open_socket): stupid cast to get rid of a warning

	* kdc/connect.c (add_standard_ports, process_request): look at
 	enable_kaserver.  From "Brandon S. Allbery KF8NH"
 	<allbery@kf8nh.apk.net>

	* kdc/config.c: new flag --kaserver and config file option
 	enable-kaserver.  From "Brandon S. Allbery KF8NH"
 	<allbery@kf8nh.apk.net>

Mon Apr 19 12:32:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: check for dlopen, and dlfcn.h

	* kpasswd/kpasswdd.c: add support for dlopen:ing password quality
 	check library

	* configure.in: add appl/su

Sun Apr 18 15:46:53 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
 	cache

Fri Apr 16 17:58:51 1999  Assar Westerlund  <assar@sics.se>

	* configure.in: LIB_kdb: -L should be before -lkdb
	test for prototype of strsep

Thu Apr 15 11:34:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/Makefile.am: update version

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
 	ALLOC_SEQ

	* lib/krb5/fcache.c: add some support for reading and writing old
 	cache formats;
	(fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
	krb5_ret_creds

	* lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
 	initialize host_byteorder

	* lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
 	host_byteorder

	* lib/krb5/store_emem.c (krb5_storage_emem): initialize
 	host_byteorder

	* lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
	(krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
 	check host_byteorder flag; (krb5_store_creds): add;
 	(krb5_ret_creds): add

	* lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
 	storage of numbers

	* lib/krb5/heim_err.et: add `host not found' error

	* kdc/connect.c: don't use data after clearing decriptor

	* lib/krb5/auth_context.c: abort -> krb5_abortx

	* lib/krb5/warn.c: add __attribute__; add *abort functions

	* configure.in: check for __attribute__

	* kdc/connect.c: log bogus requests

Tue Apr 13 18:38:05 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
 	for all DES keys

1999-04-12  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit

	* lib/krb5/get_cred.c (init_tgs_req): some more error checking

	* lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
	value from malloc

Sun Apr 11 03:47:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/krb5.conf.5: update to reality

	* lib/krb5/krb5_425_conv_principal.3: update to reality

1999-04-11  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_host_realm.c: handle more than one realm for a host

	* kpasswd/kpasswd.c (main): use krb5_program_setup and
	print_version

	* kdc/string2key.c (main): use krb5_program_setup and
	print_version

Sun Apr 11 02:35:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/principal.c (krb5_524_conv_principal): make it actually
 	work, and check built-in list of host-type first-components

	* lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm

	* lib/krb5/context.c: add srv_* flags to context

	* lib/krb5/principal.c: add default v4_name_convert entries

	* lib/krb5/krb5.h: add srv_* flags to context

Sat Apr 10 22:52:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* kadmin/kadmin.c: complain about un-recognised commands

	* admin/ktutil.c: complain about un-recognised commands

Sat Apr 10 15:41:49 1999  Assar Westerlund  <assar@sics.se>

	* kadmin/load.c (doit): fix error message

	* lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
 	fail to match.
	(krb5_get_wrapped_length): new function

	* configure.in: security/pam_modules.h: check for

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
 	around `ret_as_reply' semantics by only freeing it when ret == 0

Fri Apr  9 20:24:04 1999  Assar Westerlund  <assar@sics.se>

	* kuser/klist.c (print_cred_verbose): handle the case of a bad
 	enctype

	* configure.in: test for more header files
	(LIB_roken): set

Thu Apr  8 15:01:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: fixes for building w/o krb4

	* ltmain.sh: update to libtool 1.2d

	* ltconfig: update to libtool 1.2d

Wed Apr  7 23:37:26 1999  Assar Westerlund  <assar@sics.se>

	* kdc/hpropd.c: fix some error messages to be more understandable.

	* kdc/hprop.c (ka_dump): remove unused variables

	* appl/test/tcp_server.c: remove unused variables

	* appl/test/gssapi_server.c: remove unused variables

	* appl/test/gssapi_client.c: remove unused variables

Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code

	* kuser/klist.c: make it compile w/o krb4

	* kuser/kdestroy.c: make it compile w/o krb4

	* admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
 	strings

Mon Apr  5 16:13:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: test for MIPS ABI; new test_package

Thu Apr  1 11:00:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* include/Makefile.am: clean krb5-private.h

	* Release 0.1d

	* kpasswd/kpasswdd.c (doit): pass context to
 	krb5_get_all_client_addrs

	* kdc/connect.c (init_sockets): pass context to
 	krb5_get_all_server_addrs

	* lib/krb5/get_in_tkt.c (init_as_req): pass context to
 	krb5_get_all_client_addrs

	* lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
 	krb5_get_all_client_addrs

	* lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses

	* lib/krb5/krb5.h: add support for adding an extra set of
 	addresses

	* lib/krb5/context.c: add support for adding an extra set of
 	addresses

	* lib/krb5/addr_families.c: add krb5_parse_address

	* lib/krb5/address.c: krb5_append_addresses

	* lib/krb5/config_file.c (parse_binding): don't zap everything
 	after first whitespace

	* kuser/kinit.c (renew_validate): don't allocate out

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
 	allocate out_creds

	* lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
 	out_creds pointer;
	(krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
	free more memory

	* lib/krb5/crypto.c (encrypt_internal): free checksum

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
 	and ticket

	* kuser/Makefile.am: remove kfoo

	* lib/Makefile.am: add auth

	* lib/kadm5/iprop.h: getarg.h

	* lib/kadm5/replay_log.c: use getarg

	* lib/kadm5/ipropd_slave.c: use getarg

	* lib/kadm5/ipropd_master.c: use getarg

	* lib/kadm5/dump_log.c: use getarg

	* kpasswd/kpasswdd.c: use getarg

	* Makefile.am.common: make a more working check-local target

	* lib/asn1/main.c: use getargs

Mon Mar 29 20:19:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* kuser/klist.c (print_cred_verbose): use krb5_print_address

	* lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int

	* lib/krb5/addr_families.c (krb5_print_address): handle unknown
 	address types; (ipv6_print_addr): print in 16-bit groups (as it
 	should)

	* lib/krb5/crc.c: crc_{init_table,update} ->
 	_krb5_crc_{init_table,update}

	* lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
 	crc_{init_table,update} -> _krb5_crc_{init_table,update}

	* lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int

	* lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int

	* lib/krb5/krb5_locl.h: include krb5-private.h

	* kdc/connect.c (addr_to_string): use krb5_print_address

	* lib/krb5/addr_families.c (krb5_print_address): int -> size_t

	* lib/krb5/addr_families.c: add support for printing ipv6
 	addresses, either with inet_ntop, or ugly for-loop

	* kdc/524.c: check that the ticket came from a valid address; use
 	the address of the connection as the address to put in the v4
 	ticket (if this address is AF_INET)

	* kdc/connect.c: pass addr to do_524

	* kdc/kdc_locl.h: prototype for do_524

Sat Mar 27 17:48:31 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
 	setlim; check for auth modules; siad.h, getpwnam_r;
 	lib/auth/Makefile, lib/auth/sia/Makefile

	* lib/krb5/crypto.c: n_fold -> _krb5_n_fold

	* lib/krb5/n-fold.c: n_fold -> _krb5_n_fold

Thu Mar 25 04:35:21 1999  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
 	it

	* lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'

	* lib/hdb/ndbm.c (NDBM_destroy): clear master key

	* lib/hdb/db.c (DB_destroy): clear master key
	(DB_open): check malloc

	* kdc/connect.c (init_sockets): free addresses

	* kadmin/kadmin.c (main): make code more consistent.  always free
 	configuration information.

	* kadmin/init.c (create_random_entry): free the entry

Wed Mar 24 04:02:03 1999  Assar Westerlund  <assar@sics.se>

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
 	re-organize the code to always free `kdc_reply'

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
 	freeing memory

	* lib/krb5/fcache.c (fcc_destroy): don't call fcc_close

	* lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'

	* lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
 	header

	* configure.in (db_185.h): check for

	* admin/srvcreate.c: new file. contributed by Daniel Kouril
 	<kouril@informatics.muni.cz>

	* admin/ktutil.c: srvcreate: new command

	* kuser/klist.c: add support for printing AFS tokens

	* kuser/kdestroy.c: add support for destroying v4 tickets and AFS
 	tokens.  based on code by Love <lha@stacken.kth.se>

	* kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries

	* configure.in: sys/ioccom.h: test for

	* kuser/klist.c (main): don't print `no ticket file' with --test.
  	From: Love <lha@e.kth.se>

	* kpasswd/kpasswdd.c (doit): more braces to make gcc happy

	* kdc/connect.c (init_socket): get rid of a stupid warning

	* include/bits.c (my_strupr): cast away some stupid warnings

Tue Mar 23 14:34:44 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
 	loops, please

Tue Mar 23 00:00:45 1999  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/Makefile.am (install_build_headers): recover from make
 	rewriting the names of the headers kludge to help solaris make

	* lib/krb5/Makefile.am: kludge to help solaris make

	* lib/hdb/Makefile.am: kludge to help solaris make

	* configure.in (LIB_kdb): make sure there's a -L option in here by
 	adding $(LIB_krb4)

	* lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
 	unsigned

	* configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
 	remove the `dnl' to work around an automake flaw

Sun Mar 21 15:08:49 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/get_default_realm.c: char* -> krb5_realm

Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* include/bits.c: <bind/bitypes.h>

	* lib/krb5/Makefile.am: create krb5-private.h

Sat Mar 20 00:08:59 1999  Assar Westerlund  <assar@sics.se>

	* configure.in (gethostname): remove duplicate

Fri Mar 19 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/hdb/Makefile.am: add version-info

	* lib/gssapi/Makefile.am: add version-info

	* lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
 	to check_PROGRAMS

	* lib/Makefile.am: add 45

	* lib/kadm5/Makefile.am: split in client and server libraries
 	(breaks shared libraries otherwise)

Thu Mar 18 11:33:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* include/kadm5/Makefile.am: clean a lot of header files (since
 	automake lacks a clean-hook)

	* include/Makefile.am: clean a lot of header files (since automake
 	lacks a clean-hook)

	* lib/kadm5/Makefile.am: fix build-installation of headers

	* lib/krb5/Makefile.am: remove include_dir hack

	* lib/hdb/Makefile.am: remove include_dir hack

	* lib/asn1/Makefile.am: remove include_dir hack

	* include/Makefile.am: remove include_dir hack

	* doc/whatis.texi: define sub for html

	* configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h

	* lib/asn1/Makefile.am: der.h

	* kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h

	* kdc/Makefile.am: remove junk

	* kadmin/Makefile.am: sl.a -> sl.la

	* appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS

	* admin/Makefile.am: sl.a -> sl.la

	* configure.in: condition KRB5; AC_CHECK_XAU

	* Makefile.am: include Makefile.am.common

	* include/kadm5/Makefile.am: include Makefile.am.common; don't
 	install headers from here

	* include/Makefile.am: include Makefile.am.common; don't install
 	headers from here

	* doc/Makefile.am: include Makefile.am.common

	* lib/krb5/Makefile.am: include Makefile.am.common

	* lib/kadm5/Makefile.am: include Makefile.am.common

	* lib/hdb/Makefile.am: include Makefile.am.common

	* lib/gssapi/Makefile.am: include Makefile.am.common

	* lib/asn1/Makefile.am: include Makefile.am.common

	* lib/Makefile.am: include Makefile.am.common

	* lib/45/Makefile.am: include Makefile.am.common

	* kuser/Makefile.am: include Makefile.am.common

	* kpasswd/Makefile.am: include Makefile.am.common

	* kdc/Makefile.am: include Makefile.am.common

	* kadmin/Makefile.am: include Makefile.am.common

	* appl/test/Makefile.am: include Makefile.am.common

	* appl/afsutil/Makefile.am: include Makefile.am.common

	* appl/Makefile.am: include Makefile.am.common

	* admin/Makefile.am: include Makefile.am.common

Wed Mar 17 03:04:38 1999  Assar Westerlund  <assar@sics.se>

	* lib/krb5/store.c (krb5_store_stringz): braces fix

	* lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix

	* lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix

	* kdc/connect.c (loop): braces fix

	* lib/krb5/config_file.c: cast to unsigned char to make is* happy

	* lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy

	* lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
 	be consistent

	* kadmin/util.c (timeval2str): more braces to make gcc happy

	* kadmin/load.c: cast in is* to get rid of stupid warning

	* kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
 	warning

	* kdc/kaserver.c: malloc checks and fixes

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
 	dot (if any) when looking up realms.

