ChangeLog revision 178826 
12008-01-21  Love H�rnquist �strand  <lha@it.su.se>
2
3	* default_keys.c: Use hdb_free_keys().
4
52008-01-11  Love H�rnquist �strand  <lha@it.su.se>
6
7	* Makefile.am: add check-cracklib.pl, flush.c,
8	sample_passwd_check.c
9
102007-12-07  Love H�rnquist �strand  <lha@it.su.se>
11
12	* use hdb_db_dir() and hdb_default_db()
13
142007-10-18  Love  <lha@stacken.kth.se>
15
16	* init_c.c: We are getting default_client, not client. this way
17	the user can override the result.
18	
192007-09-29  Love H�rnquist �strand  <lha@it.su.se>
20
21	* iprop.8: fix spelling, From Antoine Jacoutt.
22
232007-08-16  Love H�rnquist �strand  <lha@it.su.se>
24
25	* version-script.map: export _kadm5_unmarshal_params,
26	_kadm5_acl_check_permission
27
28	* version-script.map: export kadm5_log_ symbols.
29
30	* log.c: Unexport the specific log replay operations.
31	
322007-08-10  Love H�rnquist �strand  <lha@it.su.se>
33
34	* Makefile.am: build sample_passwd_check.la as part of noinst.
35
36	* sample_passwd_check.c: Add missing prototype for check_length().
37
382007-08-07  Love H�rnquist �strand  <lha@it.su.se>
39
40	* log.c: Sprinkle krb5_set_error_string().
41
42	* ipropd_slave.c: Provide better error why kadm5_log_replay
43	failed.
44
452007-08-06  Love H�rnquist �strand  <lha@it.su.se>
46
47	* ipropd_master.c: - don't push whole database to the new client
48	every time.  - make slaves get the whole new database if they have
49	a newer log the the master (and thus have them go back in time).
50
512007-08-03  Love H�rnquist �strand  <lha@it.su.se>
52
53	* ipropd_slave.c: make more sane.
54
55	* ipropd_slave.c: more paranoid check that the log entires are
56	self consistant
57
58	* log.c (kadm5_log_foreach): check that the postamble contains the
59	right data.
60
61	* ipropd_master.c: Sprinkle more info about what versions the
62	master thinks about the client versions.
63
64	* ipropd_master.c: Start the server at the current version, not 0.
65
662007-08-02  Love H�rnquist �strand  <lha@it.su.se>
67
68	* ipropd_master.c: Add more logging, to figure out what is
69	happening in the master.
70
712007-08-01  Love H�rnquist �strand  <lha@it.su.se>
72
73	* Makefile.am: add version-script for libkadm5srv.la
74
75	* version-script.map: version script fro kadm5 server libary.
76
77	* log.c: only free the orignal entries extentions if there was
78	any.  Bug reported by Peter Meinecke.
79
80	* add configuration for signal file and acl file, let user select
81	hostname, catch signals and print why we are quiting, make nop
82	cause one new version, not two
83
842007-07-30  Love H�rnquist �strand  <lha@it.su.se>
85
86	* ipropd_master.c (send_diffs): make current slave's version
87	uptodate when diff have been sent.
88	
892007-07-27  Love H�rnquist �strand  <lha@it.su.se>
90
91	* ipropd_slave.c: More comments and some more error checking.
92	
932007-07-26  Love H�rnquist �strand  <lha@it.su.se>
94
95	* init_c.c (get_cache_principal): make sure id is reset if we
96	fail. From Benjamin Bennet.
97
982007-07-10  Love H�rnquist �strand  <lha@it.su.se>
99
100	* context_s.c (find_db_spec): match realm-less as the default
101	realm.
102
103	* Makefile.am: New library version.
104
1052007-07-05  Love H�rnquist �strand  <lha@it.su.se>
106
107	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
108	ctx->config.realm can be NULL, check for that, from Bjorn S.
109	
1102007-07-04  Love H�rnquist �strand  <lha@it.su.se>
111
112	* init_c.c: Try harder to use the right principal.
113
1142007-06-20  Love H�rnquist �strand  <lha@it.su.se>
115
116	* ipropd_slave.c: Catch return value from krb5_program_setup. From
117	Steven Luo.
118	
1192007-05-08  Love H�rnquist �strand  <lha@it.su.se>
120
121	* delete_s.c: Write log entry after store is successful, rename
122	out goto statments.
