xref: /netbsd-src/crypto/external/bsd/heimdal/dist/ChangeLog.2002 (revision ca1c9b0c534faa5fd4c7d36fd3c199a2a3d7b0e4)

2002-12-19  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/mk_rep.c: free allocated storage; reported by Howard
	Chu

2002-12-08  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype

2002-12-02  Johan Danielsson  <joda@pdc.kth.se>

	* kpasswd/kpasswdd.c (doit): initialise sa_size to size of
	sockaddr_storage

	* kdc/connect.c (init_socket): initialise sa_size to size of
	sockaddr_storage

2002-11-15  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.h: remove trailing comma in enum

2002-11-07  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/524.c: implement crude b2 style (non-)conversion for use
	with afs

	* kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
	where it's used

2002-10-21  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c: more strcspn

	* lib/krb5/store_emem.c (emem_store): limit how much we allocate
	(from Olaf Kirch)

	* lib/krb5/principal.c: don't allow trailing backslashes in
	components

	* kdc/connect.c: check that %-quotes are followed by two hex
	digits

	* lib/krb5/keytab_any.c: properly close the open keytabs (from
	Larry Greenfield)

	* kdc/kaserver.c: make sure life is positive (from John Godehn)

2002-10-17  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/klist.c (display_tokens): allow tokens up to size of
	buffer (from Magnus Holmberg)

2002-09-29  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/changepw.c (process_reply): fix reply length check
	calculation (reported by various people)

2002-09-24  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab_file.c (fkt_remove_entry): check return value
	from start_seq_get (from Wynn Wilkes)

2002-09-19  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
	of ENOENT when "unconfigured"

2002-09-16  Jacques Vidrine  <nectar@kth.se>

	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
	to convert the newline to NUL in fgets results.

2002-09-13  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.1: remove unneeded Ns

	* lib/krb5/krb5_appdefault.3: remove extra "application"

	* fix-export: remove autom4ate.cache

2002-09-10  Johan Danielsson  <joda@pdc.kth.se>

	* include/make_crypto.c: don't use function macros if possible

	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX

	* include/Makefile.am: use make_crypto to create crypto-headers.h

	* include/make_crypto.c: crypto header generation tool

	* configure.in: move crypto test to just after testing for krb4,
	and move roken tests to after both, this speeds up various failure
	cases with krb4

	* lib/krb5/config_file.c: don't use NULL when we mean 0

	* configure.in: we don't set package_libdir anymore, so no point
	in testing for it

	* tools/Makefile.am: subst INCLUDE_des

	* tools/krb5-config.in: add INCLUDE_des to cflags

	* configure.in: use AC_CONFIG_SRCDIR

	* fix-export: remove some unneeded stuff

	* kuser/kinit.c (do_524init): free principals

2002-09-09  Jacques Vidrine  <nectar@kth.se>

	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
	kdc/kaserver.c (krb5_ret_xdr_data),
	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
	counts: Check that they are non-negative, and that they are small
	enough to avoid integer overflow when used in memory allocation
	calculations.  Potential problem areas pointed out by
	Sebastian Krahmer <krahmer@suse.de>.

	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
	creating a new keyfile.

2002-09-09  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: don't try to build pam module

2002-09-05  Johan Danielsson  <joda@pdc.kth.se>

	* appl/kf/kf.c: fix warning string

	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
	know we need it

2002-09-04  Assar Westerlund  <assar@kth.se>

	* kdc/kerberos5.c (encode_reply): correct error logging

2002-09-04  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/sendauth.c: close ccache if we opened it

	* appl/kf/kf.c: handle new protocol

	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
	handle the new protocol, and bail out if an old client tries to
	connect

	* appl/kf/kf_locl.h: we need a protocol version string

	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE

	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE

	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY

	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE

	* lib/asn1/gen.c: add convenience macro that allocates a buffer
	and encoded into that

	* lib/krb5/get_cred.c (init_tgs_req): use
	in_creds->session.keytype literally instead of trying to convert
	to a list of enctypes (it should already be an enctype)