Fri Mar 12 13:57:56 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/get_host_realm.c: add dns support

	* lib/krb5/set_default_realm.c: use krb5_free_host_realm

	* lib/krb5/free_host_realm.c: check for NULL realmlist

	* lib/krb5/context.c: don't print warning if there is no krb5.conf

Wed Mar 10 19:29:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: use AC_WFLAGS

Mon Mar  8 11:49:43 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* Release 0.1c

	* kuser/klist.c: use print_version

	* kuser/kdestroy.c: use print_version

	* kdc/hpropd.c: use print_version

	* kdc/hprop.c: use print_version

	* kdc/config.c: use print_version

	* kadmin/kadmind.c: use print_version

	* kadmin/kadmin.c: use print_version

	* appl/test/common.c: use print_version

	* appl/afsutil/afslog.c: use print_version

Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
 	HAVE_STRUCT_SOCKADDR_SA_LEN

	* configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13

Sun Feb 28 18:19:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/asn1/gen.c: make `BIT STRING's unsigned

	* lib/asn1/{symbol.h,gen.c}: add TUInteger type

	* lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
 	krb5_get_init_creds_password

	* lib/krb5/fcache.c (fcc_gen_new): implement

Sat Feb 27 22:41:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* doc/install.texi: krb4 is now automatically detected

	* doc/misc.texi: update procedure to set supported encryption
 	types

	* doc/setup.texi: change some silly wordings

Sat Feb 27 22:17:30 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/keytab.c (fkt_remove_entry): make this work

	* admin/ktutil.c: add minimally working `get' command

Sat Feb 27 19:44:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/hdb/convert_db.c: more typos

	* include/Makefile.am: remove EXTRA_DATA (as of autoconf
 	2.13/automake 1.4)

	* appl/Makefile.am: OTP_dir

Fri Feb 26 17:37:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* doc/setup.texi: add kadmin section

	* lib/asn1/check-der.c: fix printf warnings

Thu Feb 25 11:16:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: -O does not belong in WFLAGS

Thu Feb 25 11:05:57 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/asn1/der_put.c: fix der_put_int

Tue Feb 23 20:35:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* configure.in: use AC_BROKEN_GLOB

Mon Feb 22 15:12:44 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* configure.in: check for glob

Mon Feb 22 11:32:42 1999  Johan Danielsson  <joda@hella.pdc.kth.se>

	* Release 0.1b

Sat Feb 20 15:48:06 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
 	des3-cbc-md5

	* lib/krb5/crypto.c (DES3_string_to_key): make this actually do
 	what the draft said it should

	* lib/hdb/convert_db.c: little program for database conversion

	* lib/hdb/db.c (DB_open): try to open database w/o .db extension

	* lib/hdb/ndbm.c (NDBM_open): add test for database format

	* lib/hdb/db.c (DB_open): add test for database format

	* lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
 	unsigned

	* lib/hdb/hdb.c: change `hdb_set_master_key' to take an
 	EncryptionKey, and add a new function `hdb_set_master_keyfile' to
 	do what `hdb_set_master_key' used to do

	* kdc/kstash.c: add `--convert-file' option to change keytype of
 	existing master key file

Fri Feb 19 07:04:14 1999  Assar Westerlund  <assar@squid.pdc.kth.se>

	* Release 0.1a

Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
 	is now a `u_char *'

	* lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
 	orig_host

 	(krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
 	RSA_MD5_DES3_verify): initialize ret

	* lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
 	gssapi_krb5_init.  ask for KEYTYPE_DES credentials

	* kadmin/get.c (print_entry_long): print the keytypes and salts
 	available for the principal

	* configure.in (WFLAGS): add `-O' to catch unitialized variables
 	and such
	(gethostname, mkstemp, getusershell, inet_aton): more tests

	* lib/hdb/hdb.h: update prototypes

	* configure.in: homogenize broken detection with krb4

	* lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
 	`error'

	* lib/asn1/Makefile.am (check-der): add

	* lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
 	of `unsigned'

	* lib/asn1/der_length.c (length_unsigned): new function
	(length_int): handle signed integers

	* lib/asn1/der_put.c (der_put_unsigned): new function
	(der_put_int): handle signed integers

 	* lib/asn1/der_get.c (der_get_unsigned): new function
 	(der_get_int): handle signed integers

	* lib/asn1/der.h: all integer functions take `int' instead of
 	`unsigned'

	* lib/asn1/lex.l (filename): unused. remove.

	* lib/asn1/check-der.c: new test program for der encoding and
 	decoding.

Mon Feb  1 04:09:06 1999  Assar Westerlund  <assar@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
 	gethostbyname2 with AF_INET6 if we actually have IPv6.  From
 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>

 	* lib/krb5/changepw.c (get_kdc_address): dito

Sun Jan 31 06:26:36 1999  Assar Westerlund  <assar@sics.se>

	* kdc/connect.c (parse_prots): always bind to AF_INET, there are
 	v6-implementations without support for `mapped V4 addresses'.
  	From Jun-ichiro itojun Hagino <itojun@kame.net>

Sat Jan 30 22:38:27 1999  Assar Westerlund  <assar@juguete.sics.se>

	* Release 0.0u

Sat Jan 30 13:43:02 1999  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am: explicit rules for *.et files

 	* lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
 	krb5_get_credentials was succesful.
 	(get_new_cache): return better error codes and return earlier.
 	(get_cred_cache): only delete default_client if it's different
 	from client
 	(kadm5_c_init_with_context): return a more descriptive error.

	* kdc/kerberos5.c (check_flags): handle NULL client or server

	* lib/krb5/sendauth.c (krb5_sendauth): return the error in
 	`ret_error' iff != NULL

	* lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
 	new functions

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
 	type-correctness

	* lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR

	* lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use

	* lib/krb5/get_cred.c: KRB5_TGS_NAME: use

 	* lib/kafs/afskrb5.c (afslog_uid_int): update to changes

	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
 	instead of rename, but shouldn't this just call rename?

 	* lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
 	error if the principal wasn't found.

	* lib/hdb/ndbm.c (NDBM_seq): unseal key

	* lib/hdb/db.c (DB_seq): unseal key

	* lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]

	* kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
 	finding cross-realm tgts in the v4 database

	* kadmin/mod.c (mod_entry): check the number of arguments.  check
 	that kadm5_get_principal worked.

	* lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
 	we weren't able to remove it.

	* admin/ktutil.c: less drive-by-deleting.  From Love
 	<lha@e.kth.se>

	* kdc/connect.c (parse_ports): copy the string before mishandling
 	it with strtok_r

	* kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
 	kvnos

	* kadmin/kadmind.c (main): convert `debug_port' to network byte
 	order

	* kadmin/kadmin.c: allow specification of port number.

	* lib/kadm5/kadm5_locl.h (kadm5_client_context): add
 	`kadmind_port'.

	* lib/kadm5/init_c.c (_kadm5_c_init_context): move up
 	initalize_kadm5_error_table_r.
	allow specification of port number.

  	From Love <lha@stacken.kth.se>

	* kuser/klist.c: add option -t | --test

Sat Dec  5 19:49:34 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/context.c: remove ktype_is_etype

	* lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE

	* configure.in: fix for AIX install; better tests for AIX dynamic
 	AFS libs; `--enable-new-des3-code'

Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* appl/afsutil/Makefile.am: link with extra libs for aix

	* kuser/Makefile.am: link with extra libs for aix

Sun Nov 29 01:56:21 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add.  almost
 	the same as krb5_get_all_client_addrs except that it includes
 	loopback addresses

	* kdc/connect.c (init_socket): bind to a particular address
	(init_sockets): get all local addresses and bind to them all

	* lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
 	methods
	(find_af, find_atype): new functions.  use them.

	* configure.in: add hesiod

Wed Nov 25 11:37:48 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03

Mon Nov 23 12:53:48 1998  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/log.c: rename delete -> remove

	* lib/kadm5/delete_s.c: rename delete -> remove

	* lib/hdb/common.c: rename delete -> remove

Sun Nov 22 12:26:26 1998  Assar Westerlund  <assar@sics.se>

	* configure.in: check for environ and `struct spwd'

Sun Nov 22 11:42:45 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
 	ktype_is_etype

	* lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
 	etypes
	(em): sort entries

Sun Nov 22 06:54:48 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/init_creds_pw.c: more type correctness

	* lib/krb5/get_cred.c: re-structure code.  remove limits on ASN1
 	generated bits.

Sun Nov 22 01:49:50 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* kdc/hprop.c (v4_prop): fix bogus indexing

Sat Nov 21 21:39:20 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/verify_init.c (fail_verify_is_ok): new function
	(krb5_verify_init_creds): if we cannot get a ticket for
	host/`hostname` and fail_verify_is_ok just return.  use
 	krb5_rd_req

Sat Nov 21 23:12:27 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/free.c (krb5_xfree): new function

	* lib/krb5/creds.c (krb5_free_creds_contents): new function

	* lib/krb5/context.c: more type correctness

	* lib/krb5/checksum.c: more type correctness

	* lib/krb5/auth_context.c (krb5_auth_con_init): more type
 	correctness

	* lib/asn1/der_get.c (der_get_length): fix test of len
	(der_get_tag): more type correctness

	* kuser/klist.c (usage): void-ize

	* admin/ktutil.c (kt_remove): some more type correctness.

Sat Nov 21 16:49:20 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* kuser/klist.c: try to list enctypes as keytypes

	* kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
 	to set list of enctypes to use

	* kadmin/load.c: load strings as hex

	* kadmin/dump.c: dump hex as string is possible

	* admin/ktutil.c: use print_version()

	* configure.in, acconfig.h: test for hesiod

Sun Nov 15 17:28:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/krb5/crypto.c: add some crypto debug code

	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
 	buffer when encoding ticket

	* lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'

	* kdc/kerberos5.c: allow mis-match of tgt session key, and service
 	session key

	* admin/ktutil.c: keytype -> enctype

Fri Nov 13 05:35:48 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added

Sat Nov  7 19:56:31 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_cred.c (add_cred): add termination NULL pointer

Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_req.c: adapt to new crypto api

	* lib/krb5/rd_rep.c: adapt to new crypto api

	* lib/krb5/rd_priv.c: adopt to new crypto api

	* lib/krb5/rd_cred.c: adopt to new crypto api

	* lib/krb5/principal.c: ENOMEM -> ERANGE

	* lib/krb5/mk_safe.c: cleanup and adopt to new crypto api

	* lib/krb5/mk_req_ext.c: adopt to new crypto api

	* lib/krb5/mk_req.c: get enctype from auth_context keyblock

	* lib/krb5/mk_rep.c: cleanup and adopt to new crypto api

	* lib/krb5/mk_priv.c: adopt to new crypto api

	* lib/krb5/keytab.c: adopt to new crypto api

	* lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api

	* lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api

	* lib/krb5/get_in_tkt_pw.c: adopt to new crypto api

	* lib/krb5/get_in_tkt.c: adopt to new crypto api

	* lib/krb5/get_cred.c: adopt to new crypto api

	* lib/krb5/generate_subkey.c: use new crypto api

	* lib/krb5/context.c: rename etype functions to enctype ditto

	* lib/krb5/build_auth.c: use new crypto api

	* lib/krb5/auth_context.c: remove enctype and cksumtype from
 	auth_context

Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>

	* kdc/connect.c (handle_udp, handle_tcp): correct type of `n'

Tue Sep 15 18:41:38 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* admin/ktutil.c: fix printing of unrecognized keytypes

Tue Sep 15 17:02:33 1998  Johan Danielsson  <joda@hella.pdc.kth.se>

	* lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
 	using AFS3 salt

Tue Aug 25 23:30:52 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
 	`use_admin_kdc'

	* lib/krb5/changepw.c (get_kdc_address): use
 	krb5_get_krb_admin_hst

	* lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function

	* lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'

	* lib/krb5/context.c (krb5_get_use_admin_kdc,
 	krb5_set_use_admin_kdc): new functions

Tue Aug 18 22:24:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/crypto.c: remove all calls to abort(); check return
 	value from _key_schedule;
	(RSA_MD[45]_DES_verify): zero tmp and res;
	(RSA_MD5_DES3_{verify,checksum}): implement