123
124	* randkey_s.c: Write log entry after store is successful.
125
126	* modify_s.c: Write log entry after store is successful.
127
128	* rename_s.c: indent.
129
130	* chpass_s.c: Write log entry after store is successful.
131
132	* create_s.c: Write log entry after store is successful.
133	
1342007-05-07  Love H�rnquist �strand  <lha@it.su.se>
135	
136	* iprop-commands.in: Add default values to make this working
137	again.
138
139	* iprop-log.c (iprop_replay): create the database with more
140	liberal mode.
141
142	* log.c: make it slightly more working.
143
144	* iprop-log.8: Document last-version.
145
146	* iprop-log.c: (last_version): print last version of the log.
147	
148	* iprop-commands.in: new command last-version: print last version
149	of the log.
150
151	* log.c (kadm5_log_previous): document assumptions and make less
152	broken.  Bug report from Ronny Blomme.
153	
1542007-02-17  Love H�rnquist �strand  <lha@it.su.se>
155
156	* admin.h: add support to get aliases
157
158	* get_s.c: add support to get aliases
159
1602007-02-11  David Love  <fx@gnu.org>
161
162	* iprop-log.8: Small fixes, from David Love.
163	
1642006-12-15  Love H�rnquist �strand  <lha@it.su.se>
165
166	* init_c.c: if the user have a kadmin/admin initial ticket, don't
167	ask for password, just use the credential instead.
168	
1692006-12-06  Love H�rnquist �strand  <lha@it.su.se>
170	
171	* ipropd_master.c: Use strcspn to remove \n from string returned
172	by fgets.  From Bj�rn Sandell
173	
1742006-11-30  Love H�rnquist �strand  <lha@it.su.se>
175
176	* init_c.c (kadm_connect): clear error string before trying to
177	print a errno, this way we don't pick up a random failure code
178	
1792006-11-20  Love H�rnquist �strand  <lha@it.su.se>
180
181	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
182	argument.
183
184	* init_c.c: Make krb5_get_init_creds_opt_free take a context
185	argument.
186	
1872006-10-22  Love H�rnquist �strand  <lha@it.su.se>
188	
189	* ent_setup.c: Try to not leak memory.
190	
1912006-10-07  Love H�rnquist �strand  <lha@it.su.se>
192	
193	* Makefile.am: split build files into dist_ and noinst_ SOURCES
194	
1952006-08-24  Love H�rnquist �strand  <lha@it.su.se>
196
197	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST
198
199	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST
200
201	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
202	
2032006-06-16  Love H�rnquist �strand  <lha@it.su.se>
204
205	* check-cracklib.pl: Add password reuse checking. From Harald
206	Barth.
207	
2082006-06-14  Love H�rnquist �strand  <lha@it.su.se>
209	
210	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4
211
212	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4
213
214	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
215	
2162006-06-06  Love H�rnquist �strand  <lha@it.su.se>
217
218	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION
219
2202006-05-30  Love H�rnquist �strand  <lha@it.su.se>
221
222	* password_quality.c (kadm5_check_password_quality): set error
223	message in context.
224	
2252006-05-13  Love H�rnquist �strand  <lha@it.su.se>
226
227	* iprop-log.c: Avoid shadowing.
228
229	* rename_s.c: Avoid shadowing.
230
2312006-05-08  Love H�rnquist �strand  <lha@it.su.se>
232
233	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
234	that way.
235	
2362006-05-05  Love H�rnquist �strand  <lha@it.su.se>
237
238	* Rename u_intXX_t to uintXX_t
239
2402006-04-27  Love H�rnquist �strand  <lha@it.su.se>
241
242	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
243	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for
244
245	* send_recv.c: set and clear error string
246
247	* rename_s.c: Break out the that we request from principal from
248	the entry and pass it in as a separate argument.
249
250	* randkey_s.c: Break out the that we request from principal from
251	the entry and pass it in as a separate argument.
252
253	* modify_s.c: Break out the that we request from principal from
254	the entry and pass it in as a separate argument.
255
256	* log.c: Break out the that we request from principal from the
257	entry and pass it in as a separate argument.
258
259	* get_s.c: Break out the that we request from principal from the
260	entry and pass it in as a separate argument.
261
262	* delete_s.c: Break out the that we request from principal from
263	the entry and pass it in as a separate argument.
264
265	* chpass_s.c: Break out the that we request from principal from
266	the entry and pass it in as a separate argument.
