head	1.2;
access;
symbols
	RELENG_8_4:1.2.0.2
	RELENG_9_1_0_RELEASE:1.1.1.10
	RELENG_9_1:1.1.1.10.0.16
	RELENG_9_1_BP:1.1.1.10
	RELENG_8_3_0_RELEASE:1.1.1.10
	RELENG_8_3:1.1.1.10.0.14
	RELENG_8_3_BP:1.1.1.10
	RELENG_9_0_0_RELEASE:1.1.1.10
	RELENG_9_0:1.1.1.10.0.12
	RELENG_9_0_BP:1.1.1.10
	RELENG_9:1.1.1.10.0.10
	RELENG_9_BP:1.1.1.10
	RELENG_7_4_0_RELEASE:1.1.1.9
	RELENG_8_2_0_RELEASE:1.1.1.10
	RELENG_7_4:1.1.1.9.0.32
	RELENG_7_4_BP:1.1.1.9
	RELENG_8_2:1.1.1.10.0.8
	RELENG_8_2_BP:1.1.1.10
	RELENG_8_1_0_RELEASE:1.1.1.10
	RELENG_8_1:1.1.1.10.0.6
	RELENG_8_1_BP:1.1.1.10
	RELENG_7_3_0_RELEASE:1.1.1.9
	RELENG_7_3:1.1.1.9.0.30
	RELENG_7_3_BP:1.1.1.9
	RELENG_8_0_0_RELEASE:1.1.1.10
	RELENG_8_0:1.1.1.10.0.4
	RELENG_8_0_BP:1.1.1.10
	RELENG_8:1.1.1.10.0.2
	RELENG_8_BP:1.1.1.10
	RELENG_7_2_0_RELEASE:1.1.1.9
	RELENG_7_2:1.1.1.9.0.28
	RELENG_7_2_BP:1.1.1.9
	RELENG_7_1_0_RELEASE:1.1.1.9
	RELENG_6_4_0_RELEASE:1.1.1.9
	RELENG_7_1:1.1.1.9.0.26
	RELENG_7_1_BP:1.1.1.9
	RELENG_6_4:1.1.1.9.0.24
	RELENG_6_4_BP:1.1.1.9
	v_1_1_0:1.1.1.10
	RELENG_7_0_0_RELEASE:1.1.1.9
	RELENG_6_3_0_RELEASE:1.1.1.9
	RELENG_7_0:1.1.1.9.0.22
	RELENG_7_0_BP:1.1.1.9
	RELENG_6_3:1.1.1.9.0.20
	RELENG_6_3_BP:1.1.1.9
	RELENG_7:1.1.1.9.0.18
	RELENG_7_BP:1.1.1.9
	RELENG_6_2_0_RELEASE:1.1.1.9
	RELENG_6_2:1.1.1.9.0.16
	RELENG_6_2_BP:1.1.1.9
	RELENG_5_5_0_RELEASE:1.1.1.9
	RELENG_5_5:1.1.1.9.0.14
	RELENG_5_5_BP:1.1.1.9
	RELENG_6_1_0_RELEASE:1.1.1.9
	RELENG_6_1:1.1.1.9.0.12
	RELENG_6_1_BP:1.1.1.9
	RELENG_6_0_0_RELEASE:1.1.1.9
	RELENG_6_0:1.1.1.9.0.10
	RELENG_6_0_BP:1.1.1.9
	RELENG_6:1.1.1.9.0.8
	RELENG_6_BP:1.1.1.9
	RELENG_5_4_0_RELEASE:1.1.1.9
	RELENG_5_4:1.1.1.9.0.6
	RELENG_5_4_BP:1.1.1.9
	v_0_6_3:1.1.1.9
	RELENG_4_11_0_RELEASE:1.1.1.2.2.4
	RELENG_4_11:1.1.1.2.2.4.0.8
	RELENG_4_11_BP:1.1.1.2.2.4
	RELENG_5_3_0_RELEASE:1.1.1.9
	RELENG_5_3:1.1.1.9.0.4
	RELENG_5_3_BP:1.1.1.9
	RELENG_5:1.1.1.9.0.2
	RELENG_5_BP:1.1.1.9
	RELENG_4_10_0_RELEASE:1.1.1.2.2.4
	RELENG_4_10:1.1.1.2.2.4.0.6
	RELENG_4_10_BP:1.1.1.2.2.4
	v_0_6_1:1.1.1.9
	RELENG_5_2_1_RELEASE:1.1.1.8
	RELENG_5_2_0_RELEASE:1.1.1.8
	RELENG_5_2:1.1.1.8.0.2
	RELENG_5_2_BP:1.1.1.8
	RELENG_4_9_0_RELEASE:1.1.1.2.2.4
	RELENG_4_9:1.1.1.2.2.4.0.4
	RELENG_4_9_BP:1.1.1.2.2.4
	v_0_6:1.1.1.8
	RELENG_5_1_0_RELEASE:1.1.1.7
	RELENG_5_1:1.1.1.7.0.4
	RELENG_5_1_BP:1.1.1.7
	RELENG_4_8_0_RELEASE:1.1.1.2.2.4
	RELENG_4_8:1.1.1.2.2.4.0.2
	RELENG_4_8_BP:1.1.1.2.2.4
	RELENG_5_0_0_RELEASE:1.1.1.7
	RELENG_5_0:1.1.1.7.0.2
	RELENG_5_0_BP:1.1.1.7
	v_0_5_1:1.1.1.7
	RELENG_4_7_0_RELEASE:1.1.1.2.2.3
	RELENG_4_7:1.1.1.2.2.3.0.2
	RELENG_4_7_BP:1.1.1.2.2.3
	cvs_20020916:1.1.1.6
	cvs_20020829:1.1.1.6
	RELENG_4_6_2_RELEASE:1.1.1.2.2.2
	RELENG_4_6_1_RELEASE:1.1.1.2.2.2
	RELENG_4_6_0_RELEASE:1.1.1.2.2.2
	RELENG_4_6:1.1.1.2.2.2.0.2
	RELENG_4_6_BP:1.1.1.2.2.2
	cvs_20020217:1.1.1.5
	RELENG_4_5_0_RELEASE:1.1.1.2.2.1
	RELENG_4_5:1.1.1.2.2.1.0.6
	RELENG_4_5_BP:1.1.1.2.2.1
	RELENG_4_4_0_RELEASE:1.1.1.2.2.1
	RELENG_4_4:1.1.1.2.2.1.0.4
	RELENG_4_4_BP:1.1.1.2.2.1
	v_0_3_f:1.1.1.4
	RELENG_4_3_0_RELEASE:1.1.1.2.2.1
	RELENG_4_3:1.1.1.2.2.1.0.2
	RELENG_4_3_BP:1.1.1.2.2.1
	v_0_3_e:1.1.1.3
	RELENG_4_2_0_RELEASE:1.1.1.2
	RELENG_4_1_1_RELEASE:1.1.1.2
	PRE_SMPNG:1.1.1.2
	RELENG_4_1_0_RELEASE:1.1.1.2
	RELENG_4_0_0_RELEASE:1.1.1.2
	RELENG_4:1.1.1.2.0.2
	RELENG_4_BP:1.1.1.2
	v_0_2_p:1.1.1.2
	v_0_2_o:1.1.1.2
	v_0_2_n:1.1.1.2
	v_0_2_m:1.1.1.1
	KTH:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2012.03.22.08.48.42;	author stas;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2000.01.09.20.57.42;	author markm;	state Exp;
branches
	1.1.1.1;
next	;

1.2.2.1
date	2012.03.22.08.48.42;	author svnexp;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2013.03.28.13.02.20;	author svnexp;	state Exp;
branches;
next	;

1.1.1.1
date	2000.01.09.20.57.42;	author markm;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2000.02.24.11.04.05;	author markm;	state Exp;
branches
	1.1.1.2.2.1;
next	1.1.1.3;

1.1.1.3
date	2001.02.13.16.45.43;	author assar;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2001.06.21.02.11.23;	author assar;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2002.02.19.15.46.27;	author nectar;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2002.08.30.21.23.09;	author nectar;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2002.11.24.20.58.12;	author nectar;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2003.10.09.19.36.20;	author nectar;	state Exp;
branches;
next	1.1.1.9;

1.1.1.9
date	2004.04.03.21.21.24;	author nectar;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2008.05.07.13.39.32;	author dfr;	state Exp;
branches;
next	;

1.1.1.2.2.1
date	2001.03.04.13.29.27;	author markm;	state Exp;
branches;
next	1.1.1.2.2.2;

1.1.1.2.2.2
date	2002.04.30.14.50.16;	author nectar;	state Exp;
branches;
next	1.1.1.2.2.3;

1.1.1.2.2.3
date	2002.09.01.04.21.46;	author nectar;	state Exp;
branches;
next	1.1.1.2.2.4;

1.1.1.2.2.4
date	2002.12.01.17.44.55;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.2
log
@SVN rev 233294 on 2012-03-22 08:48:42Z by stas

- Update FreeBSD Heimdal distribution to version 1.5.1.  This also brings
  several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
@
text
@2008-04-23  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_master.c: Only log "sending AYT" once, pointed out by Dr
	A V Le Blanc.
	

2008-01-21  Love Hörnquist Åstrand  <lha@@it.su.se>

	* default_keys.c: Use hdb_free_keys().

2008-01-11  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: add check-cracklib.pl, flush.c,
	sample_passwd_check.c

2007-12-07  Love Hörnquist Åstrand  <lha@@it.su.se>

	* use hdb_db_dir() and hdb_default_db()

2007-10-18  Love  <lha@@stacken.kth.se>

	* init_c.c: We are getting default_client, not client. this way
	the user can override the result.
	
2007-09-29  Love Hörnquist Åstrand  <lha@@it.su.se>

	* iprop.8: fix spelling, From Antoine Jacoutt.

2007-08-16  Love Hörnquist Åstrand  <lha@@it.su.se>

	* version-script.map: export _kadm5_unmarshal_params,
	_kadm5_acl_check_permission

	* version-script.map: export kadm5_log_ symbols.

	* log.c: Unexport the specific log replay operations.
	
2007-08-10  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: build sample_passwd_check.la as part of noinst.

	* sample_passwd_check.c: Add missing prototype for check_length().

2007-08-07  Love Hörnquist Åstrand  <lha@@it.su.se>

	* log.c: Sprinkle krb5_set_error_string().

	* ipropd_slave.c: Provide better error why kadm5_log_replay
	failed.

2007-08-06  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_master.c: - don't push whole database to the new client
	every time.  - make slaves get the whole new database if they have
	a newer log the the master (and thus have them go back in time).

2007-08-03  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c: make more sane.

	* ipropd_slave.c: more paranoid check that the log entires are
	self consistant

	* log.c (kadm5_log_foreach): check that the postamble contains the
	right data.

	* ipropd_master.c: Sprinkle more info about what versions the
	master thinks about the client versions.

	* ipropd_master.c: Start the server at the current version, not 0.

2007-08-02  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_master.c: Add more logging, to figure out what is
	happening in the master.

2007-08-01  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: add version-script for libkadm5srv.la

	* version-script.map: version script fro kadm5 server libary.

	* log.c: only free the orignal entries extentions if there was
	any.  Bug reported by Peter Meinecke.

	* add configuration for signal file and acl file, let user select
	hostname, catch signals and print why we are quiting, make nop
	cause one new version, not two

2007-07-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_master.c (send_diffs): make current slave's version
	uptodate when diff have been sent.
	
2007-07-27  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c: More comments and some more error checking.
	
2007-07-26  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c (get_cache_principal): make sure id is reset if we
	fail. From Benjamin Bennet.

2007-07-10  Love Hörnquist Åstrand  <lha@@it.su.se>

	* context_s.c (find_db_spec): match realm-less as the default
	realm.

	* Makefile.am: New library version.

2007-07-05  Love Hörnquist Åstrand  <lha@@it.su.se>

	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
	ctx->config.realm can be NULL, check for that, from Bjorn S.
	
2007-07-04  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c: Try harder to use the right principal.

2007-06-20  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c: Catch return value from krb5_program_setup. From
	Steven Luo.
	
2007-05-08  Love Hörnquist Åstrand  <lha@@it.su.se>

	* delete_s.c: Write log entry after store is successful, rename
	out goto statments.

	* randkey_s.c: Write log entry after store is successful.

	* modify_s.c: Write log entry after store is successful.

	* rename_s.c: indent.

	* chpass_s.c: Write log entry after store is successful.

	* create_s.c: Write log entry after store is successful.
	
2007-05-07  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* iprop-commands.in: Add default values to make this working
	again.

	* iprop-log.c (iprop_replay): create the database with more
	liberal mode.

	* log.c: make it slightly more working.

	* iprop-log.8: Document last-version.

	* iprop-log.c: (last_version): print last version of the log.
	
	* iprop-commands.in: new command last-version: print last version
	of the log.

	* log.c (kadm5_log_previous): document assumptions and make less
	broken.  Bug report from Ronny Blomme.
	
2007-02-17  Love Hörnquist Åstrand  <lha@@it.su.se>

	* admin.h: add support to get aliases

	* get_s.c: add support to get aliases

2007-02-11  David Love  <fx@@gnu.org>

	* iprop-log.8: Small fixes, from David Love.
	
2006-12-15  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c: if the user have a kadmin/admin initial ticket, don't
	ask for password, just use the credential instead.
	
2006-12-06  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* ipropd_master.c: Use strcspn to remove \n from string returned
	by fgets.  From Björn Sandell
	
2006-11-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c (kadm_connect): clear error string before trying to
	print a errno, this way we don't pick up a random failure code
	
2006-11-20  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
	argument.

	* init_c.c: Make krb5_get_init_creds_opt_free take a context
	argument.
	