Mon Aug 17 20:18:46 1998  Assar Westerlund  <assar@sics.se>

	* kdc/kerberos4.c (swap32): conditionalize

	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
 	returned from gethostby*() isn't a FQDN, try with the original
 	hostname

	* lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
 	and correct key usage

	* lib/krb5/crypto.c (verify_checksum): make static

	* admin/ktutil.c (kt_list): use krb5_enctype_to_string

Sun Aug 16 20:57:56 1998  Assar Westerlund  <assar@sics.se>

	* kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt

	* kadmin/ank.c (ank): print principal name in prompt

	* lib/krb5/crypto.c (hmac): always allocate space for checksum.
  	never trust c.checksum.length
	(_get_derived_key): try to return the derived key

Sun Aug 16 19:48:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
	(get_checksum_key): assume usage is `formatted'
	(create_checksum,verify_checksum): moved the guts of the krb5_*
	functions here, both take `formatted' key-usages
	(encrypt_internal_derived): fix various bogosities
	(derive_key): drop key_type parameter (already given by the
	encryption_type)

	* kdc/kerberos5.c (check_flags): handle case where client is NULL

	* kdc/connect.c (process_request): return zero after processing
 	kerberos 4 request

Sun Aug 16 18:38:15 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/crypto.c: merge x-*.[ch] into one file

	* lib/krb5/cache.c: remove residual from krb5_ccache_data

Fri Aug 14 16:28:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
 	separate function (will eventually end up someplace else)

	* lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key

	* configure.in, acconfig.h: test for four valued krb_put_int

Thu Aug 13 23:46:29 1998  Assar Westerlund  <assar@emma.pdc.kth.se>

	* Release 0.0t

Thu Aug 13 22:40:17 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/config_file.c (parse_binding): remove trailing
 	whitespace

Wed Aug 12 20:15:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
 	to krb5_create_checksum

	* lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
 	few typos

Wed Aug  5 12:39:54 1998  Assar Westerlund  <assar@emma.pdc.kth.se>

	* Release 0.0s

Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_error.c (krb5_mk_error): realloc until you die

Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kdc_locl.h: proto for `get_des_key'

	* configure.in: test for four valued el_init

	* kuser/klist.c: keytype -> enctype

	* kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'

	* kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys

	* kdc/kaserver.c: use `get_des_key'

	* kdc/524.c: use new crypto api

	* kdc/kerberos4.c: use new crypto api

	* kdc/kerberos5.c: always treat keytypes as enctypes; use new
 	crypto api

	* kdc/kstash.c: adapt to new crypto api

	* kdc/string2key.c: adapt to new crypto api

	* admin/srvconvert.c: add keys for all possible enctypes

	* admin/ktutil.c: keytype -> enctype

	* lib/gssapi/init_sec_context.c: get enctype from auth_context
 	keyblock

	* lib/hdb/hdb.c: remove hdb_*_keytype2key

	* lib/kadm5/set_keys.c: adapt to new crypto api

	* lib/kadm5/rename_s.c: adapt to new crypto api

	* lib/kadm5/get_s.c: adapt to new crypto api

	* lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
 	des-cbc-md5, and des3-cbc-sha1

	* lib/krb5/heim_err.et: error message for unsupported salt

	* lib/krb5/codec.c: short-circuit these functions, since they are
 	not needed any more

	* lib/krb5/rd_safe.c: cleanup and adapt to new crypto api

Mon Jul 13 23:00:59 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
 	hostent->h_addr_list, use a copy instead

Mon Jul 13 15:00:31 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/config_file.c (parse_binding, parse_section): make sure
 	everything is ok before adding to linked list

	* lib/krb5/config_file.c: skip ws before checking for comment

Wed Jul  8 10:45:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/asn1/k5.asn1: hmac-sha1-des3 = 12

Tue Jun 30 18:08:05 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
 	unopened file

	* lib/krb5/mk_priv.c: realloc correctly

	* lib/krb5/get_addrs.c (find_all_addresses): init j

	* lib/krb5/context.c (krb5_init_context): print error if parsing
 	of config file produced an error.

	* lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
 	ignore more spaces

	* lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
 	krb5_encode_ETYPE_INFO): initialize `ret'

	* lib/krb5/build_auth.c (krb5_build_authenticator): realloc
 	correctly

	* lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'

	* lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
 	with default_client

	* kuser/kinit.c (main): initialize `ticket_life'

	* kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
	(tgs_rep2): initialize `krbtgt'

	* kdc/connect.c (do_request): check for errors from `sendto'

	* kdc/524.c (do_524): initialize `ret'

	* kadmin/util.c (foreach_principal): don't clobber `ret'

	* kadmin/del.c (del_entry): don't apply on zeroth argument

	* kadmin/cpw.c (do_cpw_entry): initialize `ret'

Sat Jun 13 04:14:01 1998  Assar Westerlund  <assar@juguete.sics.se>

	* Release 0.0r

Sun Jun  7 04:13:14 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/addr_families.c: fall-back definition of
 	IN6_ADDR_V6_TO_V4

	* configure.in: only set CFLAGS if it wasn't set look for
 	dn_expand and res_search

Mon Jun  1 21:28:07 1998  Assar Westerlund  <assar@sics.se>

	* configure.in: remove duplicate seteuid

Sat May 30 00:19:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
 	runtime dependencies on libkrb with some shared library
 	implementations

Fri May 29 00:09:02 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kuser/kinit_options.c: Default options for kinit.

	* kuser/kauth_options.c: Default options for kauth.

	* kuser/kinit.c: Implement lots a new options.

	* kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
 	is not NULL; set endtime to min of new starttime + old_life, and
 	requested endtime

	* lib/krb5/init_creds_pw.c (get_init_creds_common): if the
 	forwardable or proxiable flags are set in options, set the
 	kdc-flags to the value specified, and not always to one

Thu May 28 21:28:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c: Optionally compare client address to addresses
 	in ticket.

	* kdc/connect.c: Pass client address to as_rep() and tgs_rep().

	* kdc/config.c: Add check_ticket_addresses, and
 	allow_null_ticket_addresses variables.

Tue May 26 14:03:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/kadm5/create_s.c: possibly make DES keys version 4 salted

	* lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
 	before zapping version 4 salts

Sun May 24 05:22:17 1998  Assar Westerlund  <assar@sics.se>

	* Release 0.0q

	* lib/krb5/aname_to_localname.c: new file

	* lib/gssapi/init_sec_context.c (repl_mutual): no output token

	* lib/gssapi/display_name.c (gss_display_name): zero terminate
 	output.

Sat May 23 19:11:07 1998  Assar Westerlund  <assar@sics.se>

	* lib/gssapi/display_status.c: new file

	* Makefile.am: send -I to aclocal

	* configure.in: remove duplicate setenv

Sat May 23 04:55:19 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kadmin/util.c (foreach_principal): Check for expression before
 	wading through the whole database.

	* kadmin/kadmin.c: Pass NULL password to
 	kadm5_*_init_with_password.

	* lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
 	of `password' parameter to init_with_password.

	* lib/kadm5/init_s.c: implement init_with_{skey,creds}*

	* lib/kadm5/server.c: Better arguments for
 	kadm5_init_with_password.

Sat May 16 07:10:36 1998  Assar Westerlund  <assar@sics.se>

	* kdc/hprop.c: conditionalize ka-server reading support on
 	KASERVER_DB

	* configure.in: new option `--enable-kaserver-db'

Fri May 15 19:39:18 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/get_cred.c: Better error if local tgt couldn't be
 	found.

Tue May 12 21:11:02 1998  Assar Westerlund  <assar@sics.se>

	* Release 0.0p

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
 	encryption type in auth_context if it's compatible with the type
 	of the session key

Mon May 11 21:11:14 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/hprop.c: add support for ka-server databases

	* appl/ftp/ftpd: link with -lcrypt, if needed

Fri May  1 07:29:52 1998  Assar Westerlund  <assar@sics.se>

	* configure.in: don't test for winsock.h

Sat Apr 18 21:43:11 1998  Johan Danielsson  <joda@puffer.pdc.kth.se>

	* Release 0.0o

Sat Apr 18 00:31:11 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/sock_principal.c: Save hostname.

Sun Apr  5 11:29:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/mk_req_ext.c: Use same enctype as in ticket.

	* kdc/hprop.c (v4_prop): Check for null key.

Fri Apr  3 03:54:54 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/str2key.c: Fix DES3 string-to-key.

	* lib/krb5/keytab.c: Get default keytab name from context.

	* lib/krb5/context.c: Get `default_keytab_name' value.

	* kadmin/util.c (foreach_principal): Print error message if
 	`kadm5_get_principals' fails.

	* kadmin/kadmind.c: Use `kadmind_loop'.

	* lib/kadm5/server.c: Replace several other functions with
 	`kadmind_loop'.

Sat Mar 28 09:49:18 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
 	of O_APPEND

	* configure.in: generate ftp Makefiles

	* kuser/klist.c (print_cred_verbose): print IPv4-address in a
 	portable way.

	* admin/srvconvert.c (srvconv): return 0 if successful

Tue Mar 24 00:40:33 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
 	keytab entries, and change default keytab to `/etc/krb5.keytab'.

Mon Mar 23 23:43:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.

	* lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
  	Fix bug in checking of pad.

	* lib/gssapi/{un,}wrap.c: Add support for just integrity
 	protecting data.

	* lib/gssapi/accept_sec_context.c: Use
 	`gssapi_krb5_verify_8003_checksum'.

	* lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.

	* lib/gssapi/init_sec_context.c: Zero cred, and store session key
 	properly in auth-context.

Sun Mar 22 00:47:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/kadm5/delete_s.c: Check immutable bit.

	* kadmin/kadmin.c: Pass client name to kadm5_init.

	* lib/kadm5/init_c.c: Get creds for client name passed in.

	* kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.

Sat Mar 21 22:57:13 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/mk_error.c: Verify that error_code is in the range
 	[0,127].

	* kdc/kerberos5.c: Move checking of principal flags to new
 	function `check_flags'.

Sat Mar 21 14:38:51 1998  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt

	* configure.in: define SunOS if running solaris

Sat Mar 21 00:26:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/kadm5/server.c: Unifdef test for same principal when
 	changing password.

	* kadmin/util.c: If kadm5_get_principals failes, we might still be
 	able to perform the requested opreration (for instance someone if
 	trying to change his own password).

	* lib/kadm5/init_c.c: Try to get ticket via initial request, if
 	not possible via tgt.

	* lib/kadm5/server.c: Check for principals changing their own
 	passwords.

	* kdc/kerberos5.c (tgs_rep2): check for interesting flags on
 	involved principals.

	* kadmin/util.c: Fix order of flags.

Thu Mar 19 16:54:10 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos4.c: Return sane error code if krb_rd_req fails.

Wed Mar 18 17:11:47 1998  Assar Westerlund  <assar@sics.se>

	* acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6

Wed Mar 18 09:58:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
 	free keyseed; use correct keytab

Tue Mar 10 09:56:16 1998  Assar Westerlund  <assar@sics.se>

	* acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives

Mon Mar 16 23:58:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* Release 0.0n

Fri Mar  6 00:41:30 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/gssapi/{accept_sec_context,release_cred}.c: Use
	krb5_kt_close/krb5_kt_resolve.

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
 	to lookup hosts, so CNAMEs can be ignored.

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
 	Add support for using proxy.

	* lib/krb5/context.c: Initialize `http_proxy' from
 	`libdefaults/http_proxy'.

	* lib/krb5/krb5.h: Add `http_proxy' to context.

	* lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
 	specifications.

Wed Mar  4 01:47:29 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* admin/ktutil.c: Implement `add' and `remove' functions. Make
 	`--keytab' a global option.

	* lib/krb5/keytab.c: Implement remove with files. Add memory
 	operations.

Tue Mar  3 20:09:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/keytab.c: Use function pointers.

	* admin: Remove kdb_edit.

Sun Mar  1 03:28:42 1998  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/dump_log.c: print operation names

Sun Mar  1 03:04:12 1998  Assar Westerlund  <assar@sics.se>

	* configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}

	* lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
 	remove arbitrary limit

	* kdc/hprop-common.c: use krb5_{read,write}_message

	* lib/kadm5/ipropd_master.c (send_diffs): more careful use
 	krb5_{write,read}_message

	* lib/kadm5/ipropd_slave.c (get_creds): get credentials for
 	`iprop/master' directly.
	(main): use `krb5_read_message'

Sun Mar  1 02:05:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kadmin/kadmin.c: Cleanup commands list, and add help strings.