267	
2682006-04-25  Love H�rnquist �strand  <lha@it.su.se>
269
270	* create_s.c (create_principal*): If client doesn't send kvno,
271	make sure to set it to 1.
272	
2732006-04-10  Love H�rnquist �strand  <lha@it.su.se>
274
275	* log.c: (kadm5_log_rename): handle errors better
276	Fixes Coverity, NetBSD CID#628
277
278	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
279	CID#626
280	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627
281
282	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
283	case no client name was passed in. Coverity, NetBSD CID#919
284	
285	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
286	case of error. Coverity NetBSD CID#1908
287	
2882006-02-02  Love H�rnquist �strand  <lha@it.su.se>
289	
290	* kadm5_err.et: (PASS_REUSE): Spelling, 
291	from V�clav H?la <ax@natur.cuni.cz>
292	
2932006-01-25  Love H�rnquist �strand  <lha@it.su.se>
294
295	* send_recv.c: Clear error-string when introducing new errors.
296
297	* *_c.c: Clear error-string when introducing new errors.
298	
2992006-01-15  Love H�rnquist �strand  <lha@it.su.se>
300
301	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
302	dependency
303	
3042005-12-13  Love H�rnquist �strand  <lha@it.su.se>
305
306	* memset hdb_entry_ex before use
307	
3082005-12-12  Love H�rnquist �strand  <lha@it.su.se>
309	
310	* Wrap hdb_entry with hdb_entry_ex, patch originally 
311	from Andrew Bartlet
312
3132005-11-30  Love H�rnquist �strand  <lha@it.su.se>
314
315	* context_s.c (set_field): try another way to calculate the path
316	to the database/logfile/signal-socket
317
318	* log.c (kadm5_log_init): set error string on failures
319	
3202005-09-08  Love H�rnquist �strand  <lha@it.su.se>
321
322	* Constify password.
323
324	* admin.h: Add KRB5_TL_PKINIT_ACL.
325	
326	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
327	
328	* get_s.c (kadm5_s_get_principal): clear error string
329	
3302005-08-25  Love H�rnquist �strand  <lha@it.su.se>
331
332	* iprop-log.8: More text about iprop-log.
333	
3342005-08-24  Love H�rnquist �strand  <lha@it.su.se>
335
336	* iprop.8: SEE ALSO iprop-log.
337
338	* Makefile.am: man_MANS += iprop-log.8
339
340	* iprop-log.8: Basic for documentation of iprop-log.
341	
342	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
343	iprop-log.
344
345	* log.c (kadm5_log_foreach): add a context variable and pass it
346	down to `func�.
347
348	* iprop-commands.in: Move truncate_log and replay_log into
349	iprop-log.
350
351	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
352	
353	* Makefile.am: Move truncate_log and replay_log into iprop-log.
354	
355	* Makefile.am: Make this work with a clean directory.
356
357	* ipropd_master.c: Make compile.
358
359	* ipropd_master.c: Update to new signature of kadm5_log_previous.
360
361	* log.c (kadm5_log_previous): catch errors instead of asserting
362	and set error string.
363
364	* iprop-commands.in: New program iprop-log that incorperates
365	dump_log as a subcommand, truncate_log and replay_log soon to come
366	after.
367	
368	* iprop-log.c: New program iprop-log that incorperates dump_log as
369	a subcommand, truncate_log and replay_log soon to come after.
370
371	* Makefile.am: New program iprop-log that incorperates dump_log as
372	a subcommand, truncate_log and replay_log soon to come after.
373	
3742005-08-11 Love H�rnquist �strand  <lha@it.su.se>
375
376	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
377	
378	* set_keys.c: Set and clear password where appropriate.
379
380	* randkey_s.c: Operation modifies tl_data.
381
382	* log.c (kadm5_log_replay_modify): Check return values of
383	malloc(), replace all extensions.
384
385	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.
386
387	* get_s.c: Expose KADM5_TL_DATA options to the client.
388
389	* ent_setup.c: Merge in KADM5_TL_DATA in the database.
390
391	* chpass_s.c: Operations modify extensions, mark that with
392	TL_DATA.
393
394	* admin.h: Add more TL types (password and extension).