2006-10-22  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* ent_setup.c: Try to not leak memory.
	
2006-10-07  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* Makefile.am: split build files into dist_ and noinst_ SOURCES
	
2006-08-24  Love Hörnquist Åstrand  <lha@@it.su.se>

	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST

	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST

	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
	
2006-06-16  Love Hörnquist Åstrand  <lha@@it.su.se>

	* check-cracklib.pl: Add password reuse checking. From Harald
	Barth.
	
2006-06-14  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4

	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4

	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
	
2006-06-06  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION

2006-05-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* password_quality.c (kadm5_check_password_quality): set error
	message in context.
	
2006-05-13  Love Hörnquist Åstrand  <lha@@it.su.se>

	* iprop-log.c: Avoid shadowing.

	* rename_s.c: Avoid shadowing.

2006-05-08  Love Hörnquist Åstrand  <lha@@it.su.se>

	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
	that way.
	
2006-05-05  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Rename u_intXX_t to uintXX_t

2006-04-27  Love Hörnquist Åstrand  <lha@@it.su.se>

	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for

	* send_recv.c: set and clear error string

	* rename_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* randkey_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* modify_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* log.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* get_s.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* delete_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* chpass_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.
	
2006-04-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* create_s.c (create_principal*): If client doesn't send kvno,
	make sure to set it to 1.
	
2006-04-10  Love Hörnquist Åstrand  <lha@@it.su.se>

	* log.c: (kadm5_log_rename): handle errors better
	Fixes Coverity, NetBSD CID#628

	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
	CID#626
	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627

	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
	case no client name was passed in. Coverity, NetBSD CID#919
	
	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
	case of error. Coverity NetBSD CID#1908
	
2006-02-02  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* kadm5_err.et: (PASS_REUSE): Spelling, 
	from Václav H?la <ax@@natur.cuni.cz>
	
2006-01-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* send_recv.c: Clear error-string when introducing new errors.

	* *_c.c: Clear error-string when introducing new errors.
	
2006-01-15  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
	dependency
	
2005-12-13  Love Hörnquist Åstrand  <lha@@it.su.se>

	* memset hdb_entry_ex before use
	
2005-12-12  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* Wrap hdb_entry with hdb_entry_ex, patch originally 
	from Andrew Bartlet

2005-11-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* context_s.c (set_field): try another way to calculate the path
	to the database/logfile/signal-socket

	* log.c (kadm5_log_init): set error string on failures
	
2005-09-08  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Constify password.

	* admin.h: Add KRB5_TL_PKINIT_ACL.
	
	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
	
	* get_s.c (kadm5_s_get_principal): clear error string
	
2005-08-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* iprop-log.8: More text about iprop-log.
	
2005-08-24  Love Hörnquist Åstrand  <lha@@it.su.se>

	* iprop.8: SEE ALSO iprop-log.

	* Makefile.am: man_MANS += iprop-log.8

	* iprop-log.8: Basic for documentation of iprop-log.
	
	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
	iprop-log.

	* log.c (kadm5_log_foreach): add a context variable and pass it
	down to `func´.

	* iprop-commands.in: Move truncate_log and replay_log into
	iprop-log.

	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Make this work with a clean directory.

	* ipropd_master.c: Make compile.

	* ipropd_master.c: Update to new signature of kadm5_log_previous.

	* log.c (kadm5_log_previous): catch errors instead of asserting
	and set error string.

	* iprop-commands.in: New program iprop-log that incorperates
	dump_log as a subcommand, truncate_log and replay_log soon to come
	after.
	
	* iprop-log.c: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.

	* Makefile.am: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.
	
2005-08-11 Love Hörnquist Åstrand  <lha@@it.su.se>

	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
	
	* set_keys.c: Set and clear password where appropriate.

	* randkey_s.c: Operation modifies tl_data.

	* log.c (kadm5_log_replay_modify): Check return values of
	malloc(), replace all extensions.

	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.

	* get_s.c: Expose KADM5_TL_DATA options to the client.

	* ent_setup.c: Merge in KADM5_TL_DATA in the database.

	* chpass_s.c: Operations modify extensions, mark that with
	TL_DATA.

	* admin.h: Add more TL types (password and extension).

2005-06-17  Love Hörnquist Åstrand  <lha@@it.su.se>

	* constify

	* ipropd_slave.c: avoid shadowing

	* ipropd_master.c: rename local variable slave to s, optind ->
	optidx

	* get_princs_c.c: rename variable exp to expression
	
	* ad.c: rename variable exp to expression

	* log.c: rename shadowing len to num
	
	* get_princs_s.c: rename variable exp to expression

	* context_s.c: const poison

	* common_glue.c: rename variable exp to expression

2005-05-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
	
	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE

	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags

2005-05-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* kadm5_pwcheck.3: please mdoclint

2005-05-25  Dave Love  <fx@@gnu.org>

	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
	improve text

2005-05-24  Dave Love  <fx@@gnu.org>

	* iprop.8: Added some info about defaults, fixed some markup.
	
2005-05-23  Dave Love  <fx@@gnu.org>

	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.

	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.

2005-05-13  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
	failure

2005-05-09  Dave Love  <fx@@gnu.org>

	* password_quality.c (find_func): Fix off-by-one and logic error.
	(external_passwd_quality): Improve messages.

	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
	and kadm5_add_passwd_quality_verifier.

2005-04-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* default_keys.c: #include <err.h>, only print salt it its longer
	then 0, use krb5_err instead of errx where appropriate
	
2005-04-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c: add the documented option --port

	* ipropd_master.c: add the documented option --port
	
	* dump_log.c: use the newly generated units function

2005-04-24  Love Hörnquist Åstrand  <lha@@it.su.se>

	* dump_log.c: use strlcpy
	
	* password_quality.c: don't use sizeof(pointer)
	
2005-04-15  Love Hörnquist Åstrand  <lha@@it.su.se>

	* check-cracklib.pl: external password verifier sample

	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
	is passed in, load defaults

2005-04-14  Love Hörnquist Åstrand  <lha@@it.su.se>

	* password_quality.c: add an end tag to the external password
	quality check protocol

2005-04-13  Love Hörnquist Åstrand  <lha@@it.su.se>

	* password_quality.c: add external passsword quality check builtin
	module
	
	[password_quality]
		policies = external-check
		external-program = /bin/false
	
	To approve password a, make the test program return APPROVED on
	stderr and fail with exit code 0.
	
2004-10-12  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: bump version to 7:7:0 and 6:5:2
	
	* default_keys.c (parse_file): use hdb_generate_key_set
	
	* keys.c,set_keys.c: Move keyset parsing and password based keyset
	generation into hdb.  Requested by Andrew Bartlett <abartlet@@samba.org>
	for hdb-ldb backend.
	
2004-09-23  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: add help strings to some options
	
2004-09-12  Love Hörnquist Åstrand  <lha@@it.su.se>

	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
	
	* keys.c (_kadm5_free_keys): change prototype, make it use
	krb5_context instead of a kadm5_server_context
	
	* set_keys.c (parse_key_set): do way with static returning
	(function) static variable and returned allocated memory
	(_kadm5_generate_key_set): free enctypes returned by parse_key_set

2004-09-06  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c: Fix memory leak, don't return stack variables From
	Andrew Bartlett
	
	* set_keys.c: make all_etypes const and move outside function to
	avoid returning data on stack
	
2004-08-26  Love Hörnquist Åstrand  <lha@@it.su.se>

	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
	delim of the third element, this is so we can match
	"foo@@REALM<SPC>all<SPC><SPC>*@@REALM", before it just matched
	"foo@@REALM<SPC>all<SPC>*@@REALM", but that is kind of lucky since
	what really happen was that the last <SPC> was stamped out, and
	the it never strtok_r never needed to parse over it.
	
2004-08-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
	without salting, some people tries to add the string
	"arcfour-hmac-md5" when they really should have used
	"arcfour-hmac-md5:pw-salt", help them and add glue for that
	
2004-08-18  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: add --detach

2004-07-06  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: use new tsasl interface remove debug printf add upn to
	computer-accounts
	
2004-06-28  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
	strings
	
2004-06-21  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: man_MANS = kadm5_pwcheck.3
	
	* kadm5_pwcheck.3: document new password quality api
	
	* password_quality.c: new password check interface (old still
	supported)
	
	* kadm5-pwcheck.h: new password check interface
	
2004-06-08  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_master.c (main): process all slaves, not just up to the
	last slave sending data
	(bug report from Björn Sandell <biorn@@dce.chalmers.se>)
	(*): only send one ARE_YOU_THERE

2004-06-02  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: use krb5_set_password_using_ccache
	
2004-06-01  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: try handle spn's better
	
2004-05-31  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: add expiration time
	
	* ad.c: add modify operations
	
	* ad.c: handle create and delete
	
2004-05-27  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: more code for get, handle attributes
	
	* ad.c: more code for get, handle time stamps and bad password
	counter

	* ad.c: more code for get, only fetches kvno for now
	
2004-05-26  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ad.c: add support for tsasl
	
	* private.h: add kadm5_ad_context
	
	* ipropd_master.c (prop_one): store the opcode in the begining of
	the blob, not the end
	
	* ad.c: try all ldap servers in dns, generate a random password,
	base64(random_block(64)), XXX must make it support other then
	ARCFOUR
	
	* ad.c: framework for windows AD backend
	
2004-03-07  Love Hörnquist Åstrand  <lha@@it.su.se>

	* create_s.c (kadm5_s_create_principal): remove old XXX command
	and related code, _kadm5_set_keys will do all this now
	
2004-02-29  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
	enctype for des keys From: Andrew Bartlett <abartlet@@samba.org>
	
	* create_s.c (kadm5_s_create_principal_with_key): don't call
	_kadm5_set_keys2, create_principal will do that for us. Set kvno
	to 1.

	* chpass_s.c (change): bump kvno
	(kadm5_s_chpass_principal_with_key): bump kvno

	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
	
	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
	to that

2003-12-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* chpass_s.c (change): fix same-password-again by decrypting keys
	and setting an error code From: Buck Huppmann <buckh@@pobox.com>
	
2003-12-21  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
	other krb5_ functions

2003-12-08  Love Hörnquist Åstrand  <lha@@it.su.se>

	* rename_s.c (kadm5_s_rename_principal): allow principal to change
	realm From Panasas Inc
	
2003-12-07  Love Hörnquist Åstrand  <lha@@it.su.se>

	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
	Inc

2003-11-23  Love Hörnquist Åstrand  <lha@@it.su.se>

	* iprop.h: don't include <krb5-private.h>
	
	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
	* ipropd_master.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
2003-11-19  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c (receive_loop): when seeking over the entries we
	already have, skip over the trailer.  From: Jeffrey Hutzelman
	<jhutz@@cmu.edu>

	* dump_log.c,ipropd_master.c,ipropd_slave.c,
	replay_log.c,truncate_log.c: parse kdc.conf
	From: Jeffrey Hutzelman <jhutz@@cmu.edu>

2003-10-10  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: += test_pw_quality
	
	* test_pw_quality.c: test program for verifying password quality
	function

2003-09-03  Love Hörnquist Åstrand  <lha@@it.su.se>

	* Makefile.am: add and enable check program default_keys
	
	* default_keys.c: test program for _kadm5_generate_key_set
	
	* init_c.c: use
	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free

2003-08-17  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
	
	* ipropd_master.c (main): make sure current_version is initialized
	
2003-08-15  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c: use default_keys for the both random keys and
	password derived keys if its defined
	
2003-07-24  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_slave.c (receive_everything): switch close and rename
	From: Alf Wachsmann <alfw@@SLAC.Stanford.EDU>
	
2003-07-03  Love Hörnquist Åstrand  <lha@@it.su.se>

	* iprop.h, ipropd_master.c, ipropd_slave.c:
	Add probing from the server that the client is still there, also
	make the client check that the server is probing.

2003-07-02  Love Hörnquist Åstrand  <lha@@it.su.se>

	* truncate_log.c (main): add missing ``if (ret)''
	
2003-06-26  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c (make_keys): add AES support
	
	* set_keys.c: fix off by one in the aes case, pointed out by Ken
	Raeburn

2003-04-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): add
	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
	support

2003-04-16  Love Hörnquist Åstrand  <lha@@it.su.se>

	* send_recv.c: check return values from krb5_data_alloc
	* log.c: check return values from krb5_data_alloc
	
2003-04-16  Love Hörnquist Åstrand  <lha@@it.su.se>

	* dump_log.c (print_entry): check return values from
	krb5_data_alloc

2003-04-01  Love Hörnquist Åstrand  <lha@@it.su.se>

	* init_c.c (kadm_connect): if a context realm was passed in, use
	that to form the kadmin/admin principal
	
2003-03-19  Love Hörnquist Åstrand  <lha@@it.su.se>

	* ipropd_master.c (main): make sure we don't consider dead slave
	for select processing
	(write_stats): use slave_stats_file variable, 
	check return value of strftime
	(args): allow specifying slave stats file
	(slave_dead): close the fd when the slave dies

2002-10-21  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c (from Derrick Brashear): Propagating a large
	database without this means the slave kdcs can get erroneous
	HDB_NOENTRY and return the resulting errors. This creates a new db
	handle, populates it, and moves it into place.

2002-08-26  Assar Westerlund  <assar@@kth.se>

	* ipropd_slave.c (receive_everything): type-correctness calling
	_krb5_get_int

	* context_s.c (find_db_spec): const-correctness in parameters to
	krb5_config_get_next

2002-08-16  Johan Danielsson  <joda@@pdc.kth.se>

	* private.h: rename header file flag macro

	* Makefile.am: generate kadm5-{protos,private}.h

2002-08-15  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: check return value of krb5_sockaddr2address

2002-07-04  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: handle slaves that come and go; add status
	reporting (both from Love)

	* iprop.h: KADM5_SLAVE_STATS

2002-03-25  Jacques Vidrine  <n@@nectar.com>

	* init_c.c (get_cred_cache): bug fix: the default credentials
	cache was not being used if a client name was specified.

