diff --git a/ChangeLog.2001 b/ChangeLog.2001
new file mode 100644
index 000000000..b048488f8
--- /dev/null
+++ b/ChangeLog.2001
@@ -0,0 +1,1122 @@
+2001-12-20  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/crypto.c: use our own des string-to-key function, since
+	the one from openssl sometimes generates wrong output
+
+2001-12-05  Jacques Vidrine <n@nectar.cc>
+
+        * lib/hdb/mkey.c: fix a bug in which kstash would crash if
+        there were no /etc/krb5.conf
+
+2001-11-09  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5_verify_user.3: sort references (from Thomas
+	Klausner)
+
+	* lib/krb5/krb5_principal_get_realm.3: add section to reference
+	(from Thomas Klausner)
+
+	* lib/krb5/krb5_krbhst_init.3: sort references (from Thomas
+	Klausner)
+
+	* lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner)
+
+	* lib/krb5/krb5_get_krbhst.3: remove extra white space (from
+	Thomas Klausner)
+
+	* lib/krb5/krb5_get_all_client_addrs.3: add section to reference
+	(from Thomas Klausner)
+
+2001-10-29  Jacques Vidrine <n@nectar.com>
+
+	* admin/get.c: fix a bug in which a reference to a data
+	structure on the stack was being kept after the containing
+	function's lifetime, resulting in a segfault during `ktutil
+	get'.
+
+2001-10-22  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/crypto.c: make all high-level encrypting and decrypting
+	functions check the return value of the underlying function and
+	handle errors more consistently.  noted by Sam Hartman
+	<hartmans@mit.edu>
+
+2001-10-21  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a
+	non-keyed checksum when it should be non-keyed
+
+2001-09-29  Assar Westerlund  <assar@sics.se>
+
+	* kuser/kinit.1: add the kauth alias
+	* kuser/kinit.c: allow specification of afslog in krb5.conf, noted
+	by jhutz@cs.cmu.edu
+
+2001-09-27  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/gen.c: remove the need for libasn1.h, also make
+	generated files include all files from IMPORTed modules
+
+	* lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values
+	* kpasswd/kpasswd.c: improve error message printing
+	* lib/krb5/changepw.c (krb5_passwd_result_to_string): add change
+	to use sequence numbers connect the udp socket so that we can
+	figure out the local address
+
+2001-09-25  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED
+
+2001-09-20  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/principal.c (krb5_425_conv_principal_ext): try using
+	lower case realm as domain, but only when given a verification
+	function
+
+2001-09-20  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/der_put.c (der_put_length): do not even try writing
+	anything when len == 0
+
+2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/hpropd.c: add realm override option
+
+	* lib/krb5/set_default_realm.c (krb5_set_default_realm): make
+	realm parameter const
+
+	* kdc/hprop.c: more free's
+
+	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key
+	proc data
+
+	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free
+	addrinfo
+
+	* lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when
+	not returning error
+
+2001-09-16  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time):
+	make realm const
+
+	* lib/krb5/crypto.c: use des functions to avoid generating
+	warnings with openssl's prototypes
+
+2001-09-05  Johan Danielsson  <joda@pdc.kth.se>
+
+	* configure.in: check for termcap.h
+
+	* lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy
+
+2001-09-03  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/addr_families.c (krb5_print_address): handle snprintf
+	returning < 0.  noticed by hin@stacken.kth.se
+
+2001-09-03  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.4e
+
+2001-09-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/Makefile.am: install kauth as a symlink to kinit
+
+	* kuser/kinit.c: get v4_tickets by default
+
+	* lib/asn1/Makefile.am: fix for broken automake
+
+2001-08-31  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke
+	Howard
+
+	* kuser/kinit.1: remove references to kauth
+
+	* kuser/Makefile.am: kauth is no more
+
+	* kuser/kinit.c: use appdefaults for everything. defaults are now
+	as in kauth.
+
+	* lib/krb5/appdefault.c: also check libdefaults, and realms/realm
+
+	* lib/krb5/context.c (krb5_free_context): free more stuff
+
+2001-08-30  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/verify_krb5_conf.c: do some checks of the values in the
+	file
+
+	* lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling
+
+	* lib/krb5/context.c: don't init srv_try_txt, since it isn't used
+	anymore
+
+2001-08-29  Jacques Vidrine  <n@nectar.com>
+
+	* configure.in: Check for already-installed com_err.
