heimdal/ChangeLog

2005-03-10  Love  <lha@kth.se>

	* lib/krb5/pkinit.c: handle the -25 generation path

	* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19
	
	* lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes
	
2005-03-09  Love  <lha@kth.se>

	* kdc/pkinit.c: use generated oid's
	
	* lib/krb5/pkinit.c: use generated oid's
	
2005-03-08  Love  <lha@kth.se>

	* kdc/pkinit.c: update to the asn1 structures used in -25's

	* lib/krb5/pkinit.c: update to the asn1 structures used in -25's

2005-03-04  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* lib/hdb/hdb-ldap.c: use the newly written hex function from
	roken and remove the old implementation

2005-03-01  Love Hörnquist Åstrand  <lha@it.su.se>

	* appl/test/http_client.c: allow specifing port to connect to

2005-02-24  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am: bump version to 21:0:4

	* lib/hdb/Makefile.am: bump version to 8:0:1
	
	* lib/asn1/Makefile.am: bump version to 7:0:1

2005-02-23  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/crypto.c (DES_string_to_key_int): must check for weak
	keys after doing the DES_cbc_cksum

2005-02-19  Luke Howard  <lukeh@padl.com>

	* lib/krb5/krbhst.c: set KD_CONFIG after calling
	  config_get_hosts() in kpasswd_get_next()
	  From: Wynn Wilkes <wynnw@vintela.com>

2005-02-15  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/db3.c (DB_open): correct the check for O_RDONLY
	From: Chaskiel M Grundman <cg2v@andrew.cmu.edu>

2005-02-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to
	make %d work

2005-02-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the
	caller requested to provide the user with a glue what the caller
	was asking for.

2005-02-05  Luke Howard  <lukeh@padl.com>

	* lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop

	* kcm/acquire.c: don't leak salt if keyproc called multiple
	  times

	* kcm/config.c: allow KCM system ccache to be configured from
	  krb5.conf, in the system_ccache stanza of [kcm]

2005-02-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* kcm/protocol.c: use -1 as the invalid pid number

	* kcm/connect.c: support SCM_CREDS (for NetBSD)

	* kcm/Makefile.am: LDADD += LIB_pidfile
	
	* kcm/connect.c: make it possible to build on systems without
	SO_PEERCRED (still doesn't work)

	* kcm/config.c: cast argument to isdigit to unsigned char
	
	* lib/krb5/krb5.conf.5: document large_msg_size

	* lib/krb5/context.c (init_context_from_config_file): init
	large_msg_size to 6000

	* lib/krb5/krb5.h (krb5_context_data): add large_msg_size,
	threshold where we start to use transport protocols without tiny
	max data transport sizes.

	* lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h
	by now

2005-02-02  Luke Howard  <lukeh@padl.com>

	* configure.in: generate kcm/Makefile

	* Makefile.am: recurse into kcm/ if KCM defined

	* kcm: add KCM daemon

2005-02-02  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again

	* lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add
	some more error strings

2005-02-02  Luke Howard  <lukeh@padl.com>

	* configure.in: add --enable-kcm option for Kerberos
	  Credentials Manager (KCM)

	* lib/krb5/Makefile.am: add kcm.c

	* lib/krb5/cache.c: use cc_retrieve_cred if present rather
	  than enumerating ccache

	* lib/krb5/context.c: register KCM cc_ops

	* lib/krb5/get_cred.c: pass all options to cc_retrieve_cred

	* lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock

	* lib/krb5/kcm.[ch]: add initial implementation of KCM
	  client library

	* lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops

	* lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp

	* lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag

2005-01-24  Luke Howard  <lukeh@padl.com>

	* lib/krb5/init_creds_pw.c: allow NULL in_options to be passed
	  krb5_get_init_creds_password()

	* kdc/kerberos5.c: don't crash when logging no server etype
	  support if client == NULL

2005-01-17  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love
	<d.love@dl.ac.uk>

2005-01-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/apps.texi: Texinfo fixes. Text about irix 6.5 using
	PAM. From: Dave Love <d.love@dl.ac.uk>

2005-01-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.c: cast argument to isdigit to
	unsigned char

	* lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned
	char

	* lib/asn1/hash.c (hashcaseadd): cast argument to toupper to
	unsigned char

	* appl/kf/kfd.c (kfd_match_version): cast argument to islower to
	unsigned char

	* lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled

	* lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more
	text about krb5_enctype_valid

	* lib/krb5/krb5_create_checksum.3: drop
	krb5_checksum_is_disabled

	* lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled
	
	* lib/krb5/context.c: krb5_enctype_is_disabled is the same thing
	as krb5_enctype_valid, so use the later since its older and the
	api doesn't really need another entry point

	* lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as
	krb5_enctype_valid, so use the later since its older and the api
	doesn't really need another entry point

	* kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as
	krb5_enctype_valid, so use the later since its older and the api
	doesn't really need another entry point

2005-01-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* kpasswd/kpasswdd.8: document --addresses, controls what
	addresses kpasswd should listen too

	* kpasswd/kpasswdd.c: add --addresses, controls what addresses
	kpasswd should listen too

	* lib/krb5/addr_families.c (krb5_parse_address): filter out dup
	addresses from getaddrinfo

	* kpasswd/kpasswd.1: document -c

	* kpasswd/kpasswd.c: allow specifying a credential cache to use
	for the admin principal

	* include/bits.c: constify to avoid warning with -Wwrite-string
	
	* NEWS: add 0.6.2 and 0.6.3 items
	
	* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended

	* lib/krb5/krb5_is_thread_safe.3: document function

	* lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3
	
	* lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the
	library was compiled with multithreading support. If not,
	application must global lock the library, it it uses threads that
	call kerberos functions at the same time.
	
2005-01-05  Luke Howard  <lukeh@padl.com>

	* lib/krb5/auth_context.c: use krb5_generate_subkey_extended()

	* lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION

	* lib/krb5/build_auth.c: support for enctype negotiation
	  (client sends EtypeList in Authenticator authz data)

	* lib/krb5/context.c: mutex should be destroyed last in
	  krb5_free_context()

	* lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(),
	  set *subkey to NULL if key geneartion fails

	* lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA

	* lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56

	* lib/krb5/rd_req.c: support for enctype negotiation
	  (client sends EtypeList in Authenticator authz data)

2005-01-04  Luke Howard  <lukeh@padl.com>

	* lib/asn1/k5.asn1: add authorization data types for enctype
	negotiation implementation

2005-01-04  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/changepw.c (change_password_loop): on failing to find a
	kdc, set result_code to KRB5_KPASSWD_HARDERROR
	
2005-01-01  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/heimdal.texi: Happy New Year