2002-03-25  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c (get_cred_cache): when getting the default_client from
	the cred cache, make sure the instance part is "admin"; this
	should require fewer uses of -p

2002-03-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2

2002-02-08  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: we have to create our own param struct before
	marshaling

2001-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: link with LIB_pidfile

	* iprop.h: include util.h for pidfile

2001-08-31  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (main): syslog with the correct name

2001-08-30  Jacques Vidrine <n@@nectar.com>

	* ipropd_slave.c, ipropd_master.c (main): call pidfile

2001-08-28  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0

2001-08-24  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): do not return bogus flags and re-organize
	function

	* Makefile.am: rename variable name to avoid error from current
	automake

2001-08-13  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c: add easier afs configuration, defaulting to the
	local realm in lower case; also try to remove duplicate salts

2001-07-12  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: add required library dependencies

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2

2001-06-29  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: call krb5_get_init_creds_opt_set_default_flags

2001-02-19  Johan Danielsson  <joda@@pdc.kth.se>

	* replay_log.c: add --{start-end}-version flags to replay just
	part of the log

2001-02-15  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): fix select-loop to decrement ret
	correctly.  from "Brandon S. Allbery KF8NH" <allbery@@ece.cmu.edu>

2001-01-30  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump versions

2000-12-31  Assar Westerlund  <assar@@sics.se>

	* init_s.c (*): handle krb5_init_context failure consistently
	* init_c.c (init_context): handle krb5_init_context failure
	consistently

2000-12-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0

2000-11-16  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): clean-up salting loop and try not to
	leak memory

	* ipropd_master.c (main): check for fd's being too large to select
	on

2000-08-16  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0

2000-08-10  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match

2000-08-07  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): ignore SIGPIPE

2000-08-06  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (receive_everything): make `fd' an int instead of
	a pointer.  From Derrick J Brashear <shadow@@dementia.org>

2000-08-04  Johan Danielsson  <joda@@pdc.kth.se>

	* admin.h: change void** to void*

2000-07-25  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: bump versions to 7:0:0 and 6:0:2

2000-07-24  Assar Westerlund  <assar@@sics.se>

	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
	and make a new that takes a context
	(kadm5_log_nop): add logging of missing lengths
	(kadm5_log_truncate): new function

	* dump_log.c (print_entry): update and correct
	* randkey_s.c: call _kadm5_bump_pw_expire
	* truncate_log.c: new program for truncating the log
	* Makefile.am (sbin_PROGRAMS): add truncate_log
	(C_SOURCES): add bump_pw_expire.c
	* bump_pw_expire.c: new function for extending password expiration

2000-07-22  Assar Westerlund  <assar@@sics.se>

	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys

	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
	functions

	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
	* Makefile.am (C_SOURCES): add keys.c
	* init_c.c: remove unused variable and handle some parameters
	being NULL

2000-07-22  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: use krb5_read_priv_message

	* ipropd_master.c: use krb5_{read,write}_priv_message

	* init_c.c: use krb5_write_priv_message

2000-07-11  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: no need to call gethostname, since
	sname_to_principal will

	* send_recv.c: assert that we have a connected socket

	* get_princs_c.c: call _kadm5_connect

	* rename_c.c: call _kadm5_connect

	* randkey_c.c: call _kadm5_connect

	* privs_c.c: call _kadm5_connect

	* modify_c.c: call _kadm5_connect

	* get_c.c: call _kadm5_connect

	* delete_c.c: call _kadm5_connect

	* create_c.c: call _kadm5_connect

	* chpass_c.c: call _kadm5_connect

	* private.h: add more fields to client context; remove prototypes

	* admin.h: remove prototypes

	* kadm5-protos.h: move public prototypes here

	* kadm5-private.h: move private prototypes here

	* init_c.c: break out connection code to separate function, and
	defer calling it until we actually do something

2000-07-07  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
	backwards compatability

2000-06-26  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
	adaptable to different salts
	
2000-06-19  Johan Danielsson  <joda@@pdc.kth.se>

	* get_s.c: pa_* -> KRB5_PADATA_*

2000-06-16  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: change default keytab to default keytab (as in
	typically FILE:/etc/krb5.keytab)

2000-06-08  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: bug fixes, for actually writing the full dump to
	the database.  based on a patch from Love <lha@@stacken.kth.se>

2000-06-07  Assar Westerlund  <assar@@sics.se>

	* acl.c: add support for patterns of principals
	* log.c (kadm5_log_replay_create): handle more NULL pointers
	(should they really happen?)
	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
	max_renew == NULL

	* ipropd_master.c: use syslog.  be less verbose
	* ipropd_slave.c: use syslog

2000-06-05  Assar Westerlund  <assar@@sics.se>

	* private.h (kadm_ops): add kadm_nop more prototypes
	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
	kadm5_log_replay_nop): add
	* ipropd_slave.c: and some more improvements
	* ipropd_master.c: lots of improvements
	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
	(iprop_cmd): add new commands

	* dump_log.c: add nop

2000-05-15  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1

2000-05-12  Assar Westerlund  <assar@@sics.se>

	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
	fallback.  handle not having any creator.
	* destroy_s.c (kadm5_s_destroy): free all allocated memory
	* context_s.c (set_field): free variable if it's already set
	(find_db_spec): malloc space for all strings

2000-04-05  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (LDADD): add LIB_openldap

2000-04-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1

2000-03-24  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys2): rewrite
	(_kadm5_set_keys3): add

	* private.h (struct kadm_func): add chpass_principal_with_key
	* init_c.c (set_funcs): add chpass_principal_with_key

2000-03-23  Assar Westerlund  <assar@@sics.se>

	* context_s.c (set_funcs): add chpass_principal_with_key
	* common_glue.c (kadm5_chpass_principal_with_key): add
	* chpass_s.c: comment-ize and change calling convention for
	_kadm5_set_keys*
	* chpass_c.c (kadm5_c_chpass_principal_with_key): add

2000-02-07  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0

2000-01-28  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_new_cache): make sure to request non-forwardable,
	non-proxiable

2000-01-06  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv.la): bump version to 5:1:0

	* context_s.c (_kadm5_s_init_context): handle params == NULL

1999-12-26  Assar Westerlund  <assar@@sics.se>

	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
 	== NULL

1999-12-20  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0

	* init_c.c (_kadm5_c_init_context): handle getting back port
 	number from admin host
	(kadm5_c_init_with_context): remove `proto/' part before doing
	getaddrinfo()

1999-12-06  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump version to 5:0:0 and 4:0:0

	* init_c.c (kadm5_c_init_with_context): don't use unitialized
 	stuff

1999-12-04  Assar Westerlund  <assar@@sics.se>

	* replay_log.c: adapt to changed kadm5_log_foreach

	* log.c (kadm5_log_foreach): change to take a
 	`kadm5_server_context'

	* init_c.c: use krb5_warn{,x}

	* dump_log.c: adapt to changed kadm5_log_foreach

	* init_c.c: re-write to use getaddrinfo
	* Makefile.am (install-build-headers): add dependency
	
1999-12-03  Johan Danielsson  <joda@@pdc.kth.se>

	* log.c (kadm5_log_foreach): pass context

	* dump_log.c: print more interesting things

1999-12-02  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c (process_msg): check for short reads

1999-11-25  Assar Westerlund  <assar@@sics.se>

	* modify_s.c (kadm5_s_modify_principal): support key_data
	(kadm5_s_modify_principal_with_key): remove

	* admin.h (kadm5_s_modify_principal_with_key): remove

1999-11-20  Assar Westerlund  <assar@@sics.se>

	* context_s.c (find_db_spec): ugly cast work-around.

1999-11-14  Assar Westerlund  <assar@@sics.se>

	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
 	that we aren't dependent on the layout of krb5_context_data
	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
 	we aren't dependent on the layout of krb5_context_data

1999-11-13  Assar Westerlund  <assar@@sics.se>

	* password_quality.c (kadm5_setup_passwd_quality_check): use
	correct types for function pointers
	
1999-11-09  Johan Danielsson  <joda@@pdc.kth.se>

	* randkey_s.c: always bail out if the fetch fails

	* admin.h (kadm5_config_params): remove fields we're not using

	* ipropd_slave.c: allow passing a realm

	* ipropd_master.c: allow passing a realm

	* dump_log.c: allow passing a realm

	* acl.c: correctly get acl file

	* private.h (kadm5_server_context): add config_params struct and
	remove acl_file; bump protocol version number

	* marshall.c: marshalling of config parameters

	* init_c.c (kadm5_c_init_with_context): try to cope with old
	servers

	* init_s.c (kadm5_s_init_with_context): actually use some passed
	values

	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
	stash_file from the config parameters, try to figure out these if
	they're not provided

1999-11-05  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (install-build-headers): use `cp' instead of
 	INSTALL_DATA

1999-11-04  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
 	directly in libkrb5's context - bad functions)

	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
 	the copied keys

1999-10-20  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
 	quality functions).
 	set version of kdam5clnt to 2:1:1 (no interface changes)

	* Makefile.am (LDADD): add $(LIB_dlopen)

1999-10-17  Assar Westerlund  <assar@@sics.se>

	* randkey_s.c (kadm5_s_randkey_principal): use
 	_kadm5_set_keys_randomly

	* set_keys.c (free_keys): free more memory
	(_kadm5_set_keys): a little bit more generic
	(_kadm5_set_keys_randomly): new function for setting random keys.

1999-10-14  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
 	ones and always add 3 DES keys and one 3DES key

1999-10-03  Assar Westerlund  <assar@@sics.se>

	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
  	check return value from strdup

1999-09-26  Assar Westerlund  <assar@@sics.se>

	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
 	strlcpy

1999-09-24  Johan Danielsson  <joda@@pdc.kth.se>

	* dump_log.c: remove unused `optind'

	* replay_log.c: remove unused `optind'

1999-09-13  Assar Westerlund  <assar@@sics.se>

	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv

	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
 	so that we avoid copying it and don't need to dimension in
 	advance.  change all callers.

1999-09-10  Assar Westerlund  <assar@@sics.se>

	* password_quality.c: new file

	* admin.h
 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
 	add prototypes

	* Makefile.am (S_SOURCES): add password_quality.c

1999-07-26  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: update versions to 2:0:1

1999-07-24  Assar Westerlund  <assar@@sics.se>

	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
 	and pw_expiration == 0 mean never

1999-07-22  Assar Westerlund  <assar@@sics.se>

	* log.c (kadm5_log_flush): extra cast

1999-07-07  Assar Westerlund  <assar@@sics.se>

	* marshall.c (store_principal_ent): encoding princ_expire_time and
 	pw_expiration in correct order

1999-06-28  Assar Westerlund  <assar@@sics.se>

	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
 	otherwise hdb will think that the new random keys are already
 	encrypted which will cause lots of confusion later.

1999-06-23  Assar Westerlund  <assar@@sics.se>

	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
 	correctly.  From Michal Vocu <michal@@karlin.mff.cuni.cz>

1999-06-15  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_cred_cache): use get_default_username

1999-05-23  Assar Westerlund  <assar@@sics.se>

	* create_s.c (create_principal): if there's no default entry the
	mask should be zero.

1999-05-21  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_cred_cache): use $USERNAME

1999-05-17  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c (get_cred_cache): figure out principal

1999-05-05  Johan Danielsson  <joda@@pdc.kth.se>

	* send_recv.c: cleanup _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys2): don't check the recently created
 	memory for NULL pointers

	* private.h (_kadm5_setup_entry): change prototype

	* modify_s.c: call new _kadm5_setup_entry

	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
 	masks, one for what bits to set and one for each of principal and
 	def containing the bits that are set there.

	* create_s.c: call new _kadm5_setup_entry

	* create_s.c (get_default): check return value
	(create_principal): send wider mask to _kadm5_setup_entry

1999-05-04  Johan Danielsson  <joda@@pdc.kth.se>

	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
	packets, check for errors

	* get_c.c: check for failure from _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_new_cache): don't abort when interrupted from
 	password prompt
	
	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
 	auth context

1999-05-03  Johan Danielsson  <joda@@pdc.kth.se>

	* chpass_s.c: fix arguments to _kadm5_set_keys2

	* private.h: proto

	* set_keys.c: clear mkvno

	* rename_s.c: add flags to fetch and store; seal keys before
	logging

	* randkey_s.c: add flags to fetch and store; seal keys before
	logging

	* modify_s.c: add flags to fetch and store; seal keys before
	logging

	* log.c: add flags to fetch and store; seal keys before logging

	* get_s.c: add flags to fetch and store; seal keys before logging

	* get_princs_s.c: add flags to fetch and store; seal keys before
	logging

	* delete_s.c: add flags to fetch and store; seal keys before
	logging

	* create_s.c: add flags to fetch and store; seal keys before
	logging

	* chpass_s.c: add flags to fetch and store; seal keys before
	logging

	* Makefile.am: remove server.c

	* admin.h: add prototypes

	* ent_setup.c (_kadm5_setup_entry): set key_data

	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data

	* modify_s.c: add kadm5_s_modify_principal_with_key

	* create_s.c: add kadm5_s_create_principal_with_key

	* chpass_s.c: add kadm5_s_chpass_principal_with_key

	* kadm5_locl.h: move stuff to private.h

	* private.h: move stuff from kadm5_locl.h
	
@


1.2.2.1
log
@file ChangeLog was added on branch RELENG_8_4 on 2013-03-28 13:02:20 +0000
@
text
@d1 1389
@


1.2.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 1383
2008-01-21  Love Hrnquist strand  <lha@@it.su.se>

	* default_keys.c: Use hdb_free_keys().

