2007-01-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/hx509.texi: add Application requirements and write about
	xmpp/jabber.
	
2007-01-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/hx509.texi: More about issuing certificates.

	* doc/hx509.texi: Start of a x.509 manual.

	* include/Makefile.am: remove install headerfiles

	* lib/krb5/test_pac.c: Use more interesting data to cause more
	errors.

	* include/Makefile.am: remove install headerfiles

	* lib/krb5/mcache.c: MCC_CURSOR not used, remove.

	* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used

	* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
	allocate data
	
2007-01-10  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* doc/setup.texi: Hint about hxtool validate.

	* appl/test/uu_server.c: print both "server" and "client"

	* kdc/krb5tgs.c: Rename keys to be more obvious what they do.

	* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
	Bartlett
	
	* kdc/windc.c: ident, spelling.

	* kdc/windc_plugin.h: indent.

	* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
	from Andrew Bartlett

	* kdc/windc.c: pass down server entry to verify_pac function, from
	Andrew Bartlett

	* kdc/windc_plugin.h: pass down server entry to verify_pac
	function, from Andrew Bartlett

	* configure.in: Provide a automake symbol ENABLE_SHARED if shared
	libraries are built.

	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
	when verifying the PAC.  From Andrew Bartlett.
	
2007-01-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/test_pac.c: move around to code test on real PAC.

	* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
	for real.

	* lib/krb5/test_pac.c: Test more PAC (note that the values used in
	this test is wrong, they have to be fixed when the pac code is
	fixed).

	* doc/setup.texi: Update to new hxtool issue-certificate usage

	* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
	and PK-INIT pa data, no need to expose our password protecting our
	PKCS12 key.

	* kuser/klist.c (print_cred_verbose): include ticket length in the
	verbose output
	
2007-01-08  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
	it linux is unhappy.

	* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
	it linux is unhappy.

	* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
	named "bar.domain", this make one of the tests pass when it
	shouldn't.

2007-01-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: Change --key argument to --out-key.

	* kuser/kimpersonate.1: mangle my name
	
2007-01-04  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* doc/setup.texi: describe how to use hx509 to create
	certificates.

	* tools/heimdal-build.sh: Add --distcheck.

	* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
	if we should include the PAC in the krbtgt.

	* kdc/pkinit.c (_kdc_as_rep): check if
	krb5_generate_random_keyblock failes.

	* kdc/kerberos5.c (_kdc_as_rep): check if
	krb5_generate_random_keyblock failes.

	* kdc/krb5tgs.c (tgs_build_reply): check if
	krb5_generate_random_keyblock failes.

	* kdc/krb5tgs.c: Scope etype.

	* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
	default on.

	* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
	its server signature.

	* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
	(_kdc_tkt_add_if_relevant_ad): constify in data argument.

	* kdc/windc_plugin.h: More comments add a client_access hook.

	* kdc/windc.c: Add _kdc_windc_client_access.

	* kdc/krb5tgs.c: rename functions after export some more pac
	functions.

	* lib/krb5/test_pac.c: export some more pac functions.

	* lib/krb5/pac.c: export some more pac functions.

	* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.

	* configure.in: add tests/plugin/Makefile
	
2007-01-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.

	* kdc/config.c: spelling

	* lib/krb5/krb5.h: typedef for krb5_pac.

	* kdc/headers.h: Include <windc_plugin.h>.

	* kdc/Makefile.am: Include windc.c and use windc_plugin.h

	* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
	Controller.

	* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
	Controller.  Move the some of the log related stuff to its own
	function.

	* kdc/config.c: Init callbacks for emulating a Windows Domain
	Controller.

	* kdc/windc.c: Rename the init function to windc instead of pac.

	* kdc/windc.c: Callbacks specific to emulating a Windows Domain
	Controller.

	* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
	Domain Controller.

	* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ

	* lib/krb5/pac.c: Support all keyed checksum types.
	
2007-01-02  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
	
	* lib/krb5/test_pac.c: test krb5_pac_get_types

	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.

	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.

	* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.

	* lib/krb5/test_pac.c: test Add/remove pac buffer functions.

	* lib/krb5/pac.c: Add/remove pac buffer functions.

	* lib/krb5/pac.c: sprinkle const

	* lib/krb5/pac.c: rename DCHECK to CHECK
	
	* Happy New Year.