	* kadmin/get.c: Add long, short, and terse (equivalent to `list')
 	output formats. Short is the default.

	* kadmin/util.c: Add `include_time' flag to timeval2str.

	* kadmin/init.c: Max-life and max-renew can, infact, be zero.

	* kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.

	* kadmin/util.c: Add function `foreach_principal', that loops over
 	all principals matching an expression.

	* kadmin/kadmin.c: Add usage string to `privileges'.

	* lib/kadm5/get_princs_s.c: Also try to match aganist the
 	expression appended with `@default-realm'.

	* lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
 	excludes the realm if it's the same as the default realm.

Fri Feb 27 05:02:21 1998  Assar Westerlund  <assar@sics.se>

	* configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
 	headers and functions error -> com_err

 	(krb5_get_init_creds_keytab): use krb5_keytab_key_proc

	* lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
 	global

	* lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'

	* lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.

Fri Feb 27 04:49:24 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
  	This should be fixed the correct way.

	* lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
	(send_diffs): compare versions correctly
	(main): reorder handling of events

	* lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion

Thu Feb 26 02:22:35 1998  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/ipropd_{slave,master}.c: new files

	* lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
 	argument

	* lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
 	et_list *'

	* aux/make-proto.pl: Should work with perl4

Mon Feb 16 17:20:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
 	{asn1,krb5}_err.h).

Thu Feb 12 03:28:40 1998  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
 	is larger than max_skew, return KRB5KRB_AP_ERR_SKEW

	* lib/kadm5/log.c (get_version): globalize

	* lib/kadm5/kadm5_locl.h: include <sys/file.h>

	* lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY

	* kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
 	initializing local struct in declaration.

Sat Jan 31 17:28:58 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/524.c: Use krb5_decode_EncTicketPart.

	* kdc/kerberos5.c: Check at runtime whether to use enctypes
 	instead of keytypes. If so use the same value to encrypt ticket,
 	and kdc-rep as well as `keytype' for session key. Fix some obvious
 	bugs with the handling of additional tickets.

	* lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
 	krb5_decode_Authenticator.

	* lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.

	* lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.

	* lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
 	type, and not a key type.  Use krb5_encode_EncAPRepPart.

	* lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.

	* lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.

	* lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.

	* lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.

	* lib/krb5/build_auth.c: Use krb5_encode_Authenticator.

	* lib/krb5/codec.c: Enctype conversion stuff.

	* lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
 	setuid. Get configuration for libdefaults ktype_is_etype, and
 	default_etypes.

	* lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
 	krb5_convert_etype to krb5_decode_keytype, and add
 	krb5_decode_keyblock.

Fri Jan 23 00:32:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.

	* lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
 	from protocol keytypes (that really are enctypes) to internal
 	representation.

Thu Jan 22 21:24:36 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
 	on keys in the database; and also a new `pa-key-info' padata-type.

	* kdc/kerberos5.c: If pre-authentication fails, return a list of
 	keytypes, salttypes, and salts.

	* lib/krb5/init_creds_pw.c: Add better support for
 	pre-authentication, by looking at hints from the KDC.

	* lib/krb5/get_in_tkt.c: Add better support for specifying what
 	pre-authentication to use.

	* lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
 	KEYTYPE_DES_AFS3.

	* lib/krb5/krb5.h: Add pre-authentication structures.

	* kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.

Wed Jan 21 06:20:40 1998  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
 	`log_context.socket_name' and `log_context.socket_fd'

	* lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
 	to inform the possible running ipropd of an update.

Wed Jan 21 01:34:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_in_tkt.c: Return error-packet to caller.

	* lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.

	* kdc/kerberos5.c: Add some support for using enctypes instead of
 	keytypes.

	* lib/krb5/get_cred.c: Fixes to send authorization-data to the
 	KDC.

	* lib/krb5/build_auth.c: Only generate local subkey if there is
 	none.

	* lib/krb5/krb5.h: Add krb5_authdata type.

	* lib/krb5/auth_context.c: Add
 	krb5_auth_con_set{,localsub,remotesub}key.

	* lib/krb5/init_creds_pw.c: Return some error if prompter
 	functions return failure.

Wed Jan 21 01:16:13 1998  Assar Westerlund  <assar@sics.se>

	* kpasswd/kpasswd.c: detect bad password.  use krb5_err.

	* kadmin/util.c (edit_entry): remove unused variables

Tue Jan 20 22:58:31 1998  Assar Westerlund  <assar@sics.se>

	* kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.

	* lib/kadm5/kadm5_locl.h: add kadm5_log_context and
 	kadm5_log*-functions

	* lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
 	log

	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
 	log

	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
 	log_context

	* lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
 	log

	* lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
 	log

	* lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
 	log

	* lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
 	log

	* lib/kadm5/Makefile.am: add log.c, dump_log and replay_log

	* lib/kadm5/replay_log.c: new file

	* lib/kadm5/dump_log.c: new file

	* lib/kadm5/log.c: new file

	* lib/krb5/str2key.c (get_str): initialize pad space to zero

	* lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL

	* kpasswd/kpasswdd.c: rewritten to use the kadm5 API

	* kpasswd/Makefile.am: link with kadm5srv

	* kdc/kerberos5.c (tgs_rep): initialize `i'

	* kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp

	* include/Makefile.am: added admin.h

Sun Jan 18 01:41:34 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.

	* lib/krb5/mcache.c (mcc_store_cred): restore linked list if
 	copy_creds fails.

Tue Jan  6 04:17:56 1998  Assar Westerlund  <assar@sics.se>

	* lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}

	* lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.

	* lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
 	krb5_getportbyname

	* kadmin/kadmind.c (main): htons correctly.
	moved kadm5_server_{recv,send}

	* kadmin/kadmin.c (main): only set admin_server if explicitly
 	given

Mon Jan  5 23:34:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/hdb/ndbm.c: Implement locking of database.

	* kdc/kerberos5.c: Process AuthorizationData.

Sat Jan  3 22:07:07 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/string2key.c: Use AFS string-to-key from libkrb5.

	* lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.

	* lib/krb5/krb5.h: Add value for AFS salts.

	* lib/krb5/str2key.c: Add support for AFS string-to-key.

	* lib/kadm5/rename_s.c: Use correct salt.

	* lib/kadm5/ent_setup.c: Always enable client. Only set max-life
 	and max-renew if != 0.

	* lib/krb5/config_file.c: Add context to all krb5_config_*get_*.

Thu Dec 25 17:03:25 1997  Assar Westerlund  <assar@sics.se>

	* kadmin/ank.c (ank): don't zero password if --random-key was
 	given.

Tue Dec 23 01:56:45 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0m

	* lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'

	* kadmin/util.c (edit_time): only set mask if != 0
	(edit_attributes): only set mask if != 0

	* kadmin/init.c (init): create `default'

Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>

	* kadmin/util.c (str2deltat, str2attr, get_deltat): return value
 	as pointer and have return value indicate success.

	(get_response): check NULL from fgets

	(edit_time, edit_attributes): new functions for reading values and
	offering list of answers on '?'

	(edit_entry): use edit_time and edit_attributes

	* kadmin/ank.c (add_new_key): test the return value of
 	`krb5_parse_name'

	* kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
 	that the checksum has to be keyed, even though later drafts do.
  	Accept unkeyed checksums to be compatible with MIT.

	* kadmin/kadmin_locl.h: add some prototypes.

	* kadmin/util.c (edit_entry): return a value

	* appl/afsutil/afslog.c (main): return a exit code.

	* lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes

	* lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.

	* lib/krb5/build_auth.c (krb5_build_authenticator): use
 	krb5_{free,copy}_keyblock instead of the _contents versions

Fri Dec 12 14:20:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey

Mon Dec  8 08:48:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid

Sat Dec  6 10:09:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
	keyblock

Sat Dec  6 08:26:10 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0l

Thu Dec  4 03:38:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/send_to_kdc.c: Add TCP client support.

	* lib/krb5/store.c: Add k_{put,get}_int.

	* kadmin/ank.c: Set initial kvno to 1.

	* kdc/connect.c: Send version 5 TCP-reply as length+data.

Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug

	* kdc/kaserver.c (create_reply_ticket): use a random nonce in the
 	reply packet.

	* kdc/connect.c (init_sockets): less reallocing.

	* **/*.c: changed `struct fd_set' to `fd_set'

Sat Nov 29 05:12:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_default_principal.c: More guessing.

Thu Nov 20 02:55:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/rd_req.c: Use principal from ticket if no server is
 	given.

Tue Nov 18 02:58:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kuser/klist.c: Use krb5_err*().

Sun Nov 16 11:57:43 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
 	commands.

Sun Nov 16 02:52:20 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
 	`enctype'

	* lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
 	if set.

	* lib/krb5/get_cred.c: handle the case of a specific keytype

	* lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
 	parameter instead of guessing it.

	* lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
 	`enctype'

	* appl/test/common.c (common_setup): don't use `optarg'

	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
	(krb5_kt_get_entry): retrieve the latest version if kvno == 0

	* lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE

	* lib/krb5/creds.c (krb5_compare_creds): check for
 	KRB5_TC_MATCH_KEYTYPE

	* lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
 	unused variable

	* lib/krb5/creds.c (krb5_copy_creds_contents): only free the
 	contents if we fail.

Sun Nov 16 00:32:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kpasswd/kpasswdd.c: Get password expiration time from config
 	file.

	* lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.

Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
 	restructured and fixed.

	* lib/krb5/addr_families.c (krb5_h_addr2addr): new function.

Wed Nov 12 01:36:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
 	methods fail.

Tue Nov 11 22:22:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kadmin/kadmin.c: Add `-l' flag to use local database.

	* lib/kadm5/acl.c: Use KADM5_PRIV_ALL.

	* lib/kadm5: Use function pointer trampoline for easier dual use
 	(without radiation-hardening capability).

Tue Nov 11 05:15:22 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/encrypt.c (krb5_etype_valid): new function

	* lib/krb5/creds.c (krb5_copy_creds_contents): zero target

	* lib/krb5/context.c (valid_etype): remove

	* lib/krb5/checksum.c: remove dead code

	* lib/krb5/changepw.c (send_request): free memory on error.

	* lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
 	from malloc.

	* lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
 	failure correctly.
	(krb5_auth_con_setaddrs_from_fd): return error correctly.

	* lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files

Tue Nov 11 02:53:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/auth_context.c: Implement auth_con_setuserkey.

	* lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.

	* lib/krb5/keyblock.c: Rename krb5_free_keyblock to
 	krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.

	* lib/krb5/rd_req.c: Use auth_context->keyblock if
 	ap_options.use_session_key.

Tue Nov 11 02:35:17 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
	fix callers.

	* lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>

	* include/Makefile.am: add xdbm.h

Tue Nov 11 01:58:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.

Mon Nov 10 22:41:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/ticket.c: Implement copy_ticket.

	* lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.

	* lib/krb5/data.c: Implement free_data and copy_data.

Sun Nov  9 02:17:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.

	* kadmin/kadmin.c: Add get_privileges function.

	* lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
 	specification.

	* kdc/connect.c: Exit if no sockets could be bound.

	* kadmin/kadmind.c: Check return value from krb5_net_read().

	* lib/kadm5,kadmin: Fix memory leaks.

Fri Nov  7 02:45:26 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/kadm5/create_s.c: Get some default values from `default'
 	principal.

	* lib/kadm5/ent_setup.c: Add optional default entry to get some
 	values from.

Thu Nov  6 00:20:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/error/compile_et.awk: Remove generated destroy_*_error_table
 	prototype

	* kadmin/kadmind.c: Crude admin server.

	* kadmin/kadmin.c: Update to use remote protocol.

	* kadmin/get.c: Fix principal formatting.

	* lib/kadm5: Add client support.

	* lib/kadm5/error.c: Error code mapping.

	* lib/kadm5/server.c: Kadmind support function.

	* lib/kadm5/marshall.c: Kadm5 marshalling.

	* lib/kadm5/acl.c: Simple acl system.

	* lib/kadm5/kadm5_locl.h: Add client stuff.