+
+2001-08-28  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1
+
+2001-08-24  Assar Westerlund  <assar@sics.se>
+
+	* kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require
+	no special treatment now
+
+	* kuser/generate-requests.c: parse arguments in a useful way
+	* kuser/kverify.c: add --help/--verify
+
+2001-08-22  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4
+
+	* configure.in: re-write the handling of crypto libraries.  try to
+	use the one of openssl's libcrypto or krb4's libdes that has all
+	the required functionality (md4, md5, sha1, des, rc4).  if there
+	is no such library, the included lib/des is built.
+
+	* kdc/headers.h: include libutil.h if it exists
+	* kpasswd/kpasswd_locl.h: include libutil.h if it exists
+	* kdc/kerberos4.c (get_des_key): check for null keys even if
+	is_server
+
+2001-08-21  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/asn1_print.c: print some size_t correctly
+	* configure.in: remove extra space after -L check for libutil.h
+
+2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/kdc_locl.h: fix prototype for get_des_key
+
+	* kdc/kaserver.c: fix call to get_des_key
+
+	* kdc/524.c: fix call to get_des_key
+
+	* kdc/kerberos4.c (get_des_key): if getting a key for a server,
+	return any des-key not just keys that can be string-to-keyed by
+	the client
+
+2001-08-10  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.4d
+
+2001-08-10  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: check for openpty
+	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0
+
+2001-08-08  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: just add -L (if required) from krb4 when testing
+	for libdes/libcrypto
+
+2001-08-04  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am (man_MANS): add some missing man pages
+	* fix-export: fix the sed expression for finding the man pages
+
+2001-07-31  Assar Westerlund  <assar@sics.se>
+
+	* kpasswd/kpasswd-generator.c (main): implement --version and
+	--help
+
+	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to
+	18:1:1
+
+2001-07-27  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/context.c (init_context_from_config_file): check
+	parsing of addresses
+
+2001-07-26  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/sock_principal.c (krb5_sock_to_principal): rename
+	sa_len -> salen to avoid the macro that's defined on irix.  noted
+	by "Jacques A. Vidrine" <n@nectar.com>
+
+2001-07-24  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/addr_families.c: add support for type
+	KRB5_ADDRESS_ADDRPORT
+
+	* lib/krb5/addr_families.c (krb5_address_order): complain about
+	unsuppored address types
+
+2001-07-23  Johan Danielsson  <joda@pdc.kth.se>
+
+	* admin/get.c: don't open connection to server until we loop over
+	the principals, at that time we know the realm of the (first)
+	principal and we can default to that admin server
+
+	* admin: add a rename command
+
+2001-07-19  Assar Westerlund  <assar@sics.se>
+
+	* kdc/hprop.c (usage): clarify a tiny bit
+
+2001-07-19  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.4c
+
+2001-07-19  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+	18:0:1
+
+	* lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave
+	the same way as the MIT function
+
+	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0
+	* lib/krb5/sock_principal.c (krb5_sock_to_principal): use
+	getnameinfo
+
+	* lib/krb5/krbhst.c (srv_find_realm): handle port numbers
+	consistenly in local byte order
+
+	* lib/krb5/get_default_realm.c (krb5_get_default_realm): set an
+	error string
+
+	* kuser/kinit.c (renew_validate): invert condition correctly.  get
+	v4 tickets if we succeed renewing
+	* lib/krb5/principal.c (krb5_principal_get_type): add
+	(default_v4_name_convert): add "smtp"
+
+2001-07-13  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: remove make-print-version from LIBOBJS, it's no
+	longer in lib/roken but always built in lib/vers
+
+2001-07-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/hdb/mkey.c: more set_error_string
+
+2001-07-12  Assar Westerlund  <assar@sics.se>
+
+	* lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library
+	dependencies
+
+	* lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library
+	dependencies
+
+2001-07-11  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/hprop.c: remove v4 master key handling; remove old v4-db and
+	ka-db flags; add defaults for v4_realm and afs_cell
+
+2001-07-09  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname
+	before calling krb5_sname_to_principal.  from "Jacques A. Vidrine"
+	<n@nectar.com>
+
+2001-07-08  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/context.c: use krb5_copy_addresses instead of
+	copy_HostAddresses
+
+2001-07-06  Assar Westerlund  <assar@sics.se>
+
+	* configure.in (LIB_des_a, LIB_des_so): add these so that they can
+	be used by lib/auth/sia
+
+	* kuser/kinit.c: re-do some of the v4 fallbacks: look at
+	get-tokens flag do not print extra errors do not try to do 524 if
+	we got tickets from a v4 server
+
+2001-07-03  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/replay.c (krb5_get_server_rcache): cast argument to
+	printf
+