395
3962005-06-17  Love H�rnquist �strand  <lha@it.su.se>
397
398	* constify
399
400	* ipropd_slave.c: avoid shadowing
401
402	* ipropd_master.c: rename local variable slave to s, optind ->
403	optidx
404
405	* get_princs_c.c: rename variable exp to expression
406	
407	* ad.c: rename variable exp to expression
408
409	* log.c: rename shadowing len to num
410	
411	* get_princs_s.c: rename variable exp to expression
412
413	* context_s.c: const poison
414
415	* common_glue.c: rename variable exp to expression
416
4172005-05-30  Love H�rnquist �strand  <lha@it.su.se>
418
419	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
420	
421	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE
422
423	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags
424
4252005-05-25  Love H�rnquist �strand  <lha@it.su.se>
426
427	* kadm5_pwcheck.3: please mdoclint
428
4292005-05-25  Dave Love  <fx@gnu.org>
430
431	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
432	improve text
433
4342005-05-24  Dave Love  <fx@gnu.org>
435
436	* iprop.8: Added some info about defaults, fixed some markup.
437	
4382005-05-23  Dave Love  <fx@gnu.org>
439
440	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.
441
442	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.
443
4442005-05-13  Love H�rnquist �strand  <lha@it.su.se>
445
446	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
447	failure
448
4492005-05-09  Dave Love  <fx@gnu.org>
450
451	* password_quality.c (find_func): Fix off-by-one and logic error.
452	(external_passwd_quality): Improve messages.
453
454	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
455	and kadm5_add_passwd_quality_verifier.
456
4572005-04-30  Love H�rnquist �strand  <lha@it.su.se>
458
459	* default_keys.c: #include <err.h>, only print salt it its longer
460	then 0, use krb5_err instead of errx where appropriate
461	
4622005-04-25  Love H�rnquist �strand  <lha@it.su.se>
463
464	* ipropd_slave.c: add the documented option --port
465
466	* ipropd_master.c: add the documented option --port
467	
468	* dump_log.c: use the newly generated units function
469
4702005-04-24  Love H�rnquist �strand  <lha@it.su.se>
471
472	* dump_log.c: use strlcpy
473	
474	* password_quality.c: don't use sizeof(pointer)
475	
4762005-04-15  Love H�rnquist �strand  <lha@it.su.se>
477
478	* check-cracklib.pl: external password verifier sample
479
480	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
481	is passed in, load defaults
482
4832005-04-14  Love H�rnquist �strand  <lha@it.su.se>
484
485	* password_quality.c: add an end tag to the external password
486	quality check protocol
487
4882005-04-13  Love H�rnquist �strand  <lha@it.su.se>
489
490	* password_quality.c: add external passsword quality check builtin
491	module
492	
493	[password_quality]
494		policies = external-check
495		external-program = /bin/false
496	
497	To approve password a, make the test program return APPROVED on
498	stderr and fail with exit code 0.
499	
5002004-10-12  Love H�rnquist �strand  <lha@it.su.se>
501
502	* Makefile.am: bump version to 7:7:0 and 6:5:2
503	
504	* default_keys.c (parse_file): use hdb_generate_key_set
505	
506	* keys.c,set_keys.c: Move keyset parsing and password based keyset
507	generation into hdb.  Requested by Andrew Bartlett <abartlet@samba.org>
508	for hdb-ldb backend.
509	
5102004-09-23  Johan Danielsson  <joda@pdc.kth.se>
511
512	* ipropd_master.c: add help strings to some options
513	
5142004-09-12  Love H�rnquist �strand  <lha@it.su.se>
515
516	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
517	
518	* keys.c (_kadm5_free_keys): change prototype, make it use
519	krb5_context instead of a kadm5_server_context
520	
521	* set_keys.c (parse_key_set): do way with static returning
522	(function) static variable and returned allocated memory
523	(_kadm5_generate_key_set): free enctypes returned by parse_key_set
524
5252004-09-06  Love H�rnquist �strand  <lha@it.su.se>
526
527	* set_keys.c: Fix memory leak, don't return stack variables From
528	Andrew Bartlett
529	
530	* set_keys.c: make all_etypes const and move outside function to
531	avoid returning data on stack
532	
5332004-08-26  Love H�rnquist �strand  <lha@it.su.se>
534
535	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
536	delim of the third element, this is so we can match
537	"foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
538	"foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
539	what really happen was that the last <SPC> was stamped out, and
540	the it never strtok_r never needed to parse over it.