	* lib/kadm5/init_s.c: Initialize acl.

	* lib/kadm5/*:  Return values.

	* lib/kadm5/create_s.c: Correct kvno.

Wed Nov  5 22:06:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/log.c: Fix parsing of log destinations.

Mon Nov  3 20:33:55 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/principal.c: Reduce number of reallocs in unparse_name.

Sat Nov  1 01:40:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kadmin: Simple kadmin utility.

	* admin/ktutil.c: Print keytype.

	* lib/kadm5/get_s.c: Set correct n_key_data.

	* lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
 	master key.

	* lib/kadm5/destroy_s.c: Check for allocated context.

	* lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().

Sat Nov  1 00:21:00 1997  Assar Westerlund  <assar@sics.se>

	* configure.in: test for readv, writev

Wed Oct 29 23:41:26 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/warn.c (_warnerr): handle the case of an illegal error
 	code

	* kdc/kerberos5.c (encode_reply): return success

Wed Oct 29 18:01:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c (find_etype) Return correct index of selected
 	etype.

Wed Oct 29 04:07:06 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0k

	* lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
 	environment variable

	* *: use the roken_get*-macros from roken.h for the benefit of
 	Crays.

	* configure.in: add --{enable,disable}-otp.  check for compatible
 	prototypes for gethostbyname, gethostbyaddr, getservbyname, and
 	openlog (they have strange prototypes on Crays)

	* acinclude.m4: new macro `AC_PROTO_COMPAT'

Tue Oct 28 00:11:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/connect.c: Log bad requests.

	* kdc/kerberos5.c: Move stuff that's in common between as_rep and
 	tgs_rep to separate functions.

	* kdc/kerberos5.c: Fix user-to-user authentication.

	* lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
 	  - add a kdc-options argument to krb5_get_credentials, and rename
	    it to krb5_get_credentials_with_flags
	  - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
	  - add some more user-to-user glue

	* lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
 	function, krb5_decrypt_ticket, so it is easier to decrypt and
 	check a ticket without having an ap-req.

	* lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
 	flags.

	* lib/krb5/crc.c (crc_init_table): Check if table is already
 	inited.

Sun Oct 26 04:51:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
 	indefinite encoding.

	* lib/asn1/gen_glue.c (generate_units): Check for empty
 	member-list.

Sat Oct 25 07:24:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/error/compile_et.awk: Allow specifying table-base.

Tue Oct 21 20:21:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c: Check version number of krbtgt.

Mon Oct 20 01:14:53 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
 	case of unhidden prompts.

	* lib/krb5/str2key.c (string_to_key_internal): return error
 	instead of aborting.  always free memory

	* admin/ktutil.c: add `help' command

	* admin/kdb_edit.c: implement new commands: add_random_key(ark),
 	change_password(cpw), change_random_key(crk)

Thu Oct 16 05:16:36 1997  Assar Westerlund  <assar@sics.se>

	* kpasswd/kpasswdd.c: change all the keys in the database

	* kdc: removed all unsealing, now done by the hdb layer

	* lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
 	and `hdb_clear_master_key'

	* admin/misc.c: removed

Wed Oct 15 22:47:31 1997  Assar Westerlund  <assar@sics.se>

	* kuser/klist.c: print year as YYYY iff verbose

Wed Oct 15 20:02:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kuser/klist.c: print etype from ticket

Mon Oct 13 17:18:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* Release 0.0j

	* lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
 	used to decrypt the reply from DCE secds.

	* lib/krb5/auth_context.c: Add {get,set}enctype.

	* lib/krb5/get_cred.c: Fix for DCE secd.

	* lib/krb5/store.c: Store keytype twice, as MIT does.

	* lib/krb5/get_in_tkt.c: Use etype from reply.

Fri Oct 10 00:39:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/connect.c: check for leading '/' in http request

Tue Sep 30 21:50:18 1997  Assar Westerlund  <assar@assaris.pdc.kth.se>

	* Release 0.0i

Mon Sep 29 15:58:43 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
 	the kvno or keytype before receiving the AP-REQ

	* lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
 	use from the keytype.

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
 	cksumtype to use from the keytype.

	* lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
 	from the keytype.

	* lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
 	what etype to use from the keytype.

	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
 	handle other key types than DES

	* lib/krb5/encrypt.c (key_type): add `best_cksumtype'
	(krb5_keytype_to_cksumtype): new function

	* lib/krb5/build_auth.c (krb5_build_authenticator): figure out
 	what etype to use from the keytype.

	* lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
 	and `enctype' to 0

	* admin/extkeytab.c (ext_keytab): extract all keys

	* appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge

	* configure.in: check for <netinet6/in6.h>. check for -linet6

Tue Sep 23 03:00:53 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1

	* lib/krb5/rd_safe.c: fix check for keyed and collision-proof
 	checksum

	* lib/krb5/context.c (valid_etype): remove hard-coded constants
	(default_etypes): include DES3

	* kdc/kerberos5.c: fix check for keyed and collision-proof
 	checksum

	* admin/util.c (init_des_key, set_password): DES3 keys also

 	* lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
 	no contact?

	* lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'

Mon Sep 22 11:44:27 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
 	the client is used to select wich key to encrypt the kdc rep with
 	(in case of as-req), and with the server info to select the
 	session key type. The server key the ticket is encrypted is based
 	purely on the keys in the database.

	* kdc/string2key.c: Add keytype support. Default to version 5
 	keys.

	* lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.

	* lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
 	many *_to_* functions.

	* lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
 	to krb5_string_to_key().

	* lib/krb5/checksum.c: Some cleanup, and added:
	  - rsa-md5-des3
	  - hmac-sha1-des3
	  - keyed and collision proof flags to each checksum method
	  - checksum<->string functions.

	* lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.

Sun Sep 21 15:19:23 1997  Assar Westerlund  <assar@sics.se>

	* kdc/connect.c: use new addr_families functions

	* kpasswd/kpasswdd.c: use new addr_families functions.  Now works
 	over IPv6

	* kuser/klist.c: use correct symbols for address families

	* lib/krb5/sock_principal.c: use new addr_families functions

	* lib/krb5/send_to_kdc.c: use new addr_families functions

	* lib/krb5/krb5.h: add KRB5_ADDRESS_INET6

	* lib/krb5/get_addrs.c: use new addr_families functions

	* lib/krb5/changepw.c: use new addr_families functions.  Now works
 	over IPv6

	* lib/krb5/auth_context.c: use new addr_families functions

	* lib/krb5/addr_families.c: new file

	* acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6.  Updated
 	uses.

	* acinclude.m4: new macro `AC_KRB_IPV6'.  Use it.

Sat Sep 13 23:04:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
 	principals.

Sat Sep 13 00:59:36 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0h

	* appl/telnet/telnet/commands.c: AF_INET6 support

	* admin/misc.c: new file

	* lib/krb5/context.c: new configuration variable `max_retries'

	* lib/krb5/get_addrs.c: fixes and better #ifdef's

	* lib/krb5/config_file.c: implement krb5_config_get_int

	* lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
 	AF_INET6 support

	* kuser/klist.c: support for printing IPv6-addresses

	* kdc/connect.c: support AF_INET6

	* configure.in: test for gethostbyname2 and struct sockaddr_in6

Thu Sep 11 07:25:28 1997  Assar Westerlund  <assar@sics.se>

	* lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
 	PA-DATA'

Wed Sep 10 21:20:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c: Fixes for cross-realm, including (but not
 	limited to):
	  - allow client to be non-existant (should probably check for
	    "local realm")
	  - if server isn't found and it is a request for a krbtgt, try to
 	    find a realm on the way to the requested realm
	  - update the transited encoding iff
	    client-realm != server-realm != tgt-realm

	* lib/krb5/get_cred.c: Several fixes for cross-realm.

Tue Sep  9 15:59:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/string2key.c: Fix password handling.

	* lib/krb5/encrypt.c: krb5_key_to_string

Tue Sep  9 07:46:05 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_addrs.c: rewrote.  Now should be able to handle
 	aliases and IPv6 addresses

	* kuser/klist.c: try printing IPv6 addresses

	* kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192

	* configure.in: check for <netinet/in6_var.h>

Mon Sep  8 02:57:14 1997  Assar Westerlund  <assar@sics.se>

	* doc: fixes

	* admin/util.c (init_des_key): increase kvno
	(set_password): return -1 if `des_read_pw_string' failed

	* admin/mod.c (doit2): check the return value from `set_password'

	* admin/ank.c (doit): don't add a new entry if `set_password'
 	failed

Mon Sep  8 02:20:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/verify_init.c: fix ap_req_nofail semantics

	* lib/krb5/transited.c: something that might resemble
 	domain-x500-compress

Mon Sep  8 01:24:42 1997  Assar Westerlund  <assar@sics.se>

	* kdc/hpropd.c (main): check number of arguments

	* appl/popper/pop_init.c (pop_init): check number of arguments

	* kpasswd/kpasswd.c (main): check number of arguments

	* kdc/string2key.c (main): check number of arguments

	* kuser/kdestroy.c (main): check number of arguments

	* kuser/kinit.c (main): check number of arguments

	* kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
 	break out of select when a signal arrives

	* kdc/main.c (main): use sigaction without SA_RESTART to break out
 	of select when a signal arrives

	* kdc/kstash.c: default to HDB_DB_DIR "/m-key"

	* kdc/config.c (configure): add `--version'.  Check the number of
 	arguments. Handle the case of there being no specification of port
 	numbers.

	* admin/util.c: seal and unseal key at appropriate places

	* admin/kdb_edit.c (main): parse arguments, config file and read
 	master key iff there's one.

	* admin/extkeytab.c (ext_keytab): unseal key while extracting

Sun Sep  7 20:41:01 1997  Assar Westerlund  <assar@sics.se>

	* lib/roken/roken.h: include <fcntl.h>

	* kdc/kerberos5.c (set_salt_padata): new function

	* appl/telnet/telnetd/telnetd.c: Rename some variables that
 	conflict with cpp symbols on HP-UX 10.20

	* change all calls of `gethostbyaddr' to cast argument 1 to `const
 	char *'

	* acconfig.h: only use SGTTY on nextstep

Sun Sep  7 14:33:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c: Check invalid flag.

Fri Sep  5 14:19:38 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.

	* lib/kafs: Move functions common to krb/krb5 modules to new file,
 	and make things more modular.

	* lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
 	-> krb5_config_list

Thu Sep  4 23:39:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fix loopback test.

Thu Sep  4 04:45:49 1997  Assar Westerlund  <assar@sics.se>

	* lib/roken/roken.h: fallback definition of `O_ACCMODE'

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
 	checking for a v4 reply

Wed Sep  3 18:20:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.

	* lib/hdb/hdb.c: new {seal,unseal}_keys functions

	* kdc/{hprop,hpropd}.c: Add support to dump database to stdout.

	* kdc/hprop.c: Don't use same master key as version 4.

	* admin/util.c: Don't dump core if no `default' is found.

Wed Sep  3 16:01:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/connect.c: Allow run time port specification.

	* kdc/config.c: Add flags for http support, and port
 	specifications.

Tue Sep  2 02:00:03 1997  Assar Westerlund  <assar@sics.se>

	* include/bits.c: Don't generate ifndef's in bits.h.  Instead, use
 	them when building the program.  This makes it possible to include
 	bits.h without having defined all HAVE_INT17_T symbols.

	* configure.in: test for sigaction

	* doc: updated documentation.

Tue Sep  2 00:20:31 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* Release 0.0g

Mon Sep  1 17:42:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/data.c: don't return ENOMEM if len == 0

Sun Aug 31 17:15:49 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/hdb/hdb.asn1: Include salt type in salt.

	* kdc/hprop.h: Change port to 754.

	* kdc/hpropd.c: Verify who tries to transmit a database.

	* appl/popper: Use getarg and krb5_log.

	* lib/krb5/get_port.c: Add context parameter. Now takes port in
 	host byte order.

Sat Aug 30 18:48:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/connect.c: Add timeout to select, and log about expired tcp
 	connections.

	* kdc/config.c: Add `database' option.

	* kdc/hpropd.c: Log about duplicate entries.

	* lib/hdb/{db,ndbm}.c: Use common routines.

	* lib/hdb/common.c: Implement more generic fetch/store/delete
 	functions.

	* lib/hdb/hdb.h: Add `replace' parameter to store.

	* kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
 	entries.