2008-01-11  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: add check-cracklib.pl, flush.c,
	sample_passwd_check.c

2007-12-07  Love Hrnquist strand  <lha@@it.su.se>

	* use hdb_db_dir() and hdb_default_db()

2007-10-18  Love  <lha@@stacken.kth.se>

	* init_c.c: We are getting default_client, not client. this way
	the user can override the result.
	
2007-09-29  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.8: fix spelling, From Antoine Jacoutt.

2007-08-16  Love Hrnquist strand  <lha@@it.su.se>

	* version-script.map: export _kadm5_unmarshal_params,
	_kadm5_acl_check_permission

	* version-script.map: export kadm5_log_ symbols.

	* log.c: Unexport the specific log replay operations.
	
2007-08-10  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: build sample_passwd_check.la as part of noinst.

	* sample_passwd_check.c: Add missing prototype for check_length().

2007-08-07  Love Hrnquist strand  <lha@@it.su.se>

	* log.c: Sprinkle krb5_set_error_string().

	* ipropd_slave.c: Provide better error why kadm5_log_replay
	failed.

2007-08-06  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c: - don't push whole database to the new client
	every time.  - make slaves get the whole new database if they have
	a newer log the the master (and thus have them go back in time).

2007-08-03  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: make more sane.

	* ipropd_slave.c: more paranoid check that the log entires are
	self consistant

	* log.c (kadm5_log_foreach): check that the postamble contains the
	right data.

	* ipropd_master.c: Sprinkle more info about what versions the
	master thinks about the client versions.

	* ipropd_master.c: Start the server at the current version, not 0.

2007-08-02  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c: Add more logging, to figure out what is
	happening in the master.

2007-08-01  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: add version-script for libkadm5srv.la

	* version-script.map: version script fro kadm5 server libary.

	* log.c: only free the orignal entries extentions if there was
	any.  Bug reported by Peter Meinecke.

	* add configuration for signal file and acl file, let user select
	hostname, catch signals and print why we are quiting, make nop
	cause one new version, not two

2007-07-30  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c (send_diffs): make current slave's version
	uptodate when diff have been sent.
	
2007-07-27  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: More comments and some more error checking.
	
2007-07-26  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (get_cache_principal): make sure id is reset if we
	fail. From Benjamin Bennet.

2007-07-10  Love Hrnquist strand  <lha@@it.su.se>

	* context_s.c (find_db_spec): match realm-less as the default
	realm.

	* Makefile.am: New library version.

2007-07-05  Love Hrnquist strand  <lha@@it.su.se>

	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
	ctx->config.realm can be NULL, check for that, from Bjorn S.
	
2007-07-04  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c: Try harder to use the right principal.

2007-06-20  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: Catch return value from krb5_program_setup. From
	Steven Luo.
	
2007-05-08  Love Hrnquist strand  <lha@@it.su.se>

	* delete_s.c: Write log entry after store is successful, rename
	out goto statments.

	* randkey_s.c: Write log entry after store is successful.

	* modify_s.c: Write log entry after store is successful.

	* rename_s.c: indent.

	* chpass_s.c: Write log entry after store is successful.

	* create_s.c: Write log entry after store is successful.
	
2007-05-07  Love Hrnquist strand  <lha@@it.su.se>
	
	* iprop-commands.in: Add default values to make this working
	again.

	* iprop-log.c (iprop_replay): create the database with more
	liberal mode.

	* log.c: make it slightly more working.

	* iprop-log.8: Document last-version.

	* iprop-log.c: (last_version): print last version of the log.
	
	* iprop-commands.in: new command last-version: print last version
	of the log.

	* log.c (kadm5_log_previous): document assumptions and make less
	broken.  Bug report from Ronny Blomme.
	
2007-02-17  Love Hrnquist strand  <lha@@it.su.se>

	* admin.h: add support to get aliases

	* get_s.c: add support to get aliases

2007-02-11  David Love  <fx@@gnu.org>

	* iprop-log.8: Small fixes, from David Love.
	
2006-12-15  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c: if the user have a kadmin/admin initial ticket, don't
	ask for password, just use the credential instead.
	
2006-12-06  Love Hrnquist strand  <lha@@it.su.se>
	
	* ipropd_master.c: Use strcspn to remove \n from string returned
	by fgets.  From Bjrn Sandell
	
2006-11-30  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (kadm_connect): clear error string before trying to
	print a errno, this way we don't pick up a random failure code
	
2006-11-20  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
	argument.

	* init_c.c: Make krb5_get_init_creds_opt_free take a context
	argument.
	
2006-10-22  Love Hrnquist strand  <lha@@it.su.se>
	
	* ent_setup.c: Try to not leak memory.
	
2006-10-07  Love Hrnquist strand  <lha@@it.su.se>
	
	* Makefile.am: split build files into dist_ and noinst_ SOURCES
	
2006-08-24  Love Hrnquist strand  <lha@@it.su.se>

	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST

	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST

	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
	
2006-06-16  Love Hrnquist strand  <lha@@it.su.se>

	* check-cracklib.pl: Add password reuse checking. From Harald
	Barth.
	
2006-06-14  Love Hrnquist strand  <lha@@it.su.se>
	
	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4

	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4

	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
	
2006-06-06  Love Hrnquist strand  <lha@@it.su.se>

	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION

2006-05-30  Love Hrnquist strand  <lha@@it.su.se>

	* password_quality.c (kadm5_check_password_quality): set error
	message in context.
	
2006-05-13  Love Hrnquist strand  <lha@@it.su.se>

	* iprop-log.c: Avoid shadowing.

	* rename_s.c: Avoid shadowing.

2006-05-08  Love Hrnquist strand  <lha@@it.su.se>

	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
	that way.
	
2006-05-05  Love Hrnquist strand  <lha@@it.su.se>

	* Rename u_intXX_t to uintXX_t

2006-04-27  Love Hrnquist strand  <lha@@it.su.se>

	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for

	* send_recv.c: set and clear error string

	* rename_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* randkey_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* modify_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* log.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* get_s.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* delete_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* chpass_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.
	
2006-04-25  Love Hrnquist strand  <lha@@it.su.se>

	* create_s.c (create_principal*): If client doesn't send kvno,
	make sure to set it to 1.
	
2006-04-10  Love Hrnquist strand  <lha@@it.su.se>

	* log.c: (kadm5_log_rename): handle errors better
	Fixes Coverity, NetBSD CID#628

	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
	CID#626
	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627

	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
	case no client name was passed in. Coverity, NetBSD CID#919
	
	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
	case of error. Coverity NetBSD CID#1908
	
2006-02-02  Love Hrnquist strand  <lha@@it.su.se>
	
	* kadm5_err.et: (PASS_REUSE): Spelling, 
	from Vclav H?la <ax@@natur.cuni.cz>
	
2006-01-25  Love Hrnquist strand  <lha@@it.su.se>

	* send_recv.c: Clear error-string when introducing new errors.

	* *_c.c: Clear error-string when introducing new errors.
	
2006-01-15  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
	dependency
	
2005-12-13  Love Hrnquist strand  <lha@@it.su.se>

	* memset hdb_entry_ex before use
	
2005-12-12  Love Hrnquist strand  <lha@@it.su.se>
	
	* Wrap hdb_entry with hdb_entry_ex, patch originally 
	from Andrew Bartlet

2005-11-30  Love Hrnquist strand  <lha@@it.su.se>

	* context_s.c (set_field): try another way to calculate the path
	to the database/logfile/signal-socket

	* log.c (kadm5_log_init): set error string on failures
	
2005-09-08  Love Hrnquist strand  <lha@@it.su.se>

	* Constify password.

	* admin.h: Add KRB5_TL_PKINIT_ACL.
	
	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
	
	* get_s.c (kadm5_s_get_principal): clear error string
	
2005-08-25  Love Hrnquist strand  <lha@@it.su.se>

	* iprop-log.8: More text about iprop-log.
	
2005-08-24  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.8: SEE ALSO iprop-log.

	* Makefile.am: man_MANS += iprop-log.8

	* iprop-log.8: Basic for documentation of iprop-log.
	
	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
	iprop-log.

	* log.c (kadm5_log_foreach): add a context variable and pass it
	down to `func.

	* iprop-commands.in: Move truncate_log and replay_log into
	iprop-log.

	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Make this work with a clean directory.

	* ipropd_master.c: Make compile.

	* ipropd_master.c: Update to new signature of kadm5_log_previous.

	* log.c (kadm5_log_previous): catch errors instead of asserting
	and set error string.

	* iprop-commands.in: New program iprop-log that incorperates
	dump_log as a subcommand, truncate_log and replay_log soon to come
	after.
	
	* iprop-log.c: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.

	* Makefile.am: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.
	
2005-08-11 Love Hrnquist strand  <lha@@it.su.se>

	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
	
	* set_keys.c: Set and clear password where appropriate.

	* randkey_s.c: Operation modifies tl_data.

	* log.c (kadm5_log_replay_modify): Check return values of
	malloc(), replace all extensions.

	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.

	* get_s.c: Expose KADM5_TL_DATA options to the client.

	* ent_setup.c: Merge in KADM5_TL_DATA in the database.

	* chpass_s.c: Operations modify extensions, mark that with
	TL_DATA.

	* admin.h: Add more TL types (password and extension).

2005-06-17  Love Hrnquist strand  <lha@@it.su.se>

	* constify

	* ipropd_slave.c: avoid shadowing

	* ipropd_master.c: rename local variable slave to s, optind ->
	optidx

	* get_princs_c.c: rename variable exp to expression
	
	* ad.c: rename variable exp to expression

	* log.c: rename shadowing len to num
	
	* get_princs_s.c: rename variable exp to expression

	* context_s.c: const poison

	* common_glue.c: rename variable exp to expression

2005-05-30  Love Hrnquist strand  <lha@@it.su.se>

	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
	
	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE

	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags

2005-05-25  Love Hrnquist strand  <lha@@it.su.se>

	* kadm5_pwcheck.3: please mdoclint

2005-05-25  Dave Love  <fx@@gnu.org>

	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
	improve text

2005-05-24  Dave Love  <fx@@gnu.org>

	* iprop.8: Added some info about defaults, fixed some markup.
	
2005-05-23  Dave Love  <fx@@gnu.org>

	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.

	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.

2005-05-13  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
	failure

2005-05-09  Dave Love  <fx@@gnu.org>

	* password_quality.c (find_func): Fix off-by-one and logic error.
	(external_passwd_quality): Improve messages.

	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
	and kadm5_add_passwd_quality_verifier.

2005-04-30  Love Hrnquist strand  <lha@@it.su.se>

	* default_keys.c: #include <err.h>, only print salt it its longer
	then 0, use krb5_err instead of errx where appropriate
	
2005-04-25  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: add the documented option --port

	* ipropd_master.c: add the documented option --port
	
	* dump_log.c: use the newly generated units function

2005-04-24  Love Hrnquist strand  <lha@@it.su.se>

	* dump_log.c: use strlcpy
	
	* password_quality.c: don't use sizeof(pointer)
	
2005-04-15  Love Hrnquist strand  <lha@@it.su.se>

	* check-cracklib.pl: external password verifier sample

	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
	is passed in, load defaults

2005-04-14  Love Hrnquist strand  <lha@@it.su.se>

	* password_quality.c: add an end tag to the external password
	quality check protocol

2005-04-13  Love Hrnquist strand  <lha@@it.su.se>

	* password_quality.c: add external passsword quality check builtin
	module
	
	[password_quality]
		policies = external-check
		external-program = /bin/false
	
	To approve password a, make the test program return APPROVED on
	stderr and fail with exit code 0.
	
2004-10-12  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: bump version to 7:7:0 and 6:5:2
	
	* default_keys.c (parse_file): use hdb_generate_key_set
	
	* keys.c,set_keys.c: Move keyset parsing and password based keyset
	generation into hdb.  Requested by Andrew Bartlett <abartlet@@samba.org>
	for hdb-ldb backend.
	
2004-09-23  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: add help strings to some options
	
2004-09-12  Love Hrnquist strand  <lha@@it.su.se>

	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
	
	* keys.c (_kadm5_free_keys): change prototype, make it use
	krb5_context instead of a kadm5_server_context
	
	* set_keys.c (parse_key_set): do way with static returning
	(function) static variable and returned allocated memory
	(_kadm5_generate_key_set): free enctypes returned by parse_key_set

2004-09-06  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c: Fix memory leak, don't return stack variables From
	Andrew Bartlett
	
	* set_keys.c: make all_etypes const and move outside function to
	avoid returning data on stack
	
2004-08-26  Love Hrnquist strand  <lha@@it.su.se>

	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
	delim of the third element, this is so we can match
	"foo@@REALM<SPC>all<SPC><SPC>*@@REALM", before it just matched
	"foo@@REALM<SPC>all<SPC>*@@REALM", but that is kind of lucky since
	what really happen was that the last <SPC> was stamped out, and
	the it never strtok_r never needed to parse over it.
	
