Mon May 19 17:58:53 1997  Marc Horowitz  <marc@cygnus.com>

	* kdc_preauth.c: rework a lot of the preauth code.  In particular,
 	make sure that hwauth and preauth are never mixed, and that all
 	the necessary preauth types are part of the preauth hint.
	
	* do_as_req.c (process_as_req): rearrange the logic so that
 	client_key is known earlier, so it can be passed to
 	get_preauth_hint_list.  This is needed for PW_SALT preauth to work
 	properly.

	* kdc_util.h (get_preauth_hint_list): add client_key arg

Wed Apr 30 15:48:46 1997  Mark Eichin  <eichin@cygnus.com>

	* network.c (process_packet): stratus recvfrom is broken, but
	there's an easy workaround -- perhaps even a safe one, but it's in
	ifdef __stratus__ for now since we're not sure.

Mon Mar 24 17:21:17 1997  Jeremy Allison <jra@cygnus.com>

	* win32service.h: Removed registry paths now in osconf.h
	* kdc_service.h: Changed CloseHandles for RegCloseKeys.

Tue Mar 11 13:11:38 1997  Jeremy Allison <jra@cygnus.com>

	* kdc_service.c: Fixed arg processing. Added /help option.
	* main.c: Split usage() into two so it can be called from
	NT service code.

Wed Mar  5 14:17:21 1997  Jeremy Allison <jra@cygnus.com>

	* Makefile.in: Added -DKERBNET for WinNT service code.
	* main.c: Removed signal handlers for CYGWIN32.
	* win32service.h: Added prototypes for auto install code.
	* kdc-service.c: Added auto install code.

Wed Feb 19 18:18:01 1997  Marc Horowitz  <marc@cygnus.com>

	* kdc_preauth.c (verify_enc_timestamp, check_padata): if
 	preauthentication can return a more useful error than
 	PREAUTH_FAILED, do so.  This is especially important for enc_ts
 	preauth so that the client knows that an incorrect password is the
 	likely problem and can indicate this to the user.

	* do_as_req.c (process_as_req): return the password expiration,
 	not the principal expiration, in the as_rep

Thu Feb 13 17:55:21 PST 1997  Jeremy Allison <jra@cygnus.com>

	* kdc_service.c: Fixed bug in add_extra_args that causes
	kdc to crash if no args specified in registry.

Wed Feb 12 18:49:26 1997  Stephen Peters  <speters@cygnus.com>

	* dispatch.c, do_as_req.c, do_tgs_req.c, kdc_util.c,
		  kerberos_v4.c, main.c: Use new logging interface.

Wed Feb 12 03:17:02 1997  Chris Provenzano  <proven@cygnus.com>
 
        * Makefile.in: Link with -lmisc for getopt_long().
        * main.c: Use getopt_long() and added --version option.
        Added option --nofork to mirror option -n
        Added option --port to mirror option -p

Mon Feb 10 16:38:14 1997  Jeremy Allison <jra@cygnus.com>

	* win32service.h: Added prototypes for log_message
	and str_oserr.
	* kdc_service.c: Fixed error reporting for registry
	code. Caused all error erporting in NT specific code
	to go through log_message.

Fri Jan 31 12:07:28 1997  Jeremy Allison <jra@cygnus.com>

	* win32service.h: Added for NT service code.
	* kdc_service.c: Added for NT service code.
	* main.c: Renamed main to original_main when
	compiling as a service.
	* network.c: Placed wrappers around calls to
	perform kdc services so NT cannot shutdown kdc
	at these times.
	* configure.in: Added check for advapi32 library.
	* Makefile.in: Added service files (compile to empty
	under UNIX). Added rule to copy service_main.c from
	windows/service to local directory.

Mon Dec 16 11:26:58 1996  Jeremy Allison <jra@cygnus.com>

	* network.c (setup_network): Added code to set sin_family to AF_INET.