Fri Aug 29 03:13:23 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket

	* aux/make-proto.pl: fix __P for stone age mode

Fri Aug 29 02:45:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/45/mk_req.c: implementation of krb_mk_req that uses 524
 	protocol

	* lib/krb5/init_creds_pw.c: make change_password and
 	get_init_creds_common static

	* lib/krb5/krb5.h: Merge stuff from removed headerfiles.

	* lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops

	* lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops

Fri Aug 29 01:45:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/krb5.h: Remove all prototypes.

	* lib/krb5/convert_creds.c: Use `struct credentials' instead of
 	`CREDENTIALS'.

Fri Aug 29 00:08:18 1997  Assar Westerlund  <assar@sics.se>

	* lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
	and units for bit strings.

	* admin/util.c: flags2int, int2flags, and flag_units are now
 	generated by asn1_compile

	* lib/roken/parse_units.c: generalised `parse_units' and
 	`unparse_units' and added new functions `parse_flags' and
 	`unparse_flags' that use these

	* lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h

	* admin/util.c: Use {un,}parse_flags for printing and parsing
 	hdbflags.

Thu Aug 28 03:26:12 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_addrs.c: restructured

	* lib/krb5/warn.c (_warnerr): leak less memory

	* lib/hdb/hdb.c (hdb_free_entry): zero keys
	(hdb_check_db_format): leak less memory

	* lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
 	NDBM__get, NDBM__put

	* lib/hdb/db.c (DB_seq): check for valid hdb_entries

Thu Aug 28 02:06:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.

Thu Aug 28 01:13:17 1997  Assar Westerlund  <assar@sics.se>

	* kuser/kinit.1, klist.1, kdestroy.1: new man pages

	* kpasswd/kpasswd.1, kpasswdd.8: new man pages

	* kdc/kstash.8, hprop.8, hpropd.8: new man pages

	* admin/ktutil.8, admin/kdb_edit.8: new man pages

	* admin/mod.c: new file

	* admin/life.c: renamed gettime and puttime to getlife and putlife
	and moved them to life.c

	* admin/util.c: add print_flags, parse_flags, init_entry,
 	set_created_by, set_modified_by, edit_entry, set_password.  Use
 	them.

	* admin/get.c: use print_flags

	* admin: removed unused stuff.  use krb5_{warn,err}*

	* admin/ank.c: re-organized and abstracted.

	* admin/gettime.c: removed

Thu Aug 28 00:37:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.

	* lib/roken/base64.c: Add base64 functions.

	* kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.

Wed Aug 27 00:29:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* include/Makefile.am: Don't make links to built files.

	* admin/kdb_edit.c: Add command to set the database path.

	* lib/hdb: Include version number in database.

Tue Aug 26 20:14:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* admin/ktutil: Merged v4 srvtab conversion.

Mon Aug 25 23:02:18 1997  Assar Westerlund  <assar@sics.se>

	* lib/roken/roken.h: add F_OK

	* lib/gssapi/acquire_creds.c: fix typo

	* configure.in: call AC_TYPE_MODE_T

	* acinclude.m4: Add AC_TYPE_MODE_T

Sun Aug 24 16:46:53 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0f

Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>

	* appl/popper/pop_pass.c: log poppers

	* kdc/kaserver.c: some more checks

	* kpasswd/kpasswd.c: removed `-p'

	* kuser/kinit.c: removed `-p'

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
 	KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
 	krb-error text

	* lib/gssapi/import_name.c (input_name): more names types.

	* admin/load.c (parse_keys): handle the case of an empty salt

	* kdc/kaserver.c: fix up memory deallocation

	* kdc/kaserver.c: quick hack at talking kaserver protocol

	* kdc/kerberos4.c: Make `db-fetch4' global

	* configure.in: add --enable-kaserver

	* kdc/rx.h, kdc/kerberos4.h: new header files

	* lib/krb5/principal.c: fix krb5_build_principal_ext & c:o

Sun Aug 24 03:52:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
 	type conflicts.

	* lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.

	* lib/des/{md4,md5,sha}.c: Now works on Crays.

Sat Aug 23 18:15:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* appl/afsutil/afslog.c: If no cells or files specified, get
 	tokens for all local cells. Better test for files.

Thu Aug 21 23:33:38 1997  Assar Westerlund  <assar@sics.se>

	* lib/gssapi/v1.c: new file with v1 compatibility functions.

Thu Aug 21 20:36:13 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.

	* kdc/kerberos4.c: Check database when converting v4 principals.

	* kdc/kerberos5.c: Include kvno in Ticket.

	* lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.

	* kuser/klist.c: Print version number of ticket, include more
 	flags.

Wed Aug 20 21:26:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
 	expiration.

Wed Aug 20 17:40:31 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
 	there's an error.

	* lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
 	documentation and process KRB-ERROR's

Tue Aug 19 20:41:30 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos4.c: Fix memory leak in v4 protocol handler.

Mon Aug 18 05:15:09 1997  Assar Westerlund  <assar@sics.se>

	* lib/gssapi/accept_sec_context.c: Added
 	`gsskrb5_register_acceptor_identity'

Sun Aug 17 01:40:20 1997  Assar Westerlund  <assar@sics.se>

	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
 	always pass server == NULL to krb5_rd_req.

	* lib/gssapi: new files: canonicalize_name.c export_name.c
 	context_time.c compare_name.c release_cred.c acquire_cred.c
 	inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>

	* lib/krb5/config_file.c: Add netinfo support from Luke Howard
 	<lukeh@xedoc.com.au>

	* lib/editline/sysunix.c: sgtty-support from Luke Howard
 	<lukeh@xedoc.com.au>

	* lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
 	Howard <lukeh@xedoc.com.au>

Sat Aug 16 00:44:47 1997  Assar Westerlund  <assar@koi.pdc.kth.se>

	* Release 0.0e

Sat Aug 16 00:23:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* appl/afsutil/afslog.c: Use new libkafs.

	* lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.

	* lib/krb5/warn.c: Fix format string for *x type.

Fri Aug 15 22:15:01 1997  Assar Westerlund  <assar@sics.se>

	* admin/get.c (get_entry): print more information about the entry

	* lib/des/Makefile.am: build destest, mdtest, des, rpw, speed

	* lib/krb5/config_file.c: new functions `krb5_config_get_time' and
 	`krb5_config_vget_time'.  Use them.

Fri Aug 15 00:09:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* admin/ktutil.c: Keytab manipulation program.

	* lib/krb5/keytab.c: Return sane values from resolve and
 	start_seq_get.

	* kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.

	* lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
 	krb524_convert_creds_kdc.

	* lib/krb5/convert_creds.c: Implementation of
 	krb524_convert_creds_kdc.

	* lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL

	* kdc/524.c: A somewhat working 524-protocol module.

	* kdc/kerberos4.c: Add version 4 ticket encoding and encryption
 	functions.

	* lib/krb5/context.c: Fix kdc_timeout.

	* lib/hdb/{ndbm,db}.c: Free name in close.

	* kdc/kerberos5.c (tgs_check_autenticator): Return error code

Thu Aug 14 21:29:03 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.

	* lib/krb5/store_emem.c: Fix reallocation bug.

Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>

	* appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
 	`krb5_sock_to_principal'.  Send server parameter to
 	krb5_rd_req/krb5_recvauth.  Set addresses in auth_context.

	* lib/krb5/recvauth.c: Set addresses in auth_context if there
 	aren't any

	* lib/krb5/auth_context.c: New function
 	`krb5_auth_con_setaddrs_from_fd'

	* lib/krb5/sock_principal.c: new function
	`krb5_sock_to_principal'

	* lib/krb5/time.c: new file with `krb5_timeofday' and
 	`krb5_us_timeofday'.  Use these functions.

	* kuser/klist.c: print KDC offset iff verbose

	* lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
 	[libdefaults]kdc_timesync is set.

	* lib/krb5/fcache.c: Implement version 4 of the ccache format.

Mon Aug 11 05:34:43 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory

	* lib/krb5/principal.c (krb5_unparse_name): allocate memory
 	properly

	* kpasswd/kpasswd.c: Use `krb5_change_password'

	* lib/krb5/init_creds_pw.c (init_cred): set realm of server
 	correctly.

	* lib/krb5/init_creds_pw.c: support changing of password when it
 	has expired

	* lib/krb5/changepw.c: new file

	* kuser/klist.c: use getarg

	* admin/init.c (init): add `kadmin/changepw'

Mon Aug 11 04:30:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_cred.c: Make get_credentials handle cross-realm.

Mon Aug 11 00:03:24 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/config_file.c: implement support for #-comments

Sat Aug  9 02:21:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/hprop*.c: Add database propagation programs.

	* kdc/connect.c: Max request size.

Sat Aug  9 00:47:28 1997  Assar Westerlund  <assar@sics.se>

	* lib/otp: resurrected from krb4

	* appl/push: new program for fetching mail with POP.

	* appl/popper/popper.h: new include files.  new fields in `POP'

	* appl/popper/pop_pass.c: Implement both v4 and v5.

	* appl/popper/pop_init.c: Implement both v4 and v5.

	* appl/popper/pop_debug.c: use getarg.  Talk both v4 and v5

	* appl/popper: Popper from krb4.

	* configure.in: check for inline and <netinet/tcp.h> generate
 	files in appl/popper, appl/push, and lib/otp

Fri Aug  8 05:51:02 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_cred.c: clean-up and try to free memory even when
 	there're errors

	* lib/krb5/get_cred.c: adapt to new `extract_ticket'

	* lib/krb5/get_in_tkt.c: reorganize.  check everything and try to
 	return memory even if there are errors.

	* kuser/kverify.c: new file

	* lib/krb5/free_host_realm.c: new file

	* lib/krb5/principal.c (krb5_sname_to_principal): implement
 	different nametypes.  Also free memory.

	* lib/krb5/verify_init.c: more functionality

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum

	* lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
 	principals in creds.  Should also compare them with that received
 	from the KDC

	* lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
 	krb5_ccache
	(krb5_cc_destroy): call krb5_cc_close
	(krb5_cc_retrieve_cred): delete the unused creds

Fri Aug  8 02:30:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/log.c: Allow better control of destinations of logging
 	(like passing explicit destinations, and log-functions).

Fri Aug  8 01:20:39 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_default_principal.c: new file

	* kpasswd/kpasswdd.c: use krb5_log*

Fri Aug  8 00:37:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.

Fri Aug  8 00:37:17 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
  	Print password expire information.

	* kdc/config.c: new variable `kdc_warn_pwexpire'

	* kpasswd/kpasswd.c: converted to getarg and get_init_creds

Thu Aug  7 22:17:09 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/mcache.c: new file

	* admin/gettime.c: new function puttime.  Use it.

	* lib/krb5/keyblock.c: Added krb5_free_keyblock and
 	krb5_copy_keyblock

	* lib/krb5/init_creds_pw.c: more functionality

	* lib/krb5/creds.c: Added krb5_free_creds_contents and
 	krb5_copy_creds.  Changed callers.

	* lib/krb5/config_file.c: new functions krb5_config_get and
 	krb5_config_vget

	* lib/krb5/cache.c: cleanup added mcache

	* kdc/kerberos5.c: include last-req's of type 6 and 7, if
 	applicable

Wed Aug  6 20:38:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.

Tue Aug  5 22:53:54 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
	prompter_posix.c: the beginning of an implementation of the cygnus
	initial-ticket API.

	* lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
 	almost krb5_get_in_tkt but doesn't write the creds to the ccache.
  	Small fixes in krb5_get_in_tkt

	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
 	loopback.

Mon Aug  4 20:20:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc: Make context global.

Fri Aug  1 17:23:56 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0d

	* lib/roken/flock.c: new file

	* kuser/kinit.c: check for and print expiry information in the
 	`kdc_rep'

	* lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL

	* kdc/kerberos5.c: Check the valid times on client and server.
  	Check the password expiration.
	Check the require_preauth flag.
  	Send an lr_type == 6 with pw_end.
	Set key.expiration to min(valid_end, pw_end)

	* lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'

	* admin/util.c, admin/load.c: handle the new flags.

Fri Aug  1 16:56:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/hdb: Add some simple locking.

Sun Jul 27 04:44:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/log.c: Add some general logging functions.