+	* lib/krb5/get_addrs.c (find_all_addresses): call free_addresses
+	on ignore_addresses correctly
+	* lib/krb5/init_creds.c
+	(krb5_get_init_creds_opt_set_default_flags): change to take a
+	const realm
+
+	* lib/krb5/principal.c (krb5_425_conv_principal_ext): if the
+	instance is the first component of the local hostname, the
+	converted host should be the long hostname.  from
+	<shadow@dementia.org>
+
+2001-07-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/Makefile.am: address.c is no more; add a couple of
+	manpages
+
+	* lib/krb5/krb5_timeofday.3: new manpage
+
+	* lib/krb5/krb5_get_all_client_addrs.3: new manpage
+
+	* lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as
+	wildcard
+
+	* lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as
+	wildcard
+
+	* lib/krb5/get_addrs.c: don't include client addresses that match
+	ignore_addresses
+
+	* lib/krb5/context.c: initialise ignore_addresses
+
+	* lib/krb5/addr_families.c: add new `arange' fake address type,
+	that matches more than one address; this required some internal
+	changes to many functions, so all of address.c got moved here
+	(wasn't much left there)
+
+	* lib/krb5/krb5.h: add list of ignored addresses to context
+
+2001-07-03  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.4b
+
+2001-07-03  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0
+	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0
+
+2001-07-03  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.4a
+
+2001-07-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.c: make this compile without krb4 support
+
+	* lib/krb5/write_message.c: remove priv parameter from
+	write_safe_message; don't know why it was there in the first place
+
+	* doc/install.texi: remove kaserver switches, it's always compiled
+	in now
+
+	* kdc/hprop.c: always include kadb support
+
+	* kdc/kaserver.c: always include kaserver support
+
+2001-07-02  Assar Westerlund  <assar@sics.se>
+
+	* kpasswd/kpasswdd.c (doit): make failing to bind a socket a
+	non-fatal error, and abort if no sockets were bound
+
+2001-07-01  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krbhst.c: remember the real port number when falling
+	back from kpasswd -> kadmin, and krb524 -> kdc
+
+2001-06-29  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
+	no_addresses is set, do not add any local addresses to KRB_CRED
+
+	* kuser/kinit.c: remove extra clearing of password and some
+	redundant code
+
+2001-06-29  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.c: move ticket conversion code to separate function,
+	and call that from a couple of places, like when renewing a
+	ticket; also add a flag for just converting a ticket
+
+	* lib/krb5/init_creds_pw.c: set renew-life to some sane value
+
+	* kdc/524.c: don't send more data than required
+
+2001-06-24  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns
+
+	* lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
+	(any_start_seq_get): remove a double free
+	(any_next_entry): iterate over all (sub) keytabs and avoid leave data
+	around to be freed again
+
+	* kdc/kdc_locl.h: add a define for des_new_random_key when using
+	openssl's libcrypto
+
+	* configure.in: move v6 tests down
+
+	* lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052
+
+	* update to libtool 1.4 and autoconf 2.50
+
+2001-06-22  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/hdb/hdb.c: use krb5_add_et_list
+
+2001-06-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/hdb/Makefile.am: add generation number
+	* lib/hdb/common.c: add generation number code
+	* lib/hdb/hdb.asn1: add generation number
+	* lib/hdb/print.c: use krb5_storage to make it more dynamic
+
+2001-06-21  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.conf.5: update to changed names used by
+	krb5_get_init_creds_opt_set_default_flags
+	* lib/krb5/init_creds.c
+	(krb5_get_init_creds_opt_set_default_flags): make the appdefault
+	keywords have the same names
+
+	* configure.in: only add -L and -R to the krb4 libdir if we are
+	actually using it
+
+	* lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
+	dot of hostname add some comments
+	* lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
+	testing for kerberos.REALM.  this allows reusing that information
+	when actually contacting the server and thus avoids one DNS lookup
+
+2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5.h: include k524_err.h
+
+	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
+	for keytype, the server will do this for us if it has anything to
+	complain about
+
+	* lib/krb5/context.c: add protocol compatible krb524 error codes
+
+	* lib/krb5/Makefile.am: add protocol compatible krb524 error codes
+
+	* lib/krb5/k524_err.et: add protocol compatible krb524 error codes
+
+	* lib/krb5/krb5_principal_get_realm.3: manpage
+
+	* lib/krb5/principal.c: add functions `krb5_principal_get_realm'
+	and `krb5_principal_get_comp_string' that returns parts of a
+	principal; this is a replacement for the internal
+	`krb5_princ_realm' and `krb5_princ_component' macros that everyone
+	seem to use
+
+2001-06-19  Assar Westerlund  <assar@sics.se>
+
+	* kuser/kinit.c (main): dereference result from krb5_princ_realm.
