2003-03-26 Love Hörnquist Åstrand * doc/misc.texi: spelling and add `Configuring AFS clients' subsection 2003-03-25 Love Hörnquist Åstrand * lib/krb5/krb5.3: add krb5_free_data_contents.3 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT API * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat with MIT API * lib/krb5/krb5_verify_user.3: write more about how the ccache argument should be inited when used 2003-03-25 Johan Danielsson * lib/krb5/addr_families.c (krb5_print_address): make sure print_addr is defined for the given address type; make addrports printable * kdc/string2key.c: print the used enctype for kerberos 5 keys 2003-03-25 Love Hörnquist Åstrand * lib/krb5/aes-test.c: add another arcfour test 2003-03-22 Love Hörnquist Åstrand * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 2003-03-20 Love Hörnquist Åstrand * lib/krb5/krb5_ccache.3: update .Dd * lib/krb5/krb5.3: sort in krb5_data functions * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 * lib/krb5/krb5_data.3: document krb5_data * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if prompter is NULL, don't try to ask for a password to change. reported by Iain Moffat @ ufl.edu via Howard Chu 2003-03-19 Love Hörnquist Åstrand * lib/krb5/krb5_keytab.3: spelling, from * lib/krb5/krb5.conf.5: . means new line * lib/krb5/krb5.conf.5: spelling, from * lib/krb5/krb5_auth_context.3: spelling, from 2003-03-18 Love Hörnquist Åstrand * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out #ifdef KRB4 from enable_v4_cross_realm since 524 needs it * kdc/config.c: 524 is independent of kerberos 4, so move out enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 2003-03-17 Assar Westerlund * kdc/kdc.8: document --kerberos4-cross-realm * kdc/kerberos4.c: pay attention to enable_v4_cross_realm * kdc/kdc_locl.h (enable_v4_cross_realm): add * kdc/524.c (encode_524_response): check the enable_v4_cross_realm flag before giving out v4 tickets for foreign v5 principals * kdc/config.c: add --enable-kerberos4-cross-realm option (default to off) 2003-03-17 Love Hörnquist Åstrand * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 * lib/krb5/krb5_aname_to_localname.3: manpage for krb5_aname_to_localname * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 2003-03-16 Love Hörnquist Åstrand * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 * lib/krb5/krb5_set_default_realm.3: Manpage for krb5_free_host_realm, krb5_get_default_realm, krb5_get_default_realms, krb5_get_host_realm, and krb5_set_default_realm. * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado via NetBSD * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more types, add krb5_fcc_ops and krb5_mcc_ops * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for a id 2003-03-15 Love Hörnquist Åstrand * doc/intro.texi: add reference to source code, binaries and the manual * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 2003-03-14 Love Hörnquist Åstrand * kdc/kdc.8: better/difrent english * kdc/kdc.8: . -> .\n, copyright/license * kdc/kdc.8: changed configuration file -> restart kdc * kdc/kerberos4.c: add krb4 into the most error messages written to the logfile * lib/krb5/krb5_ccache.3: add missing name of argument (krb5_context) to most functions 2003-03-13 Love Hörnquist Åstrand * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of function and return FALSE when there isn't a local account for `luser'. * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text describing the function 2003-03-12 Love Hörnquist Åstrand * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name returned memory, don't return ENOMEM 2003-03-11 Love Hörnquist Åstrand * lib/krb5/krb5.3: add krb5_address stuff and sort * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 * lib/krb5/krb5_address.3: document types krb5_address and krb5_addresses and their helper functions 2003-03-10 Love Hörnquist Åstrand * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se * lib/krb5/krb5.3: add more functions * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc functions * lib/krb5/krb5_kuserok.3: document krb5_kuserok * lib/krb5/krb5_verify_user.3: document krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and krb5_verify_user_opt * lib/krb5/*.[0-9]: add copyright/licenses on more manpages * kuser/kdestroy.c (main): handle that krb5_cc_default_name can return NULL * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor (TESTS): add test_cc * lib/krb5/test_cc.c: test some krb5_cc_default_name/krb5_cc_set_default_name combinations * lib/krb5/context.c (init_context_from_config_file): set default_cc_name to NULL (krb5_free_context): free default_cc_name if set * lib/krb5/cache.c (krb5_cc_set_default_name): new function (krb5_cc_default_name): use krb5_cc_set_default_name * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 2003-02-25 Love Hörnquist Åstrand * appl/kf/kf.1: s/securly/securely/ from NetBSD 2003-02-18 Love Hörnquist Åstrand * kdc/connect.c: s/intialize/initialize, from 2003-02-17 Love Hörnquist Åstrand * configure.in: add AM_MAINTAINER_MODE 2003-02-16 Love Hörnquist Åstrand * **/*.