	* kdc/kerberos4.c: Add version 4 protocol handler. The requrement
 	for this to work is that all involved principals has a des key in
 	the database, and that the client has a version 4 (un-)salted
 	key. Furthermore krb5_425_conv_principal has to do it's job, as
 	present it's not very clever.

	* lib/krb5/principal.c: Quick patch to make 425_conv work
 	somewhat.

	* lib/hdb/hdb.c: Add keytype->key and next key functions.

Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/build_auth.c (krb5_build_authenticator): don't free
 	`cksum'.  It's allocated and freed by the caller

	* lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.

	* kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
 	`client' to return as part of the KRB-ERROR

Thu Jul 24 08:13:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c: Unseal keys from database before use.

	* kdc/misc.c: New functions set_master_key, unseal_key and
 	free_key.

	* lib/roken/getarg.c: Handle `-f arg' correctly.

Thu Jul 24 01:54:43 1997  Assar Westerlund  <assar@sics.se>

	* kuser/kinit.c: implement `-l' aka `--lifetime'

	* lib/roken/parse_units.c, parse_time.c: new files

	* admin/gettime.c (gettime): use `parse_time'

	* kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
 	KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.

	* kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
 	addresses in auth_context bind one socket per interface.

	* kpasswd/kpasswd.c: use sequence numbers

	* lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
 	the timestamps

	* lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
 	from auth_context

	* lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
 	from auth_context

	* lib/krb5/mk_error.c (krb5_mk_error): return an error number and
 	not a comerr'd number.

	* lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
 	number in KRB-ERROR correctly.

	* lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
 	number in KRB-ERROR correctly.

	* lib/asn1/k5.asn1: Add `METHOD-DATA'

	* removed some memory leaks.

Wed Jul 23 07:53:18 1997  Assar Westerlund  <assar@sics.se>

	* Release 0.0c

	* lib/krb5/rd_cred.c, get_for_creds.c: new files

	* lib/krb5/get_host_realm.c: try default realm as last chance

	* kpasswd/kpasswdd.c: updated to hdb changes

	* appl/telnet/libtelnet/kerberos5.c: Implement forwarding

	* appl/telnet/libtelnet: removed totally unused files

	* admin/ank.c: fix prompts and generation of random keys

Wed Jul 23 04:02:32 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* admin/dump.c: Include salt in dump.

	* admin: Mostly updated for new db-format.

	* kdc/kerberos5.c: Update to use new db format. Better checking of
 	flags and such. More logging.

	* lib/hdb/hdb.c: Use generated encode and decode functions.

	* lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.

	* lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
 	in the reply.

Sun Jul 20 16:22:30 1997  Assar Westerlund  <assar@sics.se>

	* kuser/kinit.c: break if des_read_pw_string() != 0

	* kpasswd/kpasswdd.c: send a reply

	* kpasswd/kpasswd.c: restructured code.  better report on
 	krb-error break if des_read_pw_string() != 0

	* kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
 	starttime and renew_till

	* appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
 	keyblock to krb5_verify_chekcsum

Sun Jul 20 06:35:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* Release 0.0b

	* kpasswd/kpasswd.c: Avoid using non-standard struct names.

Sat Jul 19 19:26:23 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/keytab.c (krb5_kt_get_entry): check return from
 	`krb5_kt_start_seq_get'.  From <map@stacken.kth.se>

Sat Jul 19 04:07:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/asn1/k5.asn1: Update with more pa-data types from
 	draft-ietf-cat-kerberos-revisions-00.txt

	* admin/load.c: Update to match current db-format.

	* kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
 	up. Send back an empty pa-data if the client has the v4 flag set.

	* lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
 	pa-data. DTRT if there is any pa-data in the reply.

	* lib/krb5/str2key.c: XOR with some sane value.

	* lib/hdb/hdb.h: Add `version 4 salted key' flag.

	* kuser/kinit.c: Ask for password before calling get_in_tkt. This
 	makes it possible to call key_proc more than once.

	* kdc/string2key.c: Add flags to output version 5 (DES only),
 	version 4, and AFS string-to-key of a password.

	* lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
 	ENOMEM).

Fri Jul 18 02:54:58 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
 	name2name thing

	* kdc/misc.c: check result of hdb_open

	* admin/kdb_edit: updated to new sl

	* lib/sl: sl_func now returns an int. != 0 means to exit.

	* kpasswd/kpasswdd: A crude (but somewhat working) implementation
 	of `draft-ietf-cat-kerb-chg-password-00.txt'

Fri Jul 18 00:55:39 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kuser/krenew.c: Crude ticket renewing program.

	* kdc/kerberos5.c: Rewritten flags parsing, it now might work to
 	get forwarded and renewed tickets.

	* kuser/kinit.c: Add `-r' flag.

	* lib/krb5/get_cred.c: Move most of contents of get_creds to new
 	function get_kdc_cred, that always contacts the kdc and doesn't
 	save in the cache. This is a hack.

	* lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
 	(a bit kludgy).

	* lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.

	* lib/krb5/send_to_kdc.c: Get timeout from context.

	* lib/krb5/context.c: Add kdc_timeout to context struct.

Thu Jul 17 20:35:45 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kuser/klist.c: Print start time of ticket if available.

	* lib/krb5/get_host_realm.c: Return error if no realm was found.

Thu Jul 17 20:28:21 1997  Assar Westerlund  <assar@sics.se>

	* kpasswd: non-working kpasswd added

Thu Jul 17 00:21:22 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* Release 0.0a

	* kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.

Wed Jul 16 03:37:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.

	* lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
 	subkey.

	* lib/krb5/principal.c (krb5_free_principal): Check for NULL.

	* lib/krb5/send_to_kdc.c: Check for NULL return from
 	gethostbyname.

	* lib/krb5/set_default_realm.c: Try to get realm of local host if
 	no default realm is available.

	* Remove non ASN.1 principal code.

Wed Jul 16 03:17:30 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
 	error handing. Do some logging.

	* kdc/log.c: Some simple logging facilities.

	* kdc/misc.c (db_fetch): Take a krb5_principal.

	* kdc/connect.c: Pass address of request to as_rep and
 	tgs_rep. Send KRB-ERROR.

	* lib/krb5/mk_error.c: Add more fields.

	* lib/krb5/get_cred.c: Print normal error code if no e_text is
 	available.

Wed Jul 16 03:07:50 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
 	Change encryption type of pa_enc_timestamp to DES-CBC-MD5

	* lib/krb5/context.c: recognize all encryption types actually
 	implemented

	* lib/krb5/auth_context.c (krb5_auth_con_init): Change default
 	encryption type to `DES_CBC_MD5'

	*  lib/krb5/read_message.c, write_message.c: new files

Tue Jul 15 17:14:21 1997  Assar Westerlund  <assar@sics.se>

	* lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.

	* lib/error/compile_et.awk: generate a prototype for the
 	`destroy_foo_error_table' function.

Mon Jul 14 12:24:40 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
 	with `kerberos.REALM'

	* kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
 	`max_skew'

	* lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
 	subkey

	* lib/krb5/build_auth.c (krb5_build_authenticator): always
 	generate a subkey.

	* lib/krb5/address.c: implement `krb5_address_order'

	* lib/gssapi/import_name.c: Implement `gss_import_name'

	* lib/gssapi/external.c: Use new OID

	* lib/gssapi/encapsulate.c: New functions
 	`gssapi_krb5_encap_length' and `gssapi_krb5_make_header'.  Changed
	callers.

	* lib/gssapi/decapsulate.c: New function
 	`gssaspi_krb5_verify_header'.  Changed callers.

	* lib/asn1/gen*.c: Give tags to generated structs.
	Use `err' and `asprintf'

	* appl/test/gss_common.c: new file

	* appl/test/gssapi_server.c: removed all krb5 calls

	* appl/telnet/libtelnet/kerberos5.c: Add support for genering and
 	verifying checksums.  Also start using session subkeys.

Mon Jul 14 12:08:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.

Sun Jul 13 03:07:44 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT

	* lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
 	`DES_encrypt_key_ivec'

	* lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des

	* kdc/kerberos5.c (tgs_rep): support keyed checksums

	* lib/krb5/creds.c: new file

	* lib/krb5/get_in_tkt.c: better freeing

	* lib/krb5/context.c (krb5_free_context): more freeing

	* lib/krb5/config_file.c: New function `krb5_config_file_free'

	* lib/error/compile_et.awk: Generate a `destroy_' function.

	* kuser/kinit.c, klist.c: Don't leak memory.

Sun Jul 13 02:46:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kdc/connect.c: Check filedescriptor in select.

	* kdc/kerberos5.c: Remove most of the most common memory leaks.

	* lib/krb5/rd_req.c: Free allocated data.

	* lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
 	fields.

Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>

	* appl/telnet: Conditionalize the krb4-support.

	* configure.in: Test for krb4

Sat Jul 12 17:14:12 1997  Assar Westerlund  <assar@sics.se>

	* kdc/kerberos5.c: check if the pre-auth was decrypted properly.
  	set the `pre_authent' flag

	* lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.

	* lib/krb5/encrypt.c: Made `generate_random_block' global.

	* appl/test: Added gssapi_client and gssapi_server.

	* lib/krb5/data.c: Add `krb5_data_zero'

	* appl/test/tcp_client.c: try `mk_safe' and `mk_priv'

	* appl/test/tcp_server.c: try `rd_safe' and `rd_priv'

Sat Jul 12 16:45:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
 	returns zero length from SIOCGIFCONF.

Sat Jul 12 16:38:34 1997  Assar Westerlund  <assar@sics.se>

	* appl/test: new programs

	* lib/krb5/rd_req.c: add address compare

	* lib/krb5/mk_req_ext.c: allow no checksum

	* lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string

	* lib/krb5/address.c: fix `krb5_address_compare'

Sat Jul 12 15:03:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fix ip4 address extraction.

	* kuser/klist.c: Add verbose flag, and split main into smaller
 	pieces.

	* lib/krb5/fcache.c: Save ticket flags.

	* lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
 	flags.

	* lib/krb5/krb5.h: Add ticket_flags to krb5_creds.

Sat Jul 12 13:12:48 1997  Assar Westerlund  <assar@sics.se>

	* configure.in: Call `AC_KRB_PROG_LN_S'

	* acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4

Sat Jul 12 00:57:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
 	pass options.

Fri Jul 11 15:04:22 1997  Assar Westerlund  <assar@sics.se>

	* appl/telnet: telnet & telnetd seems to be working.

	* lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
 	krb5_config_vget_next

	* appl/telnet/libtelnet/kerberos5.c: update to current API

Thu Jul 10 14:54:39 1997  Assar Westerlund  <assar@sics.se>

	* appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
 	`krb5_kuserok'

	* appl/telnet: Added.

Thu Jul 10 05:09:25 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/error/compile_et.awk: Remove usage of sub, gsub, and
 	functions for compatibility with awk.

	* include/bits.c: Must use signed char.

	* lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
 	here.

	* lib/error/error.c: Replace krb5_get_err_text with new function
 	com_right.

	* lib/error/compile_et.awk: Avoid using static variables.

	* lib/error/error.c: Don't use krb5_locl.h

	* lib/error/error.h: Move definitions of error_table and
 	error_list from krb5.h.

	* lib/error: Moved from lib/krb5.

Wed Jul  9 07:42:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.

Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
	according to pseudocode from 1510

Wed Jul  9 06:06:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/hdb/hdb.c: Add hdb_etype2key.

	* kdc/kerberos5.c: Check authenticator. Use more general etype
 	functions.

Wed Jul  9 03:51:12 1997  Assar Westerlund  <assar@sics.se>

	* lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
 	draft-ietf-cat-kerberos-r-00.txt

	* lib/krb5/principal.c (krb5_parse_name): default to local realm
 	if none given

	* kuser/kinit.c: New option `-p' and prompt

Wed Jul  9 02:30:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/keyblock.c: Keyblock generation functions.

	* lib/krb5/encrypt.c: Use functions from checksum.c.

	* lib/krb5/checksum.c: Move checksum functions here. Add
 	krb5_cksumsize function.

Wed Jul  9 01:15:38 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/get_host_realm.c: implemented

	* lib/krb5/config_file.c: Redid part.  New functions:
 	krb5_config_v?get_next

	* kuser/kdestroy.c: new program

	* kuser/kinit.c: new flag `-f'

	* lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress

	* acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN

	* lib/krb5/krb5.h: krb5_addresses == HostAddresses.  Changed all
 	users.

