2005-02-08 Love * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the caller requested to provide the user with a glue what the caller was asking for. 2005-02-05 Luke Howard * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop * kcm/acquire.c: don't leak salt if keyproc called multiple times * kcm/config.c: allow KCM system ccache to be configured from krb5.conf, in the system_ccache stanza of [kcm] 2005-02-03 Love Hörnquist Åstrand * kcm/protocol.c: use -1 as the invalid pid number * kcm/connect.c: support SCM_CREDS (for NetBSD) * kcm/Makefile.am: LDADD += LIB_pidfile * kcm/connect.c: make it possible to build on systems without SO_PEERCRED (still doesn't work) * kcm/config.c: cast argument to isdigit to unsigned char * lib/krb5/krb5.conf.5: document large_msg_size * lib/krb5/context.c (init_context_from_config_file): init large_msg_size to 6000 * lib/krb5/krb5.h (krb5_context_data): add large_msg_size, threshold where we start to use transport protocols without tiny max data transport sizes. * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h by now 2005-02-02 Luke Howard * configure.in: generate kcm/Makefile * Makefile.am: recurse into kcm/ if KCM defined * kcm: add KCM daemon 2005-02-02 Love Hörnquist Åstrand * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add some more error strings 2005-02-02 Luke Howard * configure.in: add --enable-kcm option for Kerberos Credentials Manager (KCM) * lib/krb5/Makefile.am: add kcm.c * lib/krb5/cache.c: use cc_retrieve_cred if present rather than enumerating ccache * lib/krb5/context.c: register KCM cc_ops * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock * lib/krb5/kcm.[ch]: add initial implementation of KCM client library * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag 2005-01-24 Luke Howard * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed krb5_get_init_creds_password() * kdc/kerberos5.c: don't crash when logging no server etype support if client == NULL 2005-01-17 Love Hörnquist Åstrand * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love 2005-01-12 Love Hörnquist Åstrand * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using PAM. From: Dave Love 2005-01-08 Love Hörnquist Åstrand * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to unsigned char * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned char * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to unsigned char * appl/kf/kfd.c (kfd_match_version): cast argument to islower to unsigned char * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more text about krb5_enctype_valid * lib/krb5/krb5_create_checksum.3: drop krb5_checksum_is_disabled * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point 2005-01-05 Love Hörnquist Åstrand * kpasswd/kpasswdd.8: document --addresses, controls what addresses kpasswd should listen too * kpasswd/kpasswdd.c: add --addresses, controls what addresses kpasswd should listen too * lib/krb5/addr_families.c (krb5_parse_address): filter out dup addresses from getaddrinfo * kpasswd/kpasswd.1: document -c * kpasswd/kpasswd.c: allow specifying a credential cache to use for the admin principal * include/bits.c: constify to avoid warning with -Wwrite-string * NEWS: add 0.6.2 and 0.6.3 items * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended * lib/krb5/krb5_is_thread_safe.3: document function * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3 * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the library was compiled with multithreading support. If not, application must global lock the library, it it uses threads that call kerberos functions at the same time. 2005-01-05 Luke Howard * lib/krb5/auth_context.c: use krb5_generate_subkey_extended() * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION * lib/krb5/build_auth.c: support for enctype negotiation (client sends EtypeList in Authenticator authz data) * lib/krb5/context.c: mutex should be destroyed last in krb5_free_context() * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(), set *subkey to NULL if key geneartion fails * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56 * lib/krb5/rd_req.c: support for enctype negotiation (client sends EtypeList in Authenticator authz data) 2005-01-04 Luke Howard * lib/asn1/k5.asn1: add authorization data types for enctype negotiation implementation 2005-01-04 Love Hörnquist Åstrand * lib/krb5/changepw.c (change_password_loop): on failing to find a kdc, set result_code to KRB5_KPASSWD_HARDERROR 2005-01-01 Love Hörnquist Åstrand * doc/heimdal.texi: Happy New Year