+	from Thomas Nystrom <thn@saeab.se>
+
+2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
+	* lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
+	* lib/krb5/krbhst.c (config_get_hosts): free hostlist
+	* kuser/kinit.c: free principal
+
+2001-06-18  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
+	freeaddrinfo
+
+	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
+	remove some unused variables
+
+	* lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
+	* kdc/kerberos5.c: update to new krb5_auth_con* names
+	* kdc/hpropd.c: update to new krb5_auth_con* names
+	* lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
+	and remove some comments
+	* lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
+	order: remote - local - session
+	* lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
+	auth_context
+	* lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
+	order: remote - local - session
+	* lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
+	local - remote - session
+
+2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/convert_creds.c: use starttime instead of authtime,
+	from Chris Chiappa
+
+	* lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
+	the MIT function by the same name; add
+	krb524_convert_creds_kdc_ccache that does what the old version did
+
+	* admin/list.c (do_list): make sure list of keys is NULL
+	terminated; similar to patch sent by Chris Chiappa
+
+2001-06-18  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/mcache.c (mcc_remove_cred): use
+	krb5_free_creds_contents
+
+	* lib/krb5/auth_context.c: name function krb5_auth_con more
+	consistenly
+	* lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
+	renamed krb5_auth_con_getauthenticator
+
+	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
+	use krb5_krbhst API
+	* lib/krb5/changepw.c (krb5_change_password): update to use
+	krb5_krbhst API
+	* lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
+	* lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
+	in krb5_krbhst_info
+	(krb5_krbhst_free): free everything
+
+	* lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
+	(krb5_krbhst_info): add def_port (default port for this service)
+
+	* lib/krb5/krbhst-test.c: make it more verbose and useful
+	* lib/krb5/krbhst.c: remove some more memory leaks do not try any
+	dns operations if there is local configuration admin: fallback to
+	kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
+	add some comments
+
+	* configure.in: remove initstate and setstate, they should be in
+	cf/roken-frag.m4
+
+	* lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
+	* lib/krb5/krbhst-test.c: new program for testing krbhst
+	* lib/krb5/krbhst.c (common_init): remove memory leak
+	(main): move test program into krbhst-test
+
+2001-06-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5_krbhst_init.3: manpage
+
+	* lib/krb5/krb5_get_krbhst.3: manpage
+
+2001-06-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
+
+	* lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
+
+	* lib/krb5/krb5.h: types for new krbhst api
+
+	* lib/krb5/krbhst.c: implement a new api that looks up one host at
+	a time, instead of making a list of hosts
+
+2001-06-09  Johan Danielsson  <joda@pdc.kth.se>
+
+	* configure.in: test for initstate and setstate
+
+	* lib/krb5/krbhst.c: remove rfc2052 support
+
+2001-06-08  Johan Danielsson  <joda@pdc.kth.se>
+
+	* fix some manpages for broken mdoc.old grog test
+
+2001-05-28  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.conf.5: add [appdefaults]
+	* lib/krb5/init_creds_pw.c: remove configuration reading that is
+	now done in krb5_get_init_creds_opt_set_default_flags
+	* lib/krb5/init_creds.c
+	(krb5_get_init_creds_opt_set_default_flags): add reading of
+	libdefaults versions of these and add no_addresses
+
+	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
+	when preauth was required and we retry
+
+2001-05-25  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
+	krb5_get_krb524hst
+	* lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
+	support functions
+
+2001-05-22  Assar Westerlund  <assar@sics.se>
+
+	* kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
+	properly
+
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.3f
+
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am: bump version to 16:0:0
+	* lib/hdb/Makefile.am: bump version to 7:1:0
+	* lib/asn1/Makefile.am: bump version to 5:0:0
+	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
+	* lib/krb5/codec.c: remove dead code
+
+2001-05-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/config.c: actually check the ticket addresses
+
+2001-05-15  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
+	parenthesis
+
+	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
+	`errno' (called system_error) to allow callers to make sure they
+	pass the current and relevant value.  update callers
+
+2001-05-14  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/verify_user.c: krb5_verify_user_opt
+
+	* lib/krb5/krb5.h: verify_opt
+
+	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
+
+2001-05-14  Assar Westerlund  <assar@sics.se>
+
+	* kpasswd/kpasswdd.c: adapt to new address functions
+	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
+	* kdc/connect.c: adapt to changing address functions
+	* kdc/config.c: new krb5_config_parse_file
+	* kdc/524.c: new krb5_sockaddr2address
+	* lib/krb5/*: add some krb5_{set,clear}_error_string