	* lib/krb5/get_cred.c (init_tgs_req): init ret

2002-09-03  Johan Danielsson  <joda@pdc.kth.se>

	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC

	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC

	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
	zero ivec in DES3_CBC_encrypt if passed ivec is NULL

	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
	krb5-protos.h at build-time, which requires perl, which is bad

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
	blindly use the local subkey

	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
	extracts the required blocksize from a crypto context

	* lib/krb5/build_auth.c: just get the length of the encoded
	authenticator instead of trying to grow a buffer

2002-09-03  Assar Westerlund  <assar@kth.se>

	* configure.in: add --disable-mmap option, and tests for
	sys/mman.h and mmap

2002-09-03  Jacques Vidrine  <nectar@kth.se>

	* lib/krb5/changepw.c: verify lengths in response

	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
	truncated integers

2002-09-02  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/mk_req_ext.c: generate a local subkey if
	AP_OPTS_USE_SUBKEY is set

	* lib/krb5/build_auth.c: we don't have enough information about
	whether to generate a local subkey here, so don't try to

	* lib/krb5/auth_context.c: new function
	krb5_auth_con_generatelocalsubkey

	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
	initial ticket

	* lib/krb5/context.c (init_context_from_config_file): simplify
	initialisation of srv_lookup

	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY

	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY

2002-08-30  Assar Westerlund  <assar@kth.se>

	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
	* lib/krb5/Makefile.am (TESTS): add name-45-test
	* lib/krb5/name-45-test.c: add testcases for
	krb5_425_conv_principal

2002-08-29  Assar Westerlund  <assar@kth.se>

	* lib/krb5/parse-name-test.c: also test unparse_short functions
	* lib/asn1/asn1_print.c: use com_err/error_message API
	* lib/krb5/Makefile.am: add parse-name-test
	* lib/krb5/parse-name-test.c: add a program for testing parsing
	and unparsing principal names

2002-08-28  Assar Westerlund  <assar@kth.se>

	* kdc/config.c: add missing ifdef DAEMON

2002-08-28  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: use rk_SUNOS

	* kdc/config.c: add detach options

	* kdc/main.c: maybe detach from console?

	* kdc/kdc.8: markup changes

	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE

	* configure.in: use rk_TELNET, rename some other macros, and don't
	add -ldes to krb4 link command

	* kuser/kinit.1: whitespace fix (from NetBSD)

	* include/bits.c: we may need unistd.h for ssize_t

2002-08-26  Assar Westerlund  <assar@kth.se>

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
	rrs before A ones when using the resolver to verify a mapping,
	also use getaddrinfo when resolver is not available

	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
	krb5_config_get_next

	* lib/asn1/gen.c: include <string.h> in the generated files (for
	memset)

2002-08-22  Assar Westerlund  <assar@kth.se>

	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
	getarg so that it can handle --help and --version (and thus make
	check can pass)

	* lib/asn1/check-der.c: make this build again

2002-08-22  Assar Westerlund <assar@kth.se>

	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
	patch from Love <lha@stacken.kth.se>

2002-08-22  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter

	* kdc/kdc.8: add blurb about adding and removing addresses; update
	kdc.conf section to match reality

	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
	don't define it

2002-08-21  Assar Westerlund  <assar@kth.se>

	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
	Love <lha@stacken.kth.se>

2002-08-21  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
	since it might not exist, and we don't actually care about the key

2002-08-20  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.conf.5: correct documentation for
	verify_ap_req_nofail

	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
	Mattias Amnefelt)

	* kuser/klist.c (display_tokens): increase token buffer size, and
	add more checks of the kernel data (from Love)

2002-08-19  Johan Danielsson  <joda@pdc.kth.se>

	* fix-export: use make to parse Makefile.am instead of perl

	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
	groks AC_INIT with package name etc.