2004-08-25  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
	without salting, some people tries to add the string
	"arcfour-hmac-md5" when they really should have used
	"arcfour-hmac-md5:pw-salt", help them and add glue for that
	
2004-08-18  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: add --detach

2004-07-06  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: use new tsasl interface remove debug printf add upn to
	computer-accounts
	
2004-06-28  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
	strings
	
2004-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: man_MANS = kadm5_pwcheck.3
	
	* kadm5_pwcheck.3: document new password quality api
	
	* password_quality.c: new password check interface (old still
	supported)
	
	* kadm5-pwcheck.h: new password check interface
	
2004-06-08  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c (main): process all slaves, not just up to the
	last slave sending data
	(bug report from Bjrn Sandell <biorn@@dce.chalmers.se>)
	(*): only send one ARE_YOU_THERE

2004-06-02  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: use krb5_set_password_using_ccache
	
2004-06-01  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: try handle spn's better
	
2004-05-31  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: add expiration time
	
	* ad.c: add modify operations
	
	* ad.c: handle create and delete
	
2004-05-27  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: more code for get, handle attributes
	
	* ad.c: more code for get, handle time stamps and bad password
	counter

	* ad.c: more code for get, only fetches kvno for now
	
2004-05-26  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: add support for tsasl
	
	* private.h: add kadm5_ad_context
	
	* ipropd_master.c (prop_one): store the opcode in the begining of
	the blob, not the end
	
	* ad.c: try all ldap servers in dns, generate a random password,
	base64(random_block(64)), XXX must make it support other then
	ARCFOUR
	
	* ad.c: framework for windows AD backend
	
2004-03-07  Love Hrnquist strand  <lha@@it.su.se>

	* create_s.c (kadm5_s_create_principal): remove old XXX command
	and related code, _kadm5_set_keys will do all this now
	
2004-02-29  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
	enctype for des keys From: Andrew Bartlett <abartlet@@samba.org>
	
	* create_s.c (kadm5_s_create_principal_with_key): don't call
	_kadm5_set_keys2, create_principal will do that for us. Set kvno
	to 1.

	* chpass_s.c (change): bump kvno
	(kadm5_s_chpass_principal_with_key): bump kvno

	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
	
	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
	to that

2003-12-30  Love Hrnquist strand  <lha@@it.su.se>

	* chpass_s.c (change): fix same-password-again by decrypting keys
	and setting an error code From: Buck Huppmann <buckh@@pobox.com>
	
2003-12-21  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
	other krb5_ functions

2003-12-08  Love Hrnquist strand  <lha@@it.su.se>

	* rename_s.c (kadm5_s_rename_principal): allow principal to change
	realm From Panasas Inc
	
2003-12-07  Love Hrnquist strand  <lha@@it.su.se>

	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
	Inc

2003-11-23  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.h: don't include <krb5-private.h>
	
	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
	* ipropd_master.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
2003-11-19  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c (receive_loop): when seeking over the entries we
	already have, skip over the trailer.  From: Jeffrey Hutzelman
	<jhutz@@cmu.edu>

	* dump_log.c,ipropd_master.c,ipropd_slave.c,
	replay_log.c,truncate_log.c: parse kdc.conf
	From: Jeffrey Hutzelman <jhutz@@cmu.edu>

2003-10-10  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: += test_pw_quality
	
	* test_pw_quality.c: test program for verifying password quality
	function

2003-09-03  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: add and enable check program default_keys
	
	* default_keys.c: test program for _kadm5_generate_key_set
	
	* init_c.c: use
	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free

2003-08-17  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
	
	* ipropd_master.c (main): make sure current_version is initialized
	
2003-08-15  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c: use default_keys for the both random keys and
	password derived keys if its defined
	
2003-07-24  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c (receive_everything): switch close and rename
	From: Alf Wachsmann <alfw@@SLAC.Stanford.EDU>
	
2003-07-03  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.h, ipropd_master.c, ipropd_slave.c:
	Add probing from the server that the client is still there, also
	make the client check that the server is probing.

2003-07-02  Love Hrnquist strand  <lha@@it.su.se>

	* truncate_log.c (main): add missing ``if (ret)''
	
2003-06-26  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (make_keys): add AES support
	
	* set_keys.c: fix off by one in the aes case, pointed out by Ken
	Raeburn

2003-04-30  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): add
	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
	support

2003-04-16  Love Hrnquist strand  <lha@@it.su.se>

	* send_recv.c: check return values from krb5_data_alloc
	* log.c: check return values from krb5_data_alloc
	
2003-04-16  Love Hrnquist strand  <lha@@it.su.se>

	* dump_log.c (print_entry): check return values from
	krb5_data_alloc

2003-04-01  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (kadm_connect): if a context realm was passed in, use
	that to form the kadmin/admin principal
	
2003-03-19  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c (main): make sure we don't consider dead slave
	for select processing
	(write_stats): use slave_stats_file variable, 
	check return value of strftime
	(args): allow specifying slave stats file
	(slave_dead): close the fd when the slave dies

2002-10-21  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c (from Derrick Brashear): Propagating a large
	database without this means the slave kdcs can get erroneous
	HDB_NOENTRY and return the resulting errors. This creates a new db
	handle, populates it, and moves it into place.

2002-08-26  Assar Westerlund  <assar@@kth.se>

	* ipropd_slave.c (receive_everything): type-correctness calling
	_krb5_get_int

	* context_s.c (find_db_spec): const-correctness in parameters to
	krb5_config_get_next

2002-08-16  Johan Danielsson  <joda@@pdc.kth.se>

	* private.h: rename header file flag macro

	* Makefile.am: generate kadm5-{protos,private}.h

2002-08-15  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: check return value of krb5_sockaddr2address

2002-07-04  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: handle slaves that come and go; add status
	reporting (both from Love)

	* iprop.h: KADM5_SLAVE_STATS

2002-03-25  Jacques Vidrine  <n@@nectar.com>

	* init_c.c (get_cred_cache): bug fix: the default credentials
	cache was not being used if a client name was specified.

2002-03-25  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c (get_cred_cache): when getting the default_client from
	the cred cache, make sure the instance part is "admin"; this
	should require fewer uses of -p

2002-03-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2

2002-02-08  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: we have to create our own param struct before
	marshaling

2001-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: link with LIB_pidfile

	* iprop.h: include util.h for pidfile

2001-08-31  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (main): syslog with the correct name

2001-08-30  Jacques Vidrine <n@@nectar.com>

	* ipropd_slave.c, ipropd_master.c (main): call pidfile

2001-08-28  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0

2001-08-24  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): do not return bogus flags and re-organize
	function

	* Makefile.am: rename variable name to avoid error from current
	automake

2001-08-13  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c: add easier afs configuration, defaulting to the
	local realm in lower case; also try to remove duplicate salts

2001-07-12  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: add required library dependencies

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2

2001-06-29  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: call krb5_get_init_creds_opt_set_default_flags

2001-02-19  Johan Danielsson  <joda@@pdc.kth.se>

	* replay_log.c: add --{start-end}-version flags to replay just
	part of the log

2001-02-15  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): fix select-loop to decrement ret
	correctly.  from "Brandon S. Allbery KF8NH" <allbery@@ece.cmu.edu>

2001-01-30  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump versions

2000-12-31  Assar Westerlund  <assar@@sics.se>

	* init_s.c (*): handle krb5_init_context failure consistently
	* init_c.c (init_context): handle krb5_init_context failure
	consistently

2000-12-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0

2000-11-16  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): clean-up salting loop and try not to
	leak memory

	* ipropd_master.c (main): check for fd's being too large to select
	on

2000-08-16  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0

2000-08-10  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match

2000-08-07  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): ignore SIGPIPE

2000-08-06  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (receive_everything): make `fd' an int instead of
	a pointer.  From Derrick J Brashear <shadow@@dementia.org>

2000-08-04  Johan Danielsson  <joda@@pdc.kth.se>

	* admin.h: change void** to void*

2000-07-25  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: bump versions to 7:0:0 and 6:0:2

2000-07-24  Assar Westerlund  <assar@@sics.se>

	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
	and make a new that takes a context
	(kadm5_log_nop): add logging of missing lengths
	(kadm5_log_truncate): new function

	* dump_log.c (print_entry): update and correct
	* randkey_s.c: call _kadm5_bump_pw_expire
	* truncate_log.c: new program for truncating the log
	* Makefile.am (sbin_PROGRAMS): add truncate_log
	(C_SOURCES): add bump_pw_expire.c
	* bump_pw_expire.c: new function for extending password expiration

2000-07-22  Assar Westerlund  <assar@@sics.se>

	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys

	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
	functions

	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
	* Makefile.am (C_SOURCES): add keys.c
	* init_c.c: remove unused variable and handle some parameters
	being NULL

2000-07-22  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: use krb5_read_priv_message

	* ipropd_master.c: use krb5_{read,write}_priv_message

	* init_c.c: use krb5_write_priv_message

2000-07-11  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: no need to call gethostname, since
	sname_to_principal will

	* send_recv.c: assert that we have a connected socket

	* get_princs_c.c: call _kadm5_connect

	* rename_c.c: call _kadm5_connect

	* randkey_c.c: call _kadm5_connect

	* privs_c.c: call _kadm5_connect

	* modify_c.c: call _kadm5_connect

	* get_c.c: call _kadm5_connect

	* delete_c.c: call _kadm5_connect

	* create_c.c: call _kadm5_connect

	* chpass_c.c: call _kadm5_connect

	* private.h: add more fields to client context; remove prototypes

	* admin.h: remove prototypes

	* kadm5-protos.h: move public prototypes here

	* kadm5-private.h: move private prototypes here

	* init_c.c: break out connection code to separate function, and
	defer calling it until we actually do something

2000-07-07  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
	backwards compatability

2000-06-26  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
	adaptable to different salts
	
2000-06-19  Johan Danielsson  <joda@@pdc.kth.se>

	* get_s.c: pa_* -> KRB5_PADATA_*

2000-06-16  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: change default keytab to default keytab (as in
	typically FILE:/etc/krb5.keytab)

2000-06-08  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: bug fixes, for actually writing the full dump to
	the database.  based on a patch from Love <lha@@stacken.kth.se>

2000-06-07  Assar Westerlund  <assar@@sics.se>

	* acl.c: add support for patterns of principals
	* log.c (kadm5_log_replay_create): handle more NULL pointers
	(should they really happen?)
	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
	max_renew == NULL

	* ipropd_master.c: use syslog.  be less verbose
	* ipropd_slave.c: use syslog

2000-06-05  Assar Westerlund  <assar@@sics.se>

	* private.h (kadm_ops): add kadm_nop more prototypes
	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
	kadm5_log_replay_nop): add
	* ipropd_slave.c: and some more improvements
	* ipropd_master.c: lots of improvements
	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
	(iprop_cmd): add new commands

	* dump_log.c: add nop

2000-05-15  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1

2000-05-12  Assar Westerlund  <assar@@sics.se>

	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
	fallback.  handle not having any creator.
	* destroy_s.c (kadm5_s_destroy): free all allocated memory
	* context_s.c (set_field): free variable if it's already set
	(find_db_spec): malloc space for all strings

2000-04-05  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (LDADD): add LIB_openldap

2000-04-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1

2000-03-24  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys2): rewrite
	(_kadm5_set_keys3): add

	* private.h (struct kadm_func): add chpass_principal_with_key
	* init_c.c (set_funcs): add chpass_principal_with_key

2000-03-23  Assar Westerlund  <assar@@sics.se>

	* context_s.c (set_funcs): add chpass_principal_with_key
	* common_glue.c (kadm5_chpass_principal_with_key): add
	* chpass_s.c: comment-ize and change calling convention for
	_kadm5_set_keys*
	* chpass_c.c (kadm5_c_chpass_principal_with_key): add

2000-02-07  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0

2000-01-28  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_new_cache): make sure to request non-forwardable,
	non-proxiable

2000-01-06  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv.la): bump version to 5:1:0

	* context_s.c (_kadm5_s_init_context): handle params == NULL

1999-12-26  Assar Westerlund  <assar@@sics.se>

	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
 	== NULL

1999-12-20  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0

	* init_c.c (_kadm5_c_init_context): handle getting back port
 	number from admin host
	(kadm5_c_init_with_context): remove `proto/' part before doing
	getaddrinfo()

1999-12-06  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump version to 5:0:0 and 4:0:0

	* init_c.c (kadm5_c_init_with_context): don't use unitialized
 	stuff

1999-12-04  Assar Westerlund  <assar@@sics.se>

	* replay_log.c: adapt to changed kadm5_log_foreach

	* log.c (kadm5_log_foreach): change to take a
 	`kadm5_server_context'

	* init_c.c: use krb5_warn{,x}

	* dump_log.c: adapt to changed kadm5_log_foreach

	* init_c.c: re-write to use getaddrinfo
	* Makefile.am (install-build-headers): add dependency
	
1999-12-03  Johan Danielsson  <joda@@pdc.kth.se>

	* log.c (kadm5_log_foreach): pass context

	* dump_log.c: print more interesting things

1999-12-02  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c (process_msg): check for short reads

1999-11-25  Assar Westerlund  <assar@@sics.se>

	* modify_s.c (kadm5_s_modify_principal): support key_data
	(kadm5_s_modify_principal_with_key): remove

	* admin.h (kadm5_s_modify_principal_with_key): remove

1999-11-20  Assar Westerlund  <assar@@sics.se>

	* context_s.c (find_db_spec): ugly cast work-around.