[0-9]: add copyright/licenses on all manpages 2003-14-16 Jacques Vidrine * lib/krb5/get_in_tkt.c (init_as_req): Send only a single PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption type specified by the KDC. 2003-02-15 Love Hörnquist Åstrand * fix-export: some autoconf put their version number in autom4te.cache, so remove autom4te*.cache * fix-export: make sure $1 is a directory 2003-02-04 Love Hörnquist Åstrand * kpasswd/kpasswdd.8: spelling, from jmc * kdc/kdc.8: spelling, from jmc 2003-01-31 Love Hörnquist Åstrand * kdc/hpropd.8: s/databases/a database/ s/Not/not/ * kdc/hprop.8: add missing . 2003-01-30 Love Hörnquist Åstrand * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, address, write out encryption type in sentences, s/Host/host 2003-01-26 Love Hörnquist Åstrand * lib/asn1/check-gen.c: add checks for Authenticator too 2003-01-25 Love Hörnquist Åstrand * doc/setup.texi: in the hprop example, use hprop and the first component, not host * lib/krb5/get_addrs.c (find_all_addresses): address-less point-to-point might not have an address, just ignore those. Reported by Harald Barth. 2003-01-23 Love Hörnquist Åstrand * lib/krb5/verify_krb5_conf.c (check_section): when key isn't found, don't print out all known keys * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity and facility start resp (check_log): find_value() returns -1 when key isn't found * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 'const void *' to avoid AES_KEY being exposed in krb5-private.h * lib/krb5/krb5.conf.5: add [kdc]use_2b * kdc/524.c (encode_524_response): its 2b not b2 * doc/misc.texi: quote @ where missing * lib/asn1/Makefile.am: add check-gen * lib/asn1/check-gen.c: add Principal check * lib/asn1/check-common.h: move generic asn1/der functions from check-der.c to here * lib/asn1/check-common.c: move generic asn1/der functions from check-der.c to here * lib/asn1/check-der.c: move out the generic asn1/der functions to a common file 2003-01-22 Love Hörnquist Åstrand * doc/misc.texi: more text about afs, how to get get your KeyFile, and how to start use 2b tokens * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 2003-01-21 Jacques Vidrine * kuser/kuser_locl.h: include crypto-headers.h for des_read_pw_string prototype 2003-01-16 Love Hörnquist Åstrand * admin/ktutil.8: document -v, --verbose * admin/get.c (kt_get): make getarg usage consistent with other other parts of ktutil * admin/copy.c (kt_copy): remove adding verbose_flag to args struct, since it will overrun the args array (from Sumit Bose) 2003-01-15 Love Hörnquist Åstrand * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = ... } * lib/krb5/aes-test.c: test vectors in aes-draft * lib/krb5/Makefile.am: add aes-test.c * lib/krb5/crypto.c: Add support for AES (draft-raeburn-krb-rijndael-krb-02), not enabled by default. (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify to support checksumtype that are have a shorter wireformat then their output block size. * lib/krb5/crypto.c (struct encryption_type): split the blocksize into blocksize and padsize, padsize is the minimum padding size. they are the same for now (enctype_*): add padsize (encrypt_internal): use padsize (encrypt_internal_derived): use padsize (wrapped_length): use padsize (wrapped_length_dervied): use padsize * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key function for each enctype in preparation enctypes that uses `Encryption and Checksum Specifications for Kerberos 5' draft * lib/asn1/k5.asn1: add checksum and enctype for AES from draft-raeburn-krb-rijndael-krb-02.txt * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, KEYTYPE_AES256 2003-01-14 Love Hörnquist Åstrand * lib/hdb/common.c (_hdb_fetch): handle error code from hdb_value2entry * kdc/Makefile.am: always include kerberos4.c and 524.c in kdc_SOURCES to support 524 * kdc/524.c: always compile in support for 524 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 * kdc/config.c: always compile in support for 524 * kdc/connect.c: always compile in support for 524 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() even when we build without kerberos 4, 524 needs them * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out Kerberos 4 help functions/structures so other parts of the source tree can use it (like the KDC)