541	
5422004-08-25  Love H�rnquist �strand  <lha@it.su.se>
543
544	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
545	without salting, some people tries to add the string
546	"arcfour-hmac-md5" when they really should have used
547	"arcfour-hmac-md5:pw-salt", help them and add glue for that
548	
5492004-08-18  Johan Danielsson  <joda@pdc.kth.se>
550
551	* ipropd_slave.c: add --detach
552
5532004-07-06  Love H�rnquist �strand  <lha@it.su.se>
554
555	* ad.c: use new tsasl interface remove debug printf add upn to
556	computer-accounts
557	
5582004-06-28  Love H�rnquist �strand  <lha@it.su.se>
559
560	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
561	strings
562	
5632004-06-21  Love H�rnquist �strand  <lha@it.su.se>
564
565	* Makefile.am: man_MANS = kadm5_pwcheck.3
566	
567	* kadm5_pwcheck.3: document new password quality api
568	
569	* password_quality.c: new password check interface (old still
570	supported)
571	
572	* kadm5-pwcheck.h: new password check interface
573	
5742004-06-08  Love H�rnquist �strand  <lha@it.su.se>
575
576	* ipropd_master.c (main): process all slaves, not just up to the
577	last slave sending data
578	(bug report from Bj�rn Sandell <biorn@dce.chalmers.se>)
579	(*): only send one ARE_YOU_THERE
580
5812004-06-02  Love H�rnquist �strand  <lha@it.su.se>
582
583	* ad.c: use krb5_set_password_using_ccache
584	
5852004-06-01  Love H�rnquist �strand  <lha@it.su.se>
586
587	* ad.c: try handle spn's better
588	
5892004-05-31  Love H�rnquist �strand  <lha@it.su.se>
590
591	* ad.c: add expiration time
592	
593	* ad.c: add modify operations
594	
595	* ad.c: handle create and delete
596	
5972004-05-27  Love H�rnquist �strand  <lha@it.su.se>
598
599	* ad.c: more code for get, handle attributes
600	
601	* ad.c: more code for get, handle time stamps and bad password
602	counter
603
604	* ad.c: more code for get, only fetches kvno for now
605	
6062004-05-26  Love H�rnquist �strand  <lha@it.su.se>
607
608	* ad.c: add support for tsasl
609	
610	* private.h: add kadm5_ad_context
611	
612	* ipropd_master.c (prop_one): store the opcode in the begining of
613	the blob, not the end
614	
615	* ad.c: try all ldap servers in dns, generate a random password,
616	base64(random_block(64)), XXX must make it support other then
617	ARCFOUR
618	
619	* ad.c: framework for windows AD backend
620	
6212004-03-07  Love H�rnquist �strand  <lha@it.su.se>
622
623	* create_s.c (kadm5_s_create_principal): remove old XXX command
624	and related code, _kadm5_set_keys will do all this now
625	
6262004-02-29  Love H�rnquist �strand  <lha@it.su.se>
627
628	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
629	enctype for des keys From: Andrew Bartlett <abartlet@samba.org>
630	
631	* create_s.c (kadm5_s_create_principal_with_key): don't call
632	_kadm5_set_keys2, create_principal will do that for us. Set kvno
633	to 1.