	* lib/krb5/get_addrs.c: figure out all local addresses, possibly
 	even IPv6!

	* lib/krb5/checksum.c: table-driven checksum

Mon Jul  7 21:13:28 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
 	krb5_encrypt.

Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>

	* lib/roken/vsyslog.c: new file

	* lib/krb5/encrypt.c: add des-cbc-md4.
	adjust krb5_encrypt and krb5_decrypt to reality

Mon Jul  7 02:46:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/encrypt.c: Implement as a vector of function pointers.

	* lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
 	des-cbc-md5 in separate functions.

	* lib/krb5/krb5.h: Add more checksum and encryption types.

	* lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.

Sun Jul  6 23:02:59 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/[gs]et_default_realm.c, kuserok.c: new files

	* lib/krb5/config_file.[ch]: new c-based configuration reading
 	stuff

Wed Jul  2 23:12:56 1997  Assar Westerlund  <assar@sics.se>

	* configure.in: Set WFLAGS if using gcc

Wed Jul  2 17:47:03 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/asn1/der_put.c (der_put_int): Return size correctly.

	* admin/ank.c: Be compatible with the asn1 principal format.

Wed Jul  1 23:52:20 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/asn1: Now all decode_* and encode_* functions now take a
 	final size_t* argument, that they return the size in. Return
 	values are zero for success, and anything else (such as some
 	ASN1_* constant) for error.

Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
 	O_WRONLY | O_APPEND

	* lib/krb5/get_cred.c: removed stale prototype for
 	`extract_ticket' and corrected call.

	* lib/asn1/gen_length.c (length_type): Make the length functions
 	for SequenceOf non-destructive

	* admin/ank.c (doit): Fix reading of `y/n'.

Mon Jun 16 05:41:43 1997  Assar Westerlund  <assar@sics.se>

	* lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number

	* lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.

	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
 	KRB5_AUTH_CONTEXT_DO_SEQUENCE.  Verify 8003 checksum.

	* lib/gssapi/8003.c: New file.

	* lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
 	Authenticator.

	* lib/krb5/auth_context.c: New functions
 	`krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'

Tue Jun 10 00:35:54 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5: Preapre for use of some asn1-types.

	* lib/asn1/*.c (copy_*): Constness.

	* lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
 	octet_string.

	* lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
 	general_string

	* lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
 	have anything to do with asn1_compile.

	* lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.

Sun Jun  8 03:51:55 1997  Assar Westerlund  <assar@sics.se>

	* kdc/kerberos5.c: Fix PA-ENC-TS-ENC

 	* kdc/connect.c(process_request): Set `new'

	* lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.

	* lib: Added editline,sl,roken.

Mon Jun  2 00:37:48 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/fcache.c: Move file cache from cache.c.

	* lib/krb5/cache.c: Allow more than one cache type.

Sun Jun  1 23:45:33 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* admin/extkeytab.c: Merged with kdb_edit.

Sun Jun  1 23:23:08 1997  Assar Westerlund  <assar@sics.se>

	* kdc/kdc.c: more support for ENC-TS-ENC

	* lib/krb5/get_in_tkt.c: redone to enable pre-authentication

Sun Jun  1 22:45:11 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/hdb/db.c: Merge fetch and store.

	* admin: Merge to one program.

	* lib/krb5/str2key.c: Fill in keytype and length.

Sun Jun  1 16:31:23 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
 	lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
 	KRB5_AUTH_CONTEXT_DO_SEQUENCE

	* lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
 	KRB_ERROR.  Some support for PA_ENC_TS_ENC.

	* lib/krb5/auth_context.c: implemented seq_number functions

	* lib/krb5/generate_subkey.c, generate_seq_number.c: new files

	* lib/gssapi/gssapi.h: avoid including <krb5.h>

	* lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
 	happy

	* kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP

	* configure.in: adapted to automake 1.1p

Mon May 26 22:26:21 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/principal.c: Add contexts to many functions.

Thu May 15 20:25:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/verify_user.c: First stab at a verify user.

	* lib/auth/sia/sia5.c: SIA module for Kerberos 5.

Mon Apr 14 00:09:03 1997  Assar Westerlund  <assar@sics.se>

	* lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
	able to (mostly) run gss-client and gss-server.

	* lib/krb5/keytab.c: implemented krb5_kt_add_entry,
 	krb5_kt_store_principal, krb5_kt_store_keyblock

	* lib/des/md5.[ch], sha.[ch]: new files

	* lib/asn1/der_get.c (generalizedtime2time): use `timegm'

	* lib/asn1/timegm.c: new file

	* admin/extkeytab.c: new program

	* admin/admin_locl.h: new file

	* admin/Makefile.am: Added extkeytab

	* configure.in: moved config to include
	removed timezone garbage
	added lib/gssapi and admin

	* Makefile.am: Added admin

Mon Mar 17 11:34:05 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/kdc.c: Use new copying functions, and free some data.

	* lib/asn1/Makefile.am: Try to not always rebuild generated files.

	* lib/asn1/der_put.c: Add fix_dce().

	* lib/asn1/der_{get,length,put}.c: Fix include files.

	* lib/asn1/der_free.c: Remove unused functions.

	* lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
 	gen_length, and gen_copy.

Sun Mar 16 18:13:52 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/sendauth.c: implemented functionality

	* lib/krb5/rd_rep.c: Use `krb5_decrypt'

	* lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
 	NULL

	* lib/krb5/principal.c (krb5_free_principal): added `context'
 	argument.  Changed all callers.

	(krb5_sname_to_principal): new function

	* lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
 	argument.  Changed all callers

	* lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files

	* lib/asn1/gen.c: Fix encoding and decoding of BitStrings

Fri Mar 14 11:29:00 1997  Assar Westerlund  <assar@sics.se>

	* configure.in: look for *dbm?

	* lib/asn1/gen.c: Fix filename in generated files. Check fopens.
  	Put trailing newline in asn1_files.

Fri Mar 14 05:06:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/get_in_tkt.c: Fix some memory leaks.

	* lib/krb5/krbhst.c: Properly free hostlist.

	* lib/krb5/decrypt.c: CRCs are 32 bits.

Fri Mar 14 04:39:15 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/asn1/gen.c: Generate one file for each type.

Fri Mar 14 04:13:47 1997  Assar Westerlund  <assar@sics.se>

	* lib/asn1/gen.c: Generate `length_FOO' functions

	* lib/asn1/der_length.c: new file

	* kuser/klist.c: renamed stime -> printable_time to avoid conflict
 	on HP/UX

Fri Mar 14 03:37:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
 	datums. Don't add .db to filename.

Fri Mar 14 02:49:51 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/dump.c: Database dump program.

	* kdc/ank.c: Trivial database editing program.

	* kdc/{kdc.c, load.c}: Use libhdb.

	* lib/hdb: New database routine library.

	* lib/krb5/error/Makefile.am: Add hdb_err.

Wed Mar 12 17:41:14 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.

	* lib/asn1/gen.c: Generate free functions.

	* Some specific free functions.

Wed Mar 12 12:30:13 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5_mk_req_ext.c: new file

	* lib/asn1/gen.c: optimize the case with a simple type

	* lib/krb5/get_cred.c (krb5_get_credentials): Use
 	`mk_req_extended' and remove old code.

	* lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
 	EncASRepPart, then with an EncTGSRepPart.

Wed Mar 12 08:26:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/store_emem.c: New resizable memory storage.

	* lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c

	* lib/krb5/krb5.h: Add free entry to krb5_storage.

	* lib/krb5/decrypt.c: Make keyblock const.

Tue Mar 11 20:22:17 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.

	* lib/krb5/rd_req.c: Return whole asn.1 ticket in
 	krb5_ticket->tkt.

	* lib/krb5/get_in_tkt.c: TGS -> AS

	* kuser/kfoo.c: Print error string rather than number.

	* kdc/kdc.c: Some kind of non-working TGS support.

Mon Mar 10 01:43:22 1997  Assar Westerlund  <assar@sics.se>

	* lib/asn1/gen.c: reduced generated code by 1/5

 	* lib/asn1/der_put.c: (der_put_length_and_tag): new function

	* lib/asn1/der_get.c (der_match_tag_and_length): new function

	* lib/asn1/der.h: added prototypes

Mon Mar 10 01:15:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
 	krb5_rd_req_with_keyblock.

	* lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
 	takes a precomputed keyblock.

	* lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.

	* lib/krb5/mk_req.c: Calculate checksum of in_data.

Sun Mar  9 21:17:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/error/compile_et.awk: Add a declaration of struct
 	error_list, and multiple inclusion block to header files.

Sun Mar  9 21:01:12 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_req.c: do some checks on times

	* lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
	address.c}: new files

	* lib/krb5/auth_context.c: more code

	* configure.in: try to figure out timezone

Sat Mar  8 11:41:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/error/error.c: Try strerror if error code wasn't found.

	* lib/krb5/get_in_tkt.c: Remove realm parameter from
 	krb5_get_salt.

	* lib/krb5/context.c: Initialize error table.

	* kdc: The beginnings of a kdc.

Sat Mar  8 08:16:28 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_safe.c: new file

	* lib/krb5/checksum.c (krb5_verify_checksum): New function

	* lib/krb5/get_cred.c: use krb5_create_checksum

	* lib/krb5/checksum.c: new file

	* lib/krb5/store.c: no more arithmetic with void*

	* lib/krb5/cache.c: now seems to work again

Sat Mar  8 06:58:09 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.

	* lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.

	* lib/krb5/asn1_glue.c: Moved some asn1-stuff here.

	* lib/krb5/{cache,keytab}.c: Use new storage functions.

	* lib/krb5/krb5.h: Protypes for new storage functions.

	* lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
 	data to more than file descriptors.

Sat Mar  8 01:01:17 1997  Assar Westerlund  <assar@sics.se>

	* lib/krb5/encrypt.c: New file.

	* lib/krb5/Makefile.am: More -I

	* configure.in: Test for big endian, random, rand, setitimer

	* lib/asn1/gen.c: perhaps even decodes bitstrings

Thu Mar  6 19:05:29 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* lib/krb5/config_file.y: Better return values on error.

Sat Feb  8 15:59:56 1997  Assar Westerlund  <assar@pdc.kth.se>

	* lib/asn1/parse.y: ifdef HAVE_STRDUP

	* lib/asn1/lex.l: ifdef strdup
	brange-dead version of list of special characters to make stupid
 	lex accept it.

	* lib/asn1/gen.c: A DER integer should really be a `unsigned'

	* lib/asn1/der_put.c: A DER integer should really be a `unsigned'

	* lib/asn1/der_get.c: A DER integer should really be a `unsigned'

	* lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
 	needed.

	* lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
 	lib/krb/store.h: new files.

	* lib/krb5/keytab.c: now even with some functionality.

	* lib/asn1/gen.c: changed paramater from void * to Foo *

	* lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
 	string.

Sun Jan 19 06:17:39 1997  Assar Westerlund  <assar@pdc.kth.se>

	* lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
 	cc before getting new ones.

	* lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.

	* lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
 	CRC should be stored LSW first. (?)

	* lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
 	`krb5_free_keyblock'

	* lib/**/Makefile.am: Rename foo libfoo.a

	* include/Makefile.in: Use test instead of [
	-e does not work with /bin/sh on psoriasis

	* configure.in: Search for awk
	create lib/krb/error/compile_et

Tue Jan 14 03:46:26 1997  Assar Westerlund  <assar@pdc.kth.se>

	* lib/krb5/Makefile.am: replaced mit-crc.c by crc.c

Wed Dec 18 00:53:55 1996  Johan Danielsson  <joda@emma.pdc.kth.se>

	* kuser/kinit.c: Guess principal.

	* lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
 	warnings.

	* lib/krb5/error/asn1_err.et: Add ASN.1 error messages.

	* lib/krb5/mk_req.c: Get client from cache.

	* lib/krb5/cache.c: Add better error checking some useful return
 	values.

	* lib/krb5/krb5.h: Fix krb5_auth_context.

	* lib/asn1/der.h: Make krb5_data compatible with krb5.h

Tue Dec 17 01:32:36 1996  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/error: Add primitive error library.

Mon Dec 16 16:30:20 1996  Johan Danielsson  <joda@emma.pdc.kth.se>

	* lib/krb5/cache.c: Get correct address type from cache.

	* lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.