Wed May 14 20:24:04 1997  Marc Horowitz  <marc@cygnus.com>

	* preauth2.c (krb5_do_preauth): create a distinction between
 	informational preauth (like PW_SALT) and real preauth (like
 	ENC_TIMESTAMP).  do all the informational preauth first, then do
 	the first recognized real preauth.
	* preauth2.c (*sam*): implement SAM preauth consistent with the
 	old cygnus/mit code. it's not quite consistent with the spec.

	* get_in_tkt.c (krb5_get_init_creds): try decrypt_as_reply twice:
 	once with a precomputed as_key, if any, and again with the as_key
 	computed by the gak_fct.

Tue May 13 18:26:15 1997  Marc Horowitz  <marc@cygnus.com>

	* gic_pwd.c (krb5_get_as_key_password): free the keyblock contents
 	only.

Mon May 12 15:31:05 1997  Marc Horowitz  <marc@cygnus.com>

	* gic_pwd.c (krb5_get_init_creds_password): don't try the master
 	if the password request got an interrupt.

Tue May  6 14:45:54 1997  Ken Raeburn  <raeburn@cygnus.com>

	* init_ctx.c (krb5_context_get_profile): Return error/success
	indication.

Wed Apr  2 12:30:21 1997  Mark W. Eichin  <eichin@kitten.gen.ma.us>

	* configure.in: need V5_USE_SHARED_LIB to make t_kerb, t_ser build
	correctly.

Mon Mar 24 11:45:40 1997  Dan Winship  <danw@mit.edu>

	* Makefile.in (SRCS): removed duplicate gic_opt.c

Wed Mar  5 17:59:04 1997  Marc Horowitz  <marc@cygnus.com>

	* gic_keytab.c (krb5_get_as_key_keytab): need to do a little extra
 	copying.

	* Makefile.in (SRCS): added vic_opt.[co]

	* vic_opt.[co]: added.

	* verify_increds.c (krb5_cc_copy_creds_except): copy_except, not
 	copy_only.  Put an extra ! in the wrong place.
  	(krb5_verify_init_creds): Exclude the creds->server key from the
 	returned ccache, not the server key.
	(krb5_verify_init_creds): If the creds are for the server
 	principal, then don't do a tgs_req, just use the creds directly.

Tue Mar  4 22:04:43 1997  Marc Horowitz  <marc@cygnus.com>

	* preauth2.c (krb5_do_preauth): fix a memory leak/error if the
 	password prompt was interrupted.

	* gic_pwd.c (krb5_get_init_creds_password): Don't display the
 	password expiration time if the password has already expired
 	(since this is just too weird), or if the service principal is the
 	kadmin/changepw service.

Fri Feb 28 14:46:40 1997  Jeremy Allison <jra@cygnus.com>

        * verify_increds.c: Added correct calling conventions for 
	krb5_verify_init_creds

Thu Feb 27 19:07:31 1997  Marc Horowitz  <marc@cygnus.com>

	* chpw.c (krb5_mk_chpw_req, krb5_rd_chpw_rep): the protocol has
 	been changed to include a packet size at the head of the request
 	and reply.

Thu Feb 27 14:38:19 1997  Jeremy Allison <jra@cygnus.com>

	* get_in_tkt.c (krb5_get_init_creds): Fixed bug where
	salt.data was being krb5_xfree'd in cleanup when not
	initialized.
	* gic_pwd.c: Added #include "com_err.h". com_err
	being used here.

Wed Feb 26 17:46:49 1997  Marc Horowitz  <marc@cygnus.com>

	* Makefile.in (SRCS, OBJS): added verify_increds.[co]

	* gic_pwd.c (krb5_get_init_creds_password): use correct grammar
 	when the number of hours remaining in the pw life is 1

	* verify_increds.c (krb5_verify_init_creds): added new
 	file/function to verify a tgt against a keytab.

Wed Feb 26 14:39:07 1997  Mark Eichin  <eichin@cygnus.com>

	* get_in_tkt.c (krb5_get_init_creds): free the *contents* of the
	keyblock, not the automatic struct.