Tue Dec  3 21:14:45 1996  Mark Eichin  <eichin@cygnus.com>

	* kerberos_v4.c (check_db_age): use krb5_gettimeofday.

Sun Nov  3 23:44:03 1996  Mark Eichin  <eichin@cygnus.com>

	* kdc_preauth.c (get_securid_edata): new function. Clone of
 	get_x9_edata, but handles securid tags directly.
	(get_sam_edata): now calls get_securid_edata and get_x9_edata, and
 	can call other edata hooks as available.
	(get_x9_edata): new function. used to be get_sam_edata but only
 	handles x9.9 token devices. Correctly handle not finding an x9
	record.
	(kadmin_parse_securid_tag): new function. Clone of
 	kadmin_parse_x9_info, for the tl_data that identifies which
	securid device "username" is hooked to this principal.
	(get_ace_passcode): test stub for the code that the securid
	library should provide.
	* configure.in: handle --with-predictive-securid to enable this
	new code.
	* kdc5_err.et: add KDC5_PREAUTH_TL_NOTFOUND,
	KDC5_PREAUTH_DB_NOTFOUND, KDC5_PREAUTH_DB_DISABLED.
	
Thu Sep 26 14:43:17 1996  Chris Provenzano  <proven@cygnus.com>

        * Makefile.in: Changes to allow to different packaging
        Currently there is pkg-all, pkg-server, and pkg-client

Mon Sep 16 04:43:23 1996  Mark W. Eichin  <eichin@kitten.gen.ma.us>

	* kdc_preauth.c (kadmin_parse_x9_info): new function.  Decodes
	tl_data record for X9.9 token device key and sam_type
	information.
	(get_sam_edata): extensive changes to support X9.9 devices from a
	common piece of code.  Strings are still initialized directly
	instead of from an array.  Keys now come from tl_data instead of
	the seperate instance-based record hack.  The Activcard decimal
	display "folding" is slightly different from the Digital Pathways
	one.  Added default case for unknown type and return a reasonable
	error.

Tue Sep  3 22:53:56 1996  Mark Eichin  <eichin@cygnus.com>

	* kdc_preauth.c (get_preauth_hint_list): detect ap->get_edata
	return status and don't pass back hint if it failed.
	(get_etype_info): malloc one more word in entry for end marker.
	(get_sam_edata): check for successful return of no values.
	Return KRB5_PREAUTH_FAILED if there were no matches.

Sat Aug 10 01:18:19 1996  Ken Raeburn  <raeburn@cygnus.com>

	* kdc_preauth.c (get_sam_edata): Use krb5_boolean when we mean
	krb5_boolean.

Thu Jul 18 17:58:52 1996  Ken Raeburn  <raeburn@cygnus.com>

	* kerberos_v4.c (kerberos_v4): Watch for timeskew between current
	KDC and the one issuing the ticket; if computed "time since issue"
	is negative, use zero instead for unsigned arithmetic.

Tue Jul  9 01:10:01 1996  Ken Raeburn  <raeburn@cygnus.com>

	* main.c (kdc_initialize_rcache): Removed.
	(initialize_realms): Remove 'R' option.  Always use a null
	rcache.
	(usage): Remove 'R' option.
	* kdc_util.c (kdc_process_tgs_req): Don't try to catch rd_req
	errors related to the replay cache.  There can be none with a null
	rcache.

	* dispatch.c (dispatch): When NOCACHE is defined, don't use the
	lookaside cache.
	(NOCACHE): Define it.

Thu May  2 22:52:56 1996  Mark Eichin  <eichin@cygnus.com>

	* kdc_util.c (kdc_process_tgs_req): call
	krb5_rd_req_decoded_anyflag instead of krb5_rd_req_decoded, so
	that invalid tickets can be used to validate themselves. Add
	explicit check that if the ticket is TKT_FLG_INVALID, then
	KDC_OPT_VALIDATE was requested.