1999-11-14  Assar Westerlund  <assar@@sics.se>

	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
 	that we aren't dependent on the layout of krb5_context_data
	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
 	we aren't dependent on the layout of krb5_context_data

1999-11-13  Assar Westerlund  <assar@@sics.se>

	* password_quality.c (kadm5_setup_passwd_quality_check): use
	correct types for function pointers
	
1999-11-09  Johan Danielsson  <joda@@pdc.kth.se>

	* randkey_s.c: always bail out if the fetch fails

	* admin.h (kadm5_config_params): remove fields we're not using

	* ipropd_slave.c: allow passing a realm

	* ipropd_master.c: allow passing a realm

	* dump_log.c: allow passing a realm

	* acl.c: correctly get acl file

	* private.h (kadm5_server_context): add config_params struct and
	remove acl_file; bump protocol version number

	* marshall.c: marshalling of config parameters

	* init_c.c (kadm5_c_init_with_context): try to cope with old
	servers

	* init_s.c (kadm5_s_init_with_context): actually use some passed
	values

	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
	stash_file from the config parameters, try to figure out these if
	they're not provided

1999-11-05  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (install-build-headers): use `cp' instead of
 	INSTALL_DATA

1999-11-04  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
 	directly in libkrb5's context - bad functions)

	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
 	the copied keys

1999-10-20  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
 	quality functions).
 	set version of kdam5clnt to 2:1:1 (no interface changes)

	* Makefile.am (LDADD): add $(LIB_dlopen)

1999-10-17  Assar Westerlund  <assar@@sics.se>

	* randkey_s.c (kadm5_s_randkey_principal): use
 	_kadm5_set_keys_randomly

	* set_keys.c (free_keys): free more memory
	(_kadm5_set_keys): a little bit more generic
	(_kadm5_set_keys_randomly): new function for setting random keys.

1999-10-14  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
 	ones and always add 3 DES keys and one 3DES key

1999-10-03  Assar Westerlund  <assar@@sics.se>

	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
  	check return value from strdup

1999-09-26  Assar Westerlund  <assar@@sics.se>

	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
 	strlcpy

1999-09-24  Johan Danielsson  <joda@@pdc.kth.se>

	* dump_log.c: remove unused `optind'

	* replay_log.c: remove unused `optind'

1999-09-13  Assar Westerlund  <assar@@sics.se>

	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv

	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
 	so that we avoid copying it and don't need to dimension in
 	advance.  change all callers.

1999-09-10  Assar Westerlund  <assar@@sics.se>

	* password_quality.c: new file

	* admin.h
 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
 	add prototypes

	* Makefile.am (S_SOURCES): add password_quality.c

1999-07-26  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: update versions to 2:0:1

1999-07-24  Assar Westerlund  <assar@@sics.se>

	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
 	and pw_expiration == 0 mean never

1999-07-22  Assar Westerlund  <assar@@sics.se>

	* log.c (kadm5_log_flush): extra cast

1999-07-07  Assar Westerlund  <assar@@sics.se>

	* marshall.c (store_principal_ent): encoding princ_expire_time and
 	pw_expiration in correct order

1999-06-28  Assar Westerlund  <assar@@sics.se>

	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
 	otherwise hdb will think that the new random keys are already
 	encrypted which will cause lots of confusion later.

1999-06-23  Assar Westerlund  <assar@@sics.se>

	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
 	correctly.  From Michal Vocu <michal@@karlin.mff.cuni.cz>

1999-06-15  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_cred_cache): use get_default_username

1999-05-23  Assar Westerlund  <assar@@sics.se>

	* create_s.c (create_principal): if there's no default entry the
	mask should be zero.

1999-05-21  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_cred_cache): use $USERNAME

1999-05-17  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c (get_cred_cache): figure out principal

1999-05-05  Johan Danielsson  <joda@@pdc.kth.se>

	* send_recv.c: cleanup _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys2): don't check the recently created
 	memory for NULL pointers

	* private.h (_kadm5_setup_entry): change prototype

	* modify_s.c: call new _kadm5_setup_entry

	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
 	masks, one for what bits to set and one for each of principal and
 	def containing the bits that are set there.

	* create_s.c: call new _kadm5_setup_entry

	* create_s.c (get_default): check return value
	(create_principal): send wider mask to _kadm5_setup_entry

1999-05-04  Johan Danielsson  <joda@@pdc.kth.se>

	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
	packets, check for errors

	* get_c.c: check for failure from _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_new_cache): don't abort when interrupted from
 	password prompt
	
	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
 	auth context

1999-05-03  Johan Danielsson  <joda@@pdc.kth.se>

	* chpass_s.c: fix arguments to _kadm5_set_keys2

	* private.h: proto

	* set_keys.c: clear mkvno

	* rename_s.c: add flags to fetch and store; seal keys before
	logging

	* randkey_s.c: add flags to fetch and store; seal keys before
	logging

	* modify_s.c: add flags to fetch and store; seal keys before
	logging

	* log.c: add flags to fetch and store; seal keys before logging

	* get_s.c: add flags to fetch and store; seal keys before logging

	* get_princs_s.c: add flags to fetch and store; seal keys before
	logging

	* delete_s.c: add flags to fetch and store; seal keys before
	logging

	* create_s.c: add flags to fetch and store; seal keys before
	logging

	* chpass_s.c: add flags to fetch and store; seal keys before
	logging

	* Makefile.am: remove server.c

	* admin.h: add prototypes

	* ent_setup.c (_kadm5_setup_entry): set key_data

	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data

	* modify_s.c: add kadm5_s_modify_principal_with_key

	* create_s.c: add kadm5_s_create_principal_with_key

	* chpass_s.c: add kadm5_s_chpass_principal_with_key

	* kadm5_locl.h: move stuff to private.h

	* private.h: move stuff from kadm5_locl.h
	
@


1.1
log
@Initial revision
@
text
@d1 1083
d1389 1
a1389 1
	@


1.1.1.1
log
@Import KTH Heimdal, which will be the core of our Kerberos5.
Userland to follow.
@
text
@@


1.1.1.2
log
@Vendor import of Heimdal 0.2n
@
text
@a0 9
2000-02-07  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0

2000-01-28  Assar Westerlund  <assar@@sics.se>

	* init_c.c (get_new_cache): make sure to request non-forwardable,
	non-proxiable

@


1.1.1.2.2.1
log
@MFC: Heimdal 0.3e (MIT mucho-compatible) upgrade.
@
text
@a0 201
2001-01-30  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump versions

2000-12-31  Assar Westerlund  <assar@@sics.se>

	* init_s.c (*): handle krb5_init_context failure consistently
	* init_c.c (init_context): handle krb5_init_context failure
	consistently

2000-12-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0

2000-11-16  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): clean-up salting loop and try not to
	leak memory

	* ipropd_master.c (main): check for fd's being too large to select
	on

2000-08-16  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0

2000-08-10  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match

2000-08-07  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): ignore SIGPIPE

2000-08-06  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (receive_everything): make `fd' an int instead of
	a pointer.  From Derrick J Brashear <shadow@@dementia.org>

2000-08-04  Johan Danielsson  <joda@@pdc.kth.se>

	* admin.h: change void** to void*

2000-07-25  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: bump versions to 7:0:0 and 6:0:2

2000-07-24  Assar Westerlund  <assar@@sics.se>

	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
	and make a new that takes a context
	(kadm5_log_nop): add logging of missing lengths
	(kadm5_log_truncate): new function

	* dump_log.c (print_entry): update and correct
	* randkey_s.c: call _kadm5_bump_pw_expire
	* truncate_log.c: new program for truncating the log
	* Makefile.am (sbin_PROGRAMS): add truncate_log
	(C_SOURCES): add bump_pw_expire.c
	* bump_pw_expire.c: new function for extending password expiration

2000-07-22  Assar Westerlund  <assar@@sics.se>

	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys

	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
	functions

	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
	* Makefile.am (C_SOURCES): add keys.c
	* init_c.c: remove unused variable and handle some parameters
	being NULL

2000-07-22  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: use krb5_read_priv_message

	* ipropd_master.c: use krb5_{read,write}_priv_message

	* init_c.c: use krb5_write_priv_message

2000-07-11  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: no need to call gethostname, since
	sname_to_principal will

	* send_recv.c: assert that we have a connected socket

	* get_princs_c.c: call _kadm5_connect

	* rename_c.c: call _kadm5_connect

	* randkey_c.c: call _kadm5_connect

	* privs_c.c: call _kadm5_connect

	* modify_c.c: call _kadm5_connect

	* get_c.c: call _kadm5_connect

	* delete_c.c: call _kadm5_connect

	* create_c.c: call _kadm5_connect

	* chpass_c.c: call _kadm5_connect

	* private.h: add more fields to client context; remove prototypes

	* admin.h: remove prototypes

	* kadm5-protos.h: move public prototypes here

	* kadm5-private.h: move private prototypes here

	* init_c.c: break out connection code to separate function, and
	defer calling it until we actually do something

2000-07-07  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
	backwards compatability

2000-06-26  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
	adaptable to different salts
	
2000-06-19  Johan Danielsson  <joda@@pdc.kth.se>

	* get_s.c: pa_* -> KRB5_PADATA_*

2000-06-16  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: change default keytab to default keytab (as in
	typically FILE:/etc/krb5.keytab)

2000-06-08  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: bug fixes, for actually writing the full dump to
	the database.  based on a patch from Love <lha@@stacken.kth.se>

2000-06-07  Assar Westerlund  <assar@@sics.se>

	* acl.c: add support for patterns of principals
	* log.c (kadm5_log_replay_create): handle more NULL pointers
	(should they really happen?)
	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
	max_renew == NULL

	* ipropd_master.c: use syslog.  be less verbose
	* ipropd_slave.c: use syslog

2000-06-05  Assar Westerlund  <assar@@sics.se>

	* private.h (kadm_ops): add kadm_nop more prototypes
	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
	kadm5_log_replay_nop): add
	* ipropd_slave.c: and some more improvements
	* ipropd_master.c: lots of improvements
	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
	(iprop_cmd): add new commands

	* dump_log.c: add nop

2000-05-15  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1

2000-05-12  Assar Westerlund  <assar@@sics.se>

	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
	fallback.  handle not having any creator.
	* destroy_s.c (kadm5_s_destroy): free all allocated memory
	* context_s.c (set_field): free variable if it's already set
	(find_db_spec): malloc space for all strings

2000-04-05  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (LDADD): add LIB_openldap

2000-04-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1

2000-03-24  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys2): rewrite
	(_kadm5_set_keys3): add

	* private.h (struct kadm_func): add chpass_principal_with_key
	* init_c.c (set_funcs): add chpass_principal_with_key

2000-03-23  Assar Westerlund  <assar@@sics.se>

	* context_s.c (set_funcs): add chpass_principal_with_key
	* common_glue.c (kadm5_chpass_principal_with_key): add
	* chpass_s.c: comment-ize and change calling convention for
	_kadm5_set_keys*
	* chpass_c.c (kadm5_c_chpass_principal_with_key): add

@


1.1.1.2.2.2
log
@MFC: Update Heimdal Kerberos to 0.4e around 2002/02/17.
@
text
@a0 58
2002-02-08  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: we have to create our own param struct before
	marshaling

2001-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: link with LIB_pidfile

	* iprop.h: include util.h for pidfile

2001-08-31  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (main): syslog with the correct name

2001-08-30  Jacques Vidrine <n@@nectar.com>

	* ipropd_slave.c, ipropd_master.c (main): call pidfile

2001-08-28  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0

2001-08-24  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): do not return bogus flags and re-organize
	function

	* Makefile.am: rename variable name to avoid error from current
	automake

2001-08-13  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c: add easier afs configuration, defaulting to the
	local realm in lower case; also try to remove duplicate salts

2001-07-12  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: add required library dependencies

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2

2001-06-29  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: call krb5_get_init_creds_opt_set_default_flags

2001-02-19  Johan Danielsson  <joda@@pdc.kth.se>

	* replay_log.c: add --{start-end}-version flags to replay just
	part of the log

2001-02-15  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): fix select-loop to decrement ret
	correctly.  from "Brandon S. Allbery KF8NH" <allbery@@ece.cmu.edu>

d516 1
a516 1
	
@


1.1.1.2.2.3
log
@MFC: Update Heimdal Kerberos to pre-0.5 around 2002/08/29.
@
text
@a0 41
2002-08-26  Assar Westerlund  <assar@@kth.se>

	* ipropd_slave.c (receive_everything): type-correctness calling
	_krb5_get_int

	* context_s.c (find_db_spec): const-correctness in parameters to
	krb5_config_get_next

2002-08-16  Johan Danielsson  <joda@@pdc.kth.se>

	* private.h: rename header file flag macro

	* Makefile.am: generate kadm5-{protos,private}.h

2002-08-15  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: check return value of krb5_sockaddr2address

2002-07-04  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: handle slaves that come and go; add status
	reporting (both from Love)

	* iprop.h: KADM5_SLAVE_STATS

2002-03-25  Jacques Vidrine  <n@@nectar.com>

	* init_c.c (get_cred_cache): bug fix: the default credentials
	cache was not being used if a client name was specified.