Tue Feb 25 21:17:12 1997  Dan Winship  <danw@mit.edu>

	* get_in_tkt.c (make_preauth_list): fix to marc's fix

Tue Feb 25 16:16:58 1997  Marc Horowitz  <marc@cygnus.com>

	* get_in_tkt.c (make_preauth_list): fix uninitialized variables

Mon Feb 24 10:06:19 1997  Michael Graff  <explorer@cygnus.com>

	* Makefile.in: Make this build with shared libraries again.

Fri Feb 21 17:05:00 1997  Marc Horowitz  <marc@cygnus.com>

	* t_ser.c (ser_kcontext_test): the serialization tests made
 	assumptions which the oracle db breaks, so I commented them out.
  	The serializartion stuff should probably be entirely ripped out,
 	anyway.

Thu Feb 20 17:53:41 1997  Marc Horowitz  <marc@cygnus.com>

	* send_tgs.c (krb5_send_tgs): sendto_kdc needs an extra arg.

	* gic_pwd.c (krb5_get_init_creds_password): change code which
 	displays the expiration warning.  Days is too low-res, since it
	will get screwed up by the timezone.  Use hours for < 48 hours
	remaining.

	* get_in_tkt.c (verify_as_reply, krb5_get_init_creds): fix
 	POSTDATED/ALLOW_POSTDATED handling.
	(krb5_get_init_creds): zero out creds before passing it to
 	stash_as_reply

	* get_creds.c (krb5_get_credentials_val_renew_core): removed
 	useless call to get_credentials_core
 	(krb5_get_credentials_validate, krb5_get_credentials_renew):
 	added.  these calls are similar to the existing ones, but don't
	modify the ccache which is passed in.

	* Makefile.in (SRCS, OBJS): added gic_keytab.[co]

Wed Feb 19 19:02:16 1997  Marc Horowitz  <marc@cygnus.com>

	* preauth2.c (krb5_do_preauth): use a get_as_key function as
 	input. pass it to each preauth function.
	(pa_enc_timestamp): Use the get_as_key_function

	* gic_pwd.c (krb5_get_as_key_password): moved from get_init_creds
 	(krb5_get_init_creds_password): use krb5_get_as_key_password as
 	the gak_fct arg to get_init_creds.

	* get_in_tkt.c (krb5_get_init_creds): make the function which
 	produces the as_key a function in the interface.  Use it, and pass
 	it to the preauth code.  This is to make a common function which
 	handles passwords and keytabs.  Remove all references to the
 	password.  
	(krb5_internal_get_as_key): moved to gic_pwd.c

	* preauth2.c (pa_salt): merge pa_pw_salt and pa_afs_salt into one
 	function

	* get_in_tkt.c (send_as_request): allow the caller to require the
 	master kdc, and to find out if the master was used if the master
 	was not required.
	
	* get_in_tkt.c (stash_as_reply): the creds structure needs to have
 	extra stuff filled in if it was not an input.
	(krb5_get_init_creds): the password is now a krb5_data input, so
	that if it is filled in, the caller can stash it so that on
	additional calls, the user does not have to input it again.

	* chpw.c (krb5_chpw_result_code_string): added function to convert
 	passwd protocol result codes into human-readable strings

	* Makefile.in (SRCS, OBJS): added gic_pwd.[co]

Fri Feb 14 04:15:38 1997  Ken Raeburn  <raeburn@cygnus.com>

	* recvauth.c (krb5_recvauth): If the application didn't provide a
	server principal, and an error needs to be reported, provide a
	fake server principal, so krb5_mk_error will work.

Thu Feb 13 02:06:54 1997  Marc Horowitz  <marc@cygnus.com>

	* Makefile.in (SRCS, OBJS): added gic_opt.[co], preauth2.[co]

	* get_in_tkt.c (krb5_get_init_creds_password): added new as
 	exchange api.  also added a number of helper functions, and
 	changed a few internal functions slightly so that the old
 	interface could be kept with maximum code sharing.