+
+	* lib/asn1/k5.asn1 (LR_TYPE): add
+	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
+
+2001-05-11  Assar Westerlund  <assar@sics.se>
+
+	* kdc/kerberos5.c (tsg_rep): fix typo in variable name
+
+	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
+	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
+	types and send two prompts at once when changning password
+	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
+	* lib/krb5/krb5.h (krb5_prompt): add type
+	(krb5_prompter_fct): add anem
+
+	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
+	paramaters to krb5_cc_next_cred (as MIT does, and not as they
+	document).  From "Jacques A. Vidrine" <n@nectar.com>
+
+2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/Makefile.am: store-test
+
+	* lib/krb5/store-test.c: simple bit storage test
+
+	* lib/krb5/store.c: add more byteorder storage flags
+	
+	* lib/krb5/krb5.h: add more byteorder storage flags
+	
+	* kdc/kerberos5.c: don't use NULL where we mean 0
+
+	* kdc/kerberos5.c: put referral test code in separate function,
+	and test for KRB5_NT_SRV_INST
+
+2001-05-10  Assar Westerlund  <assar@sics.se>
+
+	* admin/list.c (do_list): do not close the keytab if opening it
+	failed
+	* admin/list.c (do_list): always print complete names.  print
+	everything to stdout.
+	* admin/list.c: print both v5 and v4 list by default
+	* admin/remove.c (kt_remove): reorganize some.  open the keytab
+	(defaulting to the modify one).
+	* admin/purge.c (kt_purge): reorganize some.  open the keytab
+	(defaulting to the modify one). correct usage strings
+	* admin/list.c (kt_list): reorganize some.  open the keytab
+	* admin/get.c (kt_get): reorganize some.  open the keytab
+	(defaulting to the modify one)
+	* admin/copy.c (kt_copy): default to modify key name.  re-organise
+	* admin/change.c (kt_change): reorganize some.  open the keytab
+	(defaulting to the modify one)
+	* admin/add.c (kt_add): reorganize some.  open the keytab
+	(defaulting to the modify one)
+	* admin/ktutil.c (main): do not open the keytab, let every
+	sub-function handle it
+
+	* kdc/config.c (configure): call free_getarg_strings
+
+	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
+	a few more errors
+
+	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
+	`use_dns' parameter boolean
+
+	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
+	* lib/krb5/context.c (init_context_from_config_file): set
+	default_keytab_modify
+	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
+	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
+	(KEYTAB_DEFAULT_MODIFY): add
+	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
+	(krb5_kt_resolve): set error string for failed keytab type
+
+2001-05-08  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/crypto.c (encryption_type): make field names more
+	consistent
+	(create_checksum): separate usage and type
+	(krb5_create_checksum): add a separate type parameter
+	(encrypt_internal): only free once on mismatched checksum length
+
+	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
+	realm we didn't manage to reach any KDC for in the error string
+
+	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
+	the entire subkey.  from <tmartin@mirapoint.com>
+
+2001-05-07  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
+	KT_NOTFOUND if the file is empty
+
+2001-05-07  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
+	fatally
+	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
+	fails fatally
+
+	* lib/krb5/warn.c (_warnerr): print error_string in context in
+	preference to error string derived from error code
+	* kuser/kinit.c (main): try to print the error string
+	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
+	error strings for errors
+
+	* lib/krb5/krb5.h (krb5_context_data): add error_string and
+	error_buf
+	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
+	* lib/krb5/error_string.c: new file
+
+2001-05-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/time.c: krb5_string_to_deltat
+
+	* lib/krb5/sock_principal.c: one less data copy
+
+	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
+
+	* lib/krb5/get_default_principal.c: change this slightly
+
+	* lib/krb5/crypto.c: make checksum_types into an array of pointers
+
+	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
+	ticket
+
+2001-04-29  Assar Westerlund  <assar@sics.se>
+
+	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
+	the right realm if we fail to find a non-krbtgt service in the
+	database and the second component does a succesful non-dns lookup
+	to get the real realm (which has to be different from the
+	originally-supplied realm).  this should help windows 2000 clients
+	that always start their lookups in `their' realm and do not have
+	any idea of how to map hostnames into realms
+	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
+
+2001-04-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
+	parameter to request use of dns or not
+
+2001-04-25  Assar Westerlund  <assar@sics.se>
+
+	* admin/get.c (kt_get): allow specification of encryption types
+	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
+	close an unopened ccache, noted by <marc@mit.edu>
+
+	* lib/krb5/krb5.h (krb5_any_ops): add declaration
+	* lib/krb5/context.c (init_context_from_config_file): register
+	krb5_any_ops
+
+	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
+	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