2002-03-25  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c (get_cred_cache): when getting the default_client from
	the cred cache, make sure the instance part is "admin"; this
	should require fewer uses of -p

2002-03-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2

@


1.1.1.2.2.4
log
@MFC: Heimdal 0.5.1
@
text
@a0 4
2002-10-21  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: pull up 1.27; use a temporary database

@


1.1.1.3
log
@import of heimdal 0.3e
@
text
@a0 201
2001-01-30  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: bump versions

2000-12-31  Assar Westerlund  <assar@@sics.se>

	* init_s.c (*): handle krb5_init_context failure consistently
	* init_c.c (init_context): handle krb5_init_context failure
	consistently

2000-12-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0

2000-11-16  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): clean-up salting loop and try not to
	leak memory

	* ipropd_master.c (main): check for fd's being too large to select
	on

2000-08-16  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0

2000-08-10  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match

2000-08-07  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): ignore SIGPIPE

2000-08-06  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (receive_everything): make `fd' an int instead of
	a pointer.  From Derrick J Brashear <shadow@@dementia.org>

2000-08-04  Johan Danielsson  <joda@@pdc.kth.se>

	* admin.h: change void** to void*

2000-07-25  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: bump versions to 7:0:0 and 6:0:2

2000-07-24  Assar Westerlund  <assar@@sics.se>

	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
	and make a new that takes a context
	(kadm5_log_nop): add logging of missing lengths
	(kadm5_log_truncate): new function

	* dump_log.c (print_entry): update and correct
	* randkey_s.c: call _kadm5_bump_pw_expire
	* truncate_log.c: new program for truncating the log
	* Makefile.am (sbin_PROGRAMS): add truncate_log
	(C_SOURCES): add bump_pw_expire.c
	* bump_pw_expire.c: new function for extending password expiration

2000-07-22  Assar Westerlund  <assar@@sics.se>

	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys

	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
	functions

	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
	* Makefile.am (C_SOURCES): add keys.c
	* init_c.c: remove unused variable and handle some parameters
	being NULL

2000-07-22  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: use krb5_read_priv_message

	* ipropd_master.c: use krb5_{read,write}_priv_message

	* init_c.c: use krb5_write_priv_message

2000-07-11  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: no need to call gethostname, since
	sname_to_principal will

	* send_recv.c: assert that we have a connected socket

	* get_princs_c.c: call _kadm5_connect

	* rename_c.c: call _kadm5_connect

	* randkey_c.c: call _kadm5_connect

	* privs_c.c: call _kadm5_connect

	* modify_c.c: call _kadm5_connect

	* get_c.c: call _kadm5_connect

	* delete_c.c: call _kadm5_connect

	* create_c.c: call _kadm5_connect

	* chpass_c.c: call _kadm5_connect

	* private.h: add more fields to client context; remove prototypes

	* admin.h: remove prototypes

	* kadm5-protos.h: move public prototypes here

	* kadm5-private.h: move private prototypes here

	* init_c.c: break out connection code to separate function, and
	defer calling it until we actually do something

2000-07-07  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
	backwards compatability

2000-06-26  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
	adaptable to different salts
	
2000-06-19  Johan Danielsson  <joda@@pdc.kth.se>

	* get_s.c: pa_* -> KRB5_PADATA_*

2000-06-16  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: change default keytab to default keytab (as in
	typically FILE:/etc/krb5.keytab)

2000-06-08  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c: bug fixes, for actually writing the full dump to
	the database.  based on a patch from Love <lha@@stacken.kth.se>

2000-06-07  Assar Westerlund  <assar@@sics.se>

	* acl.c: add support for patterns of principals
	* log.c (kadm5_log_replay_create): handle more NULL pointers
	(should they really happen?)
	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
	max_renew == NULL

	* ipropd_master.c: use syslog.  be less verbose
	* ipropd_slave.c: use syslog

2000-06-05  Assar Westerlund  <assar@@sics.se>

	* private.h (kadm_ops): add kadm_nop more prototypes
	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
	kadm5_log_replay_nop): add
	* ipropd_slave.c: and some more improvements
	* ipropd_master.c: lots of improvements
	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
	(iprop_cmd): add new commands

	* dump_log.c: add nop

2000-05-15  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1

2000-05-12  Assar Westerlund  <assar@@sics.se>

	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
	fallback.  handle not having any creator.
	* destroy_s.c (kadm5_s_destroy): free all allocated memory
	* context_s.c (set_field): free variable if it's already set
	(find_db_spec): malloc space for all strings

2000-04-05  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (LDADD): add LIB_openldap

2000-04-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1

2000-03-24  Assar Westerlund  <assar@@sics.se>

	* set_keys.c (_kadm5_set_keys2): rewrite
	(_kadm5_set_keys3): add

	* private.h (struct kadm_func): add chpass_principal_with_key
	* init_c.c (set_funcs): add chpass_principal_with_key

2000-03-23  Assar Westerlund  <assar@@sics.se>

	* context_s.c (set_funcs): add chpass_principal_with_key
	* common_glue.c (kadm5_chpass_principal_with_key): add
	* chpass_s.c: comment-ize and change calling convention for
	_kadm5_set_keys*
	* chpass_c.c (kadm5_c_chpass_principal_with_key): add

@


1.1.1.4
log
@import of heimdal 0.3f
@
text
@a0 10
2001-02-19  Johan Danielsson  <joda@@pdc.kth.se>

	* replay_log.c: add --{start-end}-version flags to replay just
	part of the log

2001-02-15  Assar Westerlund  <assar@@sics.se>

	* ipropd_master.c (main): fix select-loop to decrement ret
	correctly.  from "Brandon S. Allbery KF8NH" <allbery@@ece.cmu.edu>

@


1.1.1.5
log
@Import of Heimdal Kerberos from KTH repository circa 2002/02/17.
@
text
@a0 48
2002-02-08  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: we have to create our own param struct before
	marshaling

2001-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* Makefile.am: link with LIB_pidfile

	* iprop.h: include util.h for pidfile

2001-08-31  Assar Westerlund  <assar@@sics.se>

	* ipropd_slave.c (main): syslog with the correct name

2001-08-30  Jacques Vidrine <n@@nectar.com>

	* ipropd_slave.c, ipropd_master.c (main): call pidfile

2001-08-28  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0

2001-08-24  Assar Westerlund  <assar@@sics.se>

	* acl.c (fetch_acl): do not return bogus flags and re-organize
	function

	* Makefile.am: rename variable name to avoid error from current
	automake

2001-08-13  Johan Danielsson  <joda@@pdc.kth.se>

	* set_keys.c: add easier afs configuration, defaulting to the
	local realm in lower case; also try to remove duplicate salts

2001-07-12  Assar Westerlund  <assar@@sics.se>

	* Makefile.am: add required library dependencies

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2

2001-06-29  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c: call krb5_get_init_creds_opt_set_default_flags

d526 1
a526 1
	
@


1.1.1.6
log
@Import of Heimdal Kerberos from KTH repository circa 2002/08/29.
@
text
@a0 41
2002-08-26  Assar Westerlund  <assar@@kth.se>

	* ipropd_slave.c (receive_everything): type-correctness calling
	_krb5_get_int

	* context_s.c (find_db_spec): const-correctness in parameters to
	krb5_config_get_next

2002-08-16  Johan Danielsson  <joda@@pdc.kth.se>

	* private.h: rename header file flag macro

	* Makefile.am: generate kadm5-{protos,private}.h

2002-08-15  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: check return value of krb5_sockaddr2address

2002-07-04  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: handle slaves that come and go; add status
	reporting (both from Love)

	* iprop.h: KADM5_SLAVE_STATS

2002-03-25  Jacques Vidrine  <n@@nectar.com>

	* init_c.c (get_cred_cache): bug fix: the default credentials
	cache was not being used if a client name was specified.

2002-03-25  Johan Danielsson  <joda@@pdc.kth.se>

	* init_c.c (get_cred_cache): when getting the default_client from
	the cred cache, make sure the instance part is "admin"; this
	should require fewer uses of -p

2002-03-11  Assar Westerlund  <assar@@sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2

@


1.1.1.7
log
@Import of Heimdal 0.5.1.

Approved by:	re
@
text
@a0 4
2002-10-21  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: pull up 1.27; use a temporary database

@


1.1.1.8
log
@Vendor import of Heimdal 0.6.
@
text
@a0 24
2003-04-16  Love Hrnquist strand <lha@@it.su.se>

	* send_recv.c: check return values from krb5_data_alloc
	* log.c: check return values from krb5_data_alloc
	
2003-04-16  Love Hrnquist strand <lha@@it.su.se>

	* dump_log.c (print_entry): check return values from
	krb5_data_alloc

2003-04-01  Love Hrnquist strand <lha@@it.su.se>

	* init_c.c (kadm_connect): if a context realm was passed in, use
	that to form the kadmin/admin principal
	
2003-03-19  Love Hrnquist strand <lha@@it.su.se>

	* ipropd_master.c (main): make sure we don't consider dead slave
	for select processing
	(write_stats): use slave_stats_file variable, 
	check return value of strftime
	(args): allow specifying slave stats file
	(slave_dead): close the fd when the slave dies

d3 1
a3 4
	* ipropd_slave.c (from Derrick Brashear): Propagating a large
	database without this means the slave kdcs can get erroneous
	HDB_NOENTRY and return the resulting errors. This creates a new db
	handle, populates it, and moves it into place.
@


1.1.1.9
log
@Vendor import of Heimdal 0.6.1.
@
text
@a0 16
2003-12-30  Love Hrnquist strand <lha@@it.su.se>

	* chpass_s.c: from 1.14->1.15:
	(change): fix same-password-again by decrypting keys and setting
	an error code. From: Buck Huppmann <buckh@@pobox.com>
	
2003-12-21  Love Hrnquist strand <lha@@it.su.se>

	* init_c.c: 1.47->1.48: (_kadm5_c_init_context): catch errors from
	strdup and other krb5_ functions
	
2003-08-15  Love Hrnquist strand <lha@@it.su.se>

	* ipropd_slave.c: 1.27->1.28: (receive_everything): switch close
	and rename From: Alf Wachsmann <alfw@@SLAC.Stanford.EDU>
	
@


1.1.1.10
log
@Vendor import of Heimdal 1.1
@
text
@d1 1
a1 1
2008-01-21  Love Hrnquist strand  <lha@@it.su.se>
d3 3
a5 269
	* default_keys.c: Use hdb_free_keys().

2008-01-11  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: add check-cracklib.pl, flush.c,
	sample_passwd_check.c

2007-12-07  Love Hrnquist strand  <lha@@it.su.se>

	* use hdb_db_dir() and hdb_default_db()

2007-10-18  Love  <lha@@stacken.kth.se>

	* init_c.c: We are getting default_client, not client. this way
	the user can override the result.
	
2007-09-29  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.8: fix spelling, From Antoine Jacoutt.

2007-08-16  Love Hrnquist strand  <lha@@it.su.se>

	* version-script.map: export _kadm5_unmarshal_params,
	_kadm5_acl_check_permission

	* version-script.map: export kadm5_log_ symbols.

	* log.c: Unexport the specific log replay operations.
	
2007-08-10  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: build sample_passwd_check.la as part of noinst.

	* sample_passwd_check.c: Add missing prototype for check_length().

2007-08-07  Love Hrnquist strand  <lha@@it.su.se>

	* log.c: Sprinkle krb5_set_error_string().

	* ipropd_slave.c: Provide better error why kadm5_log_replay
	failed.

2007-08-06  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c: - don't push whole database to the new client
	every time.  - make slaves get the whole new database if they have
	a newer log the the master (and thus have them go back in time).

2007-08-03  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: make more sane.

	* ipropd_slave.c: more paranoid check that the log entires are
	self consistant

	* log.c (kadm5_log_foreach): check that the postamble contains the
	right data.

	* ipropd_master.c: Sprinkle more info about what versions the
	master thinks about the client versions.

	* ipropd_master.c: Start the server at the current version, not 0.

2007-08-02  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c: Add more logging, to figure out what is
	happening in the master.

2007-08-01  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: add version-script for libkadm5srv.la

	* version-script.map: version script fro kadm5 server libary.

	* log.c: only free the orignal entries extentions if there was
	any.  Bug reported by Peter Meinecke.

	* add configuration for signal file and acl file, let user select
	hostname, catch signals and print why we are quiting, make nop
	cause one new version, not two

2007-07-30  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c (send_diffs): make current slave's version
	uptodate when diff have been sent.
	
2007-07-27  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: More comments and some more error checking.
	
2007-07-26  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (get_cache_principal): make sure id is reset if we
	fail. From Benjamin Bennet.

2007-07-10  Love Hrnquist strand  <lha@@it.su.se>

	* context_s.c (find_db_spec): match realm-less as the default
	realm.

	* Makefile.am: New library version.

2007-07-05  Love Hrnquist strand  <lha@@it.su.se>

	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
	ctx->config.realm can be NULL, check for that, from Bjorn S.
	
2007-07-04  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c: Try harder to use the right principal.

2007-06-20  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: Catch return value from krb5_program_setup. From
	Steven Luo.
	
2007-05-08  Love Hrnquist strand  <lha@@it.su.se>

	* delete_s.c: Write log entry after store is successful, rename
	out goto statments.

	* randkey_s.c: Write log entry after store is successful.

	* modify_s.c: Write log entry after store is successful.

	* rename_s.c: indent.

	* chpass_s.c: Write log entry after store is successful.

	* create_s.c: Write log entry after store is successful.
	
2007-05-07  Love Hrnquist strand  <lha@@it.su.se>
	
	* iprop-commands.in: Add default values to make this working
	again.

	* iprop-log.c (iprop_replay): create the database with more
	liberal mode.

	* log.c: make it slightly more working.

	* iprop-log.8: Document last-version.

	* iprop-log.c: (last_version): print last version of the log.
	
	* iprop-commands.in: new command last-version: print last version
	of the log.

	* log.c (kadm5_log_previous): document assumptions and make less
	broken.  Bug report from Ronny Blomme.
	
2007-02-17  Love Hrnquist strand  <lha@@it.su.se>

	* admin.h: add support to get aliases

	* get_s.c: add support to get aliases

2007-02-11  David Love  <fx@@gnu.org>

	* iprop-log.8: Small fixes, from David Love.
	
2006-12-15  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c: if the user have a kadmin/admin initial ticket, don't
	ask for password, just use the credential instead.
	
2006-12-06  Love Hrnquist strand  <lha@@it.su.se>
	
	* ipropd_master.c: Use strcspn to remove \n from string returned
	by fgets.  From Bjrn Sandell
	
2006-11-30  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (kadm_connect): clear error string before trying to
	print a errno, this way we don't pick up a random failure code
	
2006-11-20  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
	argument.

	* init_c.c: Make krb5_get_init_creds_opt_free take a context
	argument.
	