	* kpasswd/kpasswdd.c: include <kadm5/private.h>

	* lib/asn1/asn1_print.c: include com_right.h

	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t

	* include/bits.c: define krb5_socklen_t type; this should really
	go someplace else, but this was easy

	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
	fails, just warn about it

	* kdc/log.c (kdc_openlog): no need for a config_file parameter

	* kdc/config.c: just treat kdc.conf like any other config file

	* lib/krb5/context.c (krb5_get_default_config_files): ignore
	duplicate files

2002-08-16  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
	them

	* lib/krb5/constants.c: turn strings into pointers, so we can
	assign to them

	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
	SCAN_INTERFACES is not set

	* lib/krb5/context.c: fix various borked stuff in previous commits

2002-08-16  Jacques Vidrine <n@nectar.com>

	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
	the `admin_server' entry for kpasswd, override the `proto' result
	to be UDP.

2002-08-15  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/auth_context.c: check return value of
	krb5_sockaddr2address

	* lib/krb5/addr_families.c: check return value of
	krb5_sockaddr2address

	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME

2002-08-14  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file

	* lib/krb5/context.c: allow changing config files with the
	function krb5_set_config_files, there are also related functions
	krb5_get_default_config_files and krb5_free_config_files; these
	should work similar to their MIT counterparts

	* lib/krb5/config_file.c: allow the use of more than one config
	file by using the new function krb5_config_parse_file_multi

2002-08-12  Johan Danielsson  <joda@pdc.kth.se>

	* use sysconfdir instead of /etc

	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
	to appease automake; force sysconfdir and localstatedir to /etc
	and /var/heimdal for now

	* kdc/connect.c (addr_to_string): check return value of
	sockaddr2address

2002-08-09  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
	don't try comparing to one; this should make old clients work with
	new servers

	* lib/asn1/gen_decode.c: remove unused variable

2002-07-31  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
	Brashear)

	* lib/krb5/principal.c: actually lower case the lower case
	instance name (spotted by Derrick Brashear)

2002-07-24  Johan Danielsson  <joda@pdc.kth.se>

	* fix-export: if DATEDVERSION is set, change the version to
	current date

	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
	LTLIBOBJS

2002-07-04  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/connect.c: add some cache-control-foo to the http responses
	(from Gombas Gabor)

	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
	if ret_len == NULL

2002-06-28  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/klist.c (display_tokens): don't bail out before we get
	EDOM (signaling the end of the tokens), the kernel can also return
	ENOTCONN, meaning that the index does not exist anymore (for
	example if the token has expired)

2002-06-06  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/changepw.c: make sure we return an error if there are
	no changepw hosts found; from Wynn Wilkes

2002-05-29  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
	same type is found; spotted by Wynn Wilkes

2002-05-28  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab_file.c: check size of entry before trying to
	read 32-bit kvno; also fix typo in previous

2002-05-24  Johan Danielsson  <joda@pdc.kth.se>

	* include/Makefile.am: only add to INCLUDES

	* lib/45/mk_req.c: fix for storage change

	* lib/hdb/print.c: fix for storage change

2002-05-15  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/kerberos5.c: don't free encrypted padata until we're really
	done with it

2002-05-07  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
	enctype

	* kuser/kinit.1: document -a

	* kuser/kinit.c: add command line switch for extra addresses

2002-04-30  Johan Danielsson  <joda@blubb.pdc.kth.se>

	* configure.in: remove some duplicate tests

	* configure.in: use AC_HELP_STRING

2002-04-29  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
	unknown

2002-04-25  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: use rk_DESTDIRS

2002-04-22  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
	the principal

2002-04-19  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/verify_init.c: fix typo in error string

2002-04-18  Johan Danielsson  <joda@pdc.kth.se>

	* acconfig.h: remove some stuff that is defined elsewhere

	* lib/krb5/krb5_locl.h: include <sys/file.h>

	* lib/krb5/acl.c: rename acl_string parameter

	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
	names in comments

	* kuser/klist.c: better align some headers

	* kdc/kerberos4.c: storage tweaks

	* kdc/kaserver.c: storage tweaks

	* kdc/524.c: storage tweaks

	* lib/krb5/keytab_krb4.c: storage tweaks

	* lib/krb5/keytab_keyfile.c: storage tweaks

	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
	sized keytab files

	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END

	* lib/krb5/fcache.c: storage tweaks

	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable

	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable

	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable

	* lib/krb5/store.c: make the krb5_storage opaque, and add function
	wrappers for store/fetch/seek, and also make the eof-code
	configurable