+	
+	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
+	== NULL.  noted by <marc@mit.edu>
+
+2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
+	else, from Jacques Vidrine
+
+2001-04-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
+
+	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
+
+	* lib/krb5/krb5.h: adapt to asn1 changes
+
+	* lib/asn1/k5.asn1: move enctypes here
+
+	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
+	conflicts
+
+	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
+	conflicts
+
+	* lib/asn1/lex.l: use strtol to parse constants
+
+2001-04-06  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.c: add simple support for running commands
+
+2001-03-26  Assar Westerlund  <assar@sics.se>
+
+	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
+	with more versions of openldap
+
+	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
+	replies
+	(*): update callers of krb5_km_error
+	(check_tgs_flags): handle renews requesting non-renewable tickets
+
+	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
+	and cusec
+
+	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
+	compatibility names
+
+	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
+	means pick from the `crypto' (context) and otherwise use that
+	type.  this is not a large change in practice and allows callers
+	to specify the exact checksum algorithm to use
+
+2001-03-13  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
+	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
+	integrity'.  this helps for talking to old (pre 0.3d) KDCs
+
+2001-03-12  Assar Westerlund  <assar@pdc.kth.se>
+
+	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
+	derived-key-test.c
+	* lib/krb5/string-to-key-test.c: add new test vectors posted by
+	Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
+	ietf-krb-wg@anl.gov
+	* lib/krb5/n-fold-test.c: more test vectors from same source
+	* lib/krb5/derived-key-test.c: more tests from same source
+
+2001-03-06  Assar Westerlund  <assar@sics.se>
+
+	* acconfig.h: include roken_rename.h when appropriate
+
+2001-03-06  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
+
+2001-03-04  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
+	compatibility with MIT krb5
+
+2001-03-02  Assar Westerlund  <assar@sics.se>
+
+	* kuser/kinit.c (main): only request a renewable ticket when
+	explicitly requested.  it still gets a renewable one if the renew
+	life is specified
+	* kuser/kinit.c (renew_validate): treat -1 as flags not being set
+
+2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
+
+2001-02-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
+
+2001-02-25  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: do not use -R when testing for des functions
+
+2001-02-14  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: test for lber.h when trying to link against
+ 	openldap to handle openldap v1, from Sumit Bose
+ 	<sumit.bose@suse.de>
+
+2001-02-19  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/libasn1.h: add string.h (for memset)
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/warn.c (_warnerr): add printf attributes
+	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
+	returned by getaddrinfo before trying the next kdc.  from
+	thorpej@netbsd.org
+
+	* lib/krb5/krb5.conf.5: fix default_realm in example
+
+	* kdc/connect.c: fix a few kdc_log format types
+
+	* configure.in: try to handle libdes/libcrypto ont requiring -L
+
+2001-02-10  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
+	the beginning of the generated function, and add a label `fail'
+	that the code jumps to in case of errors that frees all allocated
+	data
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: aix dce: fix misquotes, from Ake Sandgren
+	<ake@cs.umu.se>
+
+	* configure.in (dpagaix_LDFLAGS): try to add export file
+
+2001-02-05  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5_keytab.3: new man page, contributed by
+	<lha@stacken.kth.se>
+
+	* kdc/kaserver.c: update to new db_fetch4
+
+2001-02-05  Assar Westerlund  <assar@assaris.sics.se>
+
+	* Release 0.3e
+
+2001-01-30  Assar Westerlund  <assar@sics.se>
+
+	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
+	properly
+	(kdb_prop): decrypt key properly
+	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
+	data with the master key leave it up to the v5 how to encrypt with
+	that master key
+
+	* kdc/kstash.c: include file name in error messages
+	* kdc/hprop.c: fix a typo and check some more return values
+	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
+	correctly.  From Jacques Vidrine <n@nectar.com>
+	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
+	ENOENT
+
+	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+	15:0:0
+	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
+	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
+	* kdc/misc.c (db_fetch): return an error code.  change callers to
+	look at this and try to print it in log messages
+
+	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
+	enough data
+
+2001-01-29  Assar Westerlund  <assar@sics.se>
+
+	* kdc/hprop.c (realm_buf): move it so it becomes properly
+	conditional on KRB4
+
+	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
+	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
+	master key and that we manage to decrypt the key properly,
+	returning an error code.  fix all callers to check return value.