2006-10-22  Love Hrnquist strand  <lha@@it.su.se>
	
	* ent_setup.c: Try to not leak memory.
	
2006-10-07  Love Hrnquist strand  <lha@@it.su.se>
	
	* Makefile.am: split build files into dist_ and noinst_ SOURCES
	
2006-08-24  Love Hrnquist strand  <lha@@it.su.se>

	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST

	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST

	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
	
2006-06-16  Love Hrnquist strand  <lha@@it.su.se>

	* check-cracklib.pl: Add password reuse checking. From Harald
	Barth.
	
2006-06-14  Love Hrnquist strand  <lha@@it.su.se>
	
	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4

	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4

	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
	
2006-06-06  Love Hrnquist strand  <lha@@it.su.se>

	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION

2006-05-30  Love Hrnquist strand  <lha@@it.su.se>

	* password_quality.c (kadm5_check_password_quality): set error
	message in context.
	
2006-05-13  Love Hrnquist strand  <lha@@it.su.se>

	* iprop-log.c: Avoid shadowing.

	* rename_s.c: Avoid shadowing.

2006-05-08  Love Hrnquist strand  <lha@@it.su.se>

	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
	that way.
	
2006-05-05  Love Hrnquist strand  <lha@@it.su.se>

	* Rename u_intXX_t to uintXX_t

2006-04-27  Love Hrnquist strand  <lha@@it.su.se>

	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for

	* send_recv.c: set and clear error string

	* rename_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* randkey_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* modify_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* log.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* get_s.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* delete_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* chpass_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.
	
2006-04-25  Love Hrnquist strand  <lha@@it.su.se>

	* create_s.c (create_principal*): If client doesn't send kvno,
	make sure to set it to 1.
d7 1
a7 90
2006-04-10  Love Hrnquist strand  <lha@@it.su.se>

	* log.c: (kadm5_log_rename): handle errors better
	Fixes Coverity, NetBSD CID#628

	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
	CID#626
	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627

	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
	case no client name was passed in. Coverity, NetBSD CID#919
	
	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
	case of error. Coverity NetBSD CID#1908
	
2006-02-02  Love Hrnquist strand  <lha@@it.su.se>
	
	* kadm5_err.et: (PASS_REUSE): Spelling, 
	from Vclav H?la <ax@@natur.cuni.cz>
	
2006-01-25  Love Hrnquist strand  <lha@@it.su.se>

	* send_recv.c: Clear error-string when introducing new errors.

	* *_c.c: Clear error-string when introducing new errors.
	
2006-01-15  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
	dependency
	
2005-12-13  Love Hrnquist strand  <lha@@it.su.se>

	* memset hdb_entry_ex before use
	
2005-12-12  Love Hrnquist strand  <lha@@it.su.se>
	
	* Wrap hdb_entry with hdb_entry_ex, patch originally 
	from Andrew Bartlet

2005-11-30  Love Hrnquist strand  <lha@@it.su.se>

	* context_s.c (set_field): try another way to calculate the path
	to the database/logfile/signal-socket

	* log.c (kadm5_log_init): set error string on failures
	
2005-09-08  Love Hrnquist strand  <lha@@it.su.se>

	* Constify password.

	* admin.h: Add KRB5_TL_PKINIT_ACL.
	
	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
	
	* get_s.c (kadm5_s_get_principal): clear error string
	
2005-08-25  Love Hrnquist strand  <lha@@it.su.se>

	* iprop-log.8: More text about iprop-log.
	
2005-08-24  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.8: SEE ALSO iprop-log.

	* Makefile.am: man_MANS += iprop-log.8

	* iprop-log.8: Basic for documentation of iprop-log.
	
	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
	iprop-log.

	* log.c (kadm5_log_foreach): add a context variable and pass it
	down to `func.

	* iprop-commands.in: Move truncate_log and replay_log into
	iprop-log.

	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Make this work with a clean directory.

	* ipropd_master.c: Make compile.

	* ipropd_master.c: Update to new signature of kadm5_log_previous.

	* log.c (kadm5_log_previous): catch errors instead of asserting
	and set error string.
d9 2
a10 3
	* iprop-commands.in: New program iprop-log that incorperates
	dump_log as a subcommand, truncate_log and replay_log soon to come
	after.
d12 1
a12 2
	* iprop-log.c: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.
d14 2
a15 2
	* Makefile.am: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.
d17 1
a17 365
2005-08-11 Love Hrnquist strand  <lha@@it.su.se>

	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
	
	* set_keys.c: Set and clear password where appropriate.

	* randkey_s.c: Operation modifies tl_data.

	* log.c (kadm5_log_replay_modify): Check return values of
	malloc(), replace all extensions.

	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.

	* get_s.c: Expose KADM5_TL_DATA options to the client.

	* ent_setup.c: Merge in KADM5_TL_DATA in the database.

	* chpass_s.c: Operations modify extensions, mark that with
	TL_DATA.

	* admin.h: Add more TL types (password and extension).

2005-06-17  Love Hrnquist strand  <lha@@it.su.se>

	* constify

	* ipropd_slave.c: avoid shadowing

	* ipropd_master.c: rename local variable slave to s, optind ->
	optidx

	* get_princs_c.c: rename variable exp to expression
	
	* ad.c: rename variable exp to expression

	* log.c: rename shadowing len to num
	
	* get_princs_s.c: rename variable exp to expression

	* context_s.c: const poison

	* common_glue.c: rename variable exp to expression

2005-05-30  Love Hrnquist strand  <lha@@it.su.se>

	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
	
	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE

	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags

2005-05-25  Love Hrnquist strand  <lha@@it.su.se>

	* kadm5_pwcheck.3: please mdoclint

2005-05-25  Dave Love  <fx@@gnu.org>

	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
	improve text

2005-05-24  Dave Love  <fx@@gnu.org>

	* iprop.8: Added some info about defaults, fixed some markup.
	
2005-05-23  Dave Love  <fx@@gnu.org>

	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.

	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.

2005-05-13  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
	failure

2005-05-09  Dave Love  <fx@@gnu.org>

	* password_quality.c (find_func): Fix off-by-one and logic error.
	(external_passwd_quality): Improve messages.

	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
	and kadm5_add_passwd_quality_verifier.

2005-04-30  Love Hrnquist strand  <lha@@it.su.se>

	* default_keys.c: #include <err.h>, only print salt it its longer
	then 0, use krb5_err instead of errx where appropriate
	
2005-04-25  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c: add the documented option --port

	* ipropd_master.c: add the documented option --port
	
	* dump_log.c: use the newly generated units function

2005-04-24  Love Hrnquist strand  <lha@@it.su.se>

	* dump_log.c: use strlcpy
	
	* password_quality.c: don't use sizeof(pointer)
	
2005-04-15  Love Hrnquist strand  <lha@@it.su.se>

	* check-cracklib.pl: external password verifier sample

	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
	is passed in, load defaults

2005-04-14  Love Hrnquist strand  <lha@@it.su.se>

	* password_quality.c: add an end tag to the external password
	quality check protocol

2005-04-13  Love Hrnquist strand  <lha@@it.su.se>

	* password_quality.c: add external passsword quality check builtin
	module
	
	[password_quality]
		policies = external-check
		external-program = /bin/false
	
	To approve password a, make the test program return APPROVED on
	stderr and fail with exit code 0.
	
2004-10-12  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: bump version to 7:7:0 and 6:5:2
	
	* default_keys.c (parse_file): use hdb_generate_key_set
	
	* keys.c,set_keys.c: Move keyset parsing and password based keyset
	generation into hdb.  Requested by Andrew Bartlett <abartlet@@samba.org>
	for hdb-ldb backend.
	
2004-09-23  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_master.c: add help strings to some options
	
2004-09-12  Love Hrnquist strand  <lha@@it.su.se>

	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
	
	* keys.c (_kadm5_free_keys): change prototype, make it use
	krb5_context instead of a kadm5_server_context
	
	* set_keys.c (parse_key_set): do way with static returning
	(function) static variable and returned allocated memory
	(_kadm5_generate_key_set): free enctypes returned by parse_key_set

2004-09-06  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c: Fix memory leak, don't return stack variables From
	Andrew Bartlett
	
	* set_keys.c: make all_etypes const and move outside function to
	avoid returning data on stack
	
2004-08-26  Love Hrnquist strand  <lha@@it.su.se>

	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
	delim of the third element, this is so we can match
	"foo@@REALM<SPC>all<SPC><SPC>*@@REALM", before it just matched
	"foo@@REALM<SPC>all<SPC>*@@REALM", but that is kind of lucky since
	what really happen was that the last <SPC> was stamped out, and
	the it never strtok_r never needed to parse over it.
	
2004-08-25  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
	without salting, some people tries to add the string
	"arcfour-hmac-md5" when they really should have used
	"arcfour-hmac-md5:pw-salt", help them and add glue for that
	
2004-08-18  Johan Danielsson  <joda@@pdc.kth.se>

	* ipropd_slave.c: add --detach

2004-07-06  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: use new tsasl interface remove debug printf add upn to
	computer-accounts
	
2004-06-28  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
	strings
	
2004-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: man_MANS = kadm5_pwcheck.3
	
	* kadm5_pwcheck.3: document new password quality api
	
	* password_quality.c: new password check interface (old still
	supported)
	
	* kadm5-pwcheck.h: new password check interface
	
2004-06-08  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_master.c (main): process all slaves, not just up to the
	last slave sending data
	(bug report from Bjrn Sandell <biorn@@dce.chalmers.se>)
	(*): only send one ARE_YOU_THERE

2004-06-02  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: use krb5_set_password_using_ccache
	
2004-06-01  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: try handle spn's better
	
2004-05-31  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: add expiration time
	
	* ad.c: add modify operations
	
	* ad.c: handle create and delete
	
2004-05-27  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: more code for get, handle attributes
	
	* ad.c: more code for get, handle time stamps and bad password
	counter

	* ad.c: more code for get, only fetches kvno for now
	
2004-05-26  Love Hrnquist strand  <lha@@it.su.se>

	* ad.c: add support for tsasl
	
	* private.h: add kadm5_ad_context
	
	* ipropd_master.c (prop_one): store the opcode in the begining of
	the blob, not the end
	
	* ad.c: try all ldap servers in dns, generate a random password,
	base64(random_block(64)), XXX must make it support other then
	ARCFOUR
	
	* ad.c: framework for windows AD backend
	
2004-03-07  Love Hrnquist strand  <lha@@it.su.se>

	* create_s.c (kadm5_s_create_principal): remove old XXX command
	and related code, _kadm5_set_keys will do all this now
	
2004-02-29  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
	enctype for des keys From: Andrew Bartlett <abartlet@@samba.org>
	
	* create_s.c (kadm5_s_create_principal_with_key): don't call
	_kadm5_set_keys2, create_principal will do that for us. Set kvno
	to 1.

	* chpass_s.c (change): bump kvno
	(kadm5_s_chpass_principal_with_key): bump kvno

	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
	
	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
	to that

2003-12-30  Love Hrnquist strand  <lha@@it.su.se>

	* chpass_s.c (change): fix same-password-again by decrypting keys
	and setting an error code From: Buck Huppmann <buckh@@pobox.com>
	
2003-12-21  Love Hrnquist strand  <lha@@it.su.se>

	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
	other krb5_ functions

2003-12-08  Love Hrnquist strand  <lha@@it.su.se>

	* rename_s.c (kadm5_s_rename_principal): allow principal to change
	realm From Panasas Inc
	
2003-12-07  Love Hrnquist strand  <lha@@it.su.se>

	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
	Inc

2003-11-23  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.h: don't include <krb5-private.h>
	
	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
	* ipropd_master.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
2003-11-19  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c (receive_loop): when seeking over the entries we
	already have, skip over the trailer.  From: Jeffrey Hutzelman
	<jhutz@@cmu.edu>

	* dump_log.c,ipropd_master.c,ipropd_slave.c,
	replay_log.c,truncate_log.c: parse kdc.conf
	From: Jeffrey Hutzelman <jhutz@@cmu.edu>

2003-10-10  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: += test_pw_quality
	
	* test_pw_quality.c: test program for verifying password quality
	function

2003-09-03  Love Hrnquist strand  <lha@@it.su.se>

	* Makefile.am: add and enable check program default_keys
	
	* default_keys.c: test program for _kadm5_generate_key_set
	
	* init_c.c: use
	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free

2003-08-17  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
	
	* ipropd_master.c (main): make sure current_version is initialized
	
2003-08-15  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c: use default_keys for the both random keys and
	password derived keys if its defined
	
2003-07-24  Love Hrnquist strand  <lha@@it.su.se>

	* ipropd_slave.c (receive_everything): switch close and rename
	From: Alf Wachsmann <alfw@@SLAC.Stanford.EDU>
	
2003-07-03  Love Hrnquist strand  <lha@@it.su.se>

	* iprop.h, ipropd_master.c, ipropd_slave.c:
	Add probing from the server that the client is still there, also
	make the client check that the server is probing.

2003-07-02  Love Hrnquist strand  <lha@@it.su.se>

	* truncate_log.c (main): add missing ``if (ret)''
	
2003-06-26  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (make_keys): add AES support
	
	* set_keys.c: fix off by one in the aes case, pointed out by Ken
	Raeburn

2003-04-30  Love Hrnquist strand  <lha@@it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): add
	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
	support

2003-04-16  Love Hrnquist strand  <lha@@it.su.se>
d22 1
a22 1
2003-04-16  Love Hrnquist strand  <lha@@it.su.se>
d27 1
a27 1
2003-04-01  Love Hrnquist strand  <lha@@it.su.se>
d32 1
a32 1
2003-03-19  Love Hrnquist strand  <lha@@it.su.se>
@