Wed Feb 12 03:17:02 1997  Chris Provenzano  <proven@cygnus.com>

	* Makefile.in: Build version.c with version-info for UNIX systems
	* version-info: Added to gererate version.c

Wed Feb  5 20:34:50 1997  Marc Horowitz  <marc@cygnus.com>

	* chpw.c (krb5_rd_chpw_rep): add code to deal with parsing a
 	KRB-PRIV or a KRB-ERROR, depending on the ap-req.

Mon Feb  3 17:51:26 1997  Marc Horowitz  <marc@cygnus.com>

	* chpw.c (krb5_mk_chpw_req, krb5_rd_chpw_rep): client-side
 	functions to construct a password change request and parse the
 	reply

Thu Jan 30 18:57:16 1997  Marc Horowitz  <marc@cygnus.com>

	* fwd_tgt.c (krb5_fwd_tgt_creds): forward
 	krbtgt/CLIENT-REALM@CLIENT-REALM tickets, not something else.

Wed Jan  8 11:47:35 1997  Jeremy Allison <jra@cygnus.com>

	* rd_safe.c (krb5_rd_safe): Changed output
	to use a local krb5_data struct which is only copied
	to output if function succeeds.
	* recvauth.c: Ensure that auth_context is only changed
	if function is successful.

Fri Jan  3 01:04:40 1997  Chris Provenzano  <proven@cygnus.com>

	* Makefile.in: Build version.o from the locally generated version.c
	* .cvsignore: Ignore version.c

Mon Dec 16 13:46:59 1996  Jeremy Allison <jra@cygnus.com>

	* init_ctx.c: Fixed defines for __CYGWIN32__.

Fri Dec 13 13:41:30 1996  Dan Winship  <danw@mit.edu>

	* str_conv.c (unix_to_mac_localtime): Convert from unix to mac
	time before calling strftime. Also, Mac strftime doesn't handle
	%T, so use the equivalent %H:%M:%S instead.

Sun Nov  3 23:56:03 1996  Mark Eichin  <eichin@cygnus.com>

	* preauth.c (handle_sam_labels): add default tags for all new
	preauth types, including optional securid.  Only add label and
	challenge if challenge is provided, which it isn't for the new
	securid mode.

Thu Oct 10 16:20:47 1996  Michael Graff  <explorer@cygnus.com>

	* copy_key.c: export to DLL

Fri Aug  9 03:09:54 1996  Michael Graff  <explorer@cygnus.com>

	* auth_con.c:
	* fwd_tgt.c: export many functions to windows DLL

Mon Aug 26 14:37:09 1996  Ken Raeburn  <raeburn@cygnus.com>

	* Makefile.in (check-unix): Warn test could hang if file locking
	is broken.

Thu Jul 11 02:33:49 1996  Mark W. Eichin  <eichin@kitten.gen.ma.us>

	* recvauth.c (krb5_recvauth): after closing the rcache, take it
	out of the auth_context, so we don't free it twice.

Mon Jul  8 13:06:23 1996  Michael Graff  <explorer@zhaneel.flame.org>

	* bld_pr_ext.c:
	* gc_via_tkt.c:
	* get_creds.c:
	* in_tkt_pwd.c:
	* mk_cred.c:
	* mk_req_ext.c:
	* parse.c:
	* rd_rep.c:
	* unparse.c: Change INTERFACE to KRB5_DLLIMP and KRB5_CALLCONV

Fri Jun 28 13:48:26 1996  Michael Graff  <explorer@zhaneel.flame.org>

	* init_ctx.c (krb5_init_context): add FAR and KRB5_DLLIMP for
	DLL export

Thu Jun 27 19:24:54 1996  Michael Graff  <explorer@zhaneel.flame.org>

	* str_conv.c (krb5_timestamp_to_sfstring): export to DLL

Mon May  6 20:39:46 1996  Chris Provanzano  <proven@cygnus.com>

	* init_ctx.c (krb5_context_get_profile): Added. 