	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable

	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
	wrappers for store/fetch/seek, and also make the eof-code
	configurable

	* include/bits.c: include <sys/socket.h> to get socklen_t

	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
	requested KDC-REQ etypes

	* kdc/hpropd.c: constify

	* kdc/hprop.c: constify

	* kdc/string2key.c: constify

	* kdc/kdc_locl.h: make port_str const

	* kdc/config.c: constify

	* lib/krb5/config_file.c: constify

	* kdc/kstash.c: constify

	* lib/krb5/verify_user.c: remove unnecessary cast

	* lib/krb5/recvauth.c: constify

	* lib/krb5/principal.c (krb5_parse_name): const qualify

	* lib/krb5/mcache.c (mcc_get_name): constify return type

	* lib/krb5/context.c (krb5_free_context): don't try to free the
	ccache prefix

	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
	prefix

	* lib/krb5/krb5.h: constify some struct members

	* lib/krb5/log.c: constify

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
	qualify

	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify

	* lib/krb5/crypto.c: constify some

	* lib/krb5/config_file.c: constify

	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
	constify local variable

	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify

2002-04-17  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/verify_krb5_conf.c: add some log checking

	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing

2002-04-16  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
	matches the expected length

2002-03-27  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/send_to_kdc.c: rename send parameter to send_data

	* lib/krb5/mk_error.c: rename ctime parameter to client_time

2002-03-22  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
	Reinoud Zandijk)

2002-03-18  Johan Danielsson  <joda@pdc.kth.se>

	* lib/asn1/k5.asn1: add the GSS-API checksum type here

2002-03-11  Assar Westerlund  <assar@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
	18:3:1
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0

2002-03-10  Assar Westerlund  <assar@sics.se>

	* lib/krb5/rd_cred.c: handle addresses with port numbers

	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
	store the kvno % 256 as the byte and the complete 32 bit kvno after
	the end of the current keytab entry

	* lib/krb5/init_creds_pw.c:
	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
	handle ports giving for the remote address

	* lib/krb5/get_cred.c:
	get a ticket with no addresses if no-addresses is set

	* lib/krb5/crypto.c:
	rename functions DES_* to krb5_* to avoid colliding with modern
	openssl

	* lib/krb5/addr_families.c:
	make all functions taking 'struct sockaddr' actually take a socklen_t
	instead of int and that acts as an in-out parameter (indicating the
	maximum length of the sockaddr to be written)

	* kdc/kerberos4.c:
	make the kvno's in the krb4 universe by the real one % 256, since they
	cannot only be 8 bit, and the v5 ones are actually 32 bits

2002-02-15  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
	before we need to write to it
	(from Åke Sandgren)

2002-02-14  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
	directly

	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
	Kouril)

2002-02-12  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
	context

2002-02-11  Johan Danielsson  <joda@pdc.kth.se>

	* admin/ktutil.c: no need to use the "modify" keytab anymore

	* lib/krb5/keytab_any.c: implement add and remove

	* lib/krb5/keytab_krb4.c: implement add and remove

	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
	(this should perhaps be selectable with a flag)

2002-02-04  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/config.c (get_dbinfo): if there are database specifications
	in the config file, don't automatically try to use the default
	values (from Gombas Gabor)

	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
	(from Gombas Gabor)

2002-01-30  Johan Danielsson  <joda@pdc.kth.se>

	* admin/list.c: get the default keytab from krb5.conf, and list
	all parts of an ANY type keytab

	* lib/krb5/context.c: default default_keytab_modify to NULL

	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
	name is specified take it from the first component of the default
	keytab name

2002-01-29  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/keytab.c: compare keytab types case insensitively

2002-01-07  Assar Westerlund  <assar@sics.se>

	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
	not really a krb5_key_usage).  From Ben Harris <bjh21@netbsd.org>
	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@netbsd.org>
	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@netbsd.org>
	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
	<bjh21@netbsd.org>