+
+	* tools/krb5-config.in: use @LIB_des_appl@
+	* tools/Makefile.am (krb5-config): add LIB_des_appl
+	* configure.in (LIB_des): set correctly
+	(LIB_des_appl): add for the use by krb5-config.in
+
+	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
+	to make sure of not dropping data when doing it over a socket.
+	(this might break when used with ordinary files on win32)
+
+	* lib/hdb/hdb_err.et (NO_MKEY): add
+
+	* kdc/kerberos5.c (as_rep): be paranoid and check
+	krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
+
+	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
+	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
+	<lha@stacken.kth.se>
+
+	* use the openssl api for md4/md5/sha and handle openssl/*.h
+
+	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
+ 	<lha@stacken.kth.se>
+
+2001-01-28  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: send -R instead of -rpath to libtool to set
+	runtime library paths
+
+	* lib/krb5/Makefile.am: remove all dependencies on libkrb
+
+2001-01-27  Assar Westerlund  <assar@sics.se>
+
+	* appl/rcp: add port of bsd rcp changed to use existing rsh,
+	contributed by Richard Nyberg <rnyberg@it.su.se>
+
+2001-01-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/get_port.c: don't warn if the port name can't be found,
+	nobody cares anyway
+
+2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/hprop.c: make it possible to convert a v4 dump file without
+	having any v4 libraries; the kdb backend still require them
+
+	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
+	don't have to depend on any v4 libraries
+
+	* kdc/hprop.h: include shadow definition of kdb Principal, so we
+	don't have to depend on any v4 libraries
+
+	* lib/hdb/print.c: reduce number of memory allocations
+
+	* lib/hdb/mkey.c: add support for reading krb4 /.k files
+
+2001-01-19  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
+	for realms document capath better
+
+	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
+	at kpasswd_server before admin_server
+
+	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
+	[libdefaults]capath for better hint of realm to send request to.
+	this allows the client to specify `realm routing information' in
+	case it cannot be done at the server (which is preferred)
+
+	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
+	zero when we were expecting a sequence number.  MIT krb5 cannot
+	generate a sequence number of zero, instead generating no sequence
+	number
+	* lib/krb5/rd_safe.c (krb5_rd_safe): dito
+
+2001-01-11  Assar Westerlund  <assar@sics.se>
+
+	* kpasswd/kpasswdd.c: add --port option
+
+2001-01-10  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
+	just before returning
+
+2001-01-09  Assar Westerlund  <assar@sics.se>
+
+	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
+
+2001-01-05  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.c: call a time `time', and not `seconds'
+
+	* lib/krb5/init_creds.c: not much point in setting the anonymous
+	flag here
+
+	* lib/krb5/krb5_appdefault.3: document appdefault_time
+
+2001-01-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/verify_user.c: use
+	krb5_get_init_creds_opt_set_default_flags
+
+	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
+
+	* lib/krb5/init_creds.c: new function
+	krb5_get_init_creds_opt_set_default_flags to set options from
+	krb5.conf
+
+	* lib/krb5/rd_cred.c: make this match the MIT function
+	
+	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
+	def_val
+	(krb5_appdefault_time): new function
+
+2001-01-03  Assar Westerlund  <assar@sics.se>
+
+	* kdc/hpropd.c (main): handle EOF when reading from stdin