634
635	* chpass_s.c (change): bump kvno
636	(kadm5_s_chpass_principal_with_key): bump kvno
637
638	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
639	
640	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
641	to that
642
6432003-12-30  Love H�rnquist �strand  <lha@it.su.se>
644
645	* chpass_s.c (change): fix same-password-again by decrypting keys
646	and setting an error code From: Buck Huppmann <buckh@pobox.com>
647	
6482003-12-21  Love H�rnquist �strand  <lha@it.su.se>
649
650	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
651	other krb5_ functions
652
6532003-12-08  Love H�rnquist �strand  <lha@it.su.se>
654
655	* rename_s.c (kadm5_s_rename_principal): allow principal to change
656	realm From Panasas Inc
657	
6582003-12-07  Love H�rnquist �strand  <lha@it.su.se>
659
660	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
661	Inc
662
6632003-11-23  Love H�rnquist �strand  <lha@it.su.se>
664
665	* iprop.h: don't include <krb5-private.h>
666	
667	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
668	functions and replace them with with krb5_storage
669	
670	* ipropd_master.c: stop using krb5 lib private byte-frobbing
671	functions and replace them with with krb5_storage
672	
6732003-11-19  Love H�rnquist �strand  <lha@it.su.se>
674
675	* ipropd_slave.c (receive_loop): when seeking over the entries we
676	already have, skip over the trailer.  From: Jeffrey Hutzelman
677	<jhutz@cmu.edu>
678
679	* dump_log.c,ipropd_master.c,ipropd_slave.c,
680	replay_log.c,truncate_log.c: parse kdc.conf
681	From: Jeffrey Hutzelman <jhutz@cmu.edu>
682
6832003-10-10  Love H�rnquist �strand  <lha@it.su.se>
684
685	* Makefile.am: += test_pw_quality
686	
687	* test_pw_quality.c: test program for verifying password quality
688	function
689
6902003-09-03  Love H�rnquist �strand  <lha@it.su.se>
691
692	* Makefile.am: add and enable check program default_keys
693	
694	* default_keys.c: test program for _kadm5_generate_key_set
695	
696	* init_c.c: use
697	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
698
6992003-08-17  Love H�rnquist �strand  <lha@it.su.se>
700
701	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
702	
703	* ipropd_master.c (main): make sure current_version is initialized
704	
7052003-08-15  Love H�rnquist �strand  <lha@it.su.se>
706
707	* set_keys.c: use default_keys for the both random keys and
708	password derived keys if its defined
709	
7102003-07-24  Love H�rnquist �strand  <lha@it.su.se>
711
712	* ipropd_slave.c (receive_everything): switch close and rename
713	From: Alf Wachsmann <alfw@SLAC.Stanford.EDU>
714	
7152003-07-03  Love H�rnquist �strand  <lha@it.su.se>
716
717	* iprop.h, ipropd_master.c, ipropd_slave.c:
718	Add probing from the server that the client is still there, also
719	make the client check that the server is probing.
720
7212003-07-02  Love H�rnquist �strand  <lha@it.su.se>
722
723	* truncate_log.c (main): add missing ``if (ret)''
724	
7252003-06-26  Love H�rnquist �strand  <lha@it.su.se>
726
727	* set_keys.c (make_keys): add AES support
728	
729	* set_keys.c: fix off by one in the aes case, pointed out by Ken
730	Raeburn
731
7322003-04-30  Love H�rnquist �strand  <lha@it.su.se>
733
734	* set_keys.c (_kadm5_set_keys_randomly): add
735	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
736	support
737
7382003-04-16  Love H�rnquist �strand  <lha@it.su.se>
739
740	* send_recv.c: check return values from krb5_data_alloc
741	* log.c: check return values from krb5_data_alloc
742	
7432003-04-16  Love H�rnquist �strand  <lha@it.su.se>
744
745	* dump_log.c (print_entry): check return values from
746	krb5_data_alloc
747
7482003-04-01  Love H�rnquist �strand  <lha@it.su.se>
749
750	* init_c.c (kadm_connect): if a context realm was passed in, use
751	that to form the kadmin/admin principal
752	
7532003-03-19  Love H�rnquist �strand  <lha@it.su.se>
754
755	* ipropd_master.c (main): make sure we don't consider dead slave
756	for select processing
757	(write_stats): use slave_stats_file variable, 
758	check return value of strftime
759	(args): allow specifying slave stats file
760	(slave_dead): close the fd when the slave dies
761
7622002-10-21  Johan Danielsson  <joda@pdc.kth.se>
763
764	* ipropd_slave.c (from Derrick Brashear): Propagating a large
765	database without this means the slave kdcs can get erroneous
766	HDB_NOENTRY and return the resulting errors. This creates a new db
767	handle, populates it, and moves it into place.
768
7692002-08-26  Assar Westerlund  <assar@kth.se>
770
771	* ipropd_slave.c (receive_everything): type-correctness calling
772	_krb5_get_int
773
774	* context_s.c (find_db_spec): const-correctness in parameters to
775	krb5_config_get_next
776
7772002-08-16  Johan Danielsson  <joda@pdc.kth.se>
778
779	* private.h: rename header file flag macro
780
781	* Makefile.am: generate kadm5-{protos,private}.h
782
7832002-08-15  Johan Danielsson  <joda@pdc.kth.se>
784
785	* ipropd_master.c: check return value of krb5_sockaddr2address
786
7872002-07-04  Johan Danielsson  <joda@pdc.kth.se>
788
789	* ipropd_master.c: handle slaves that come and go; add status
790	reporting (both from Love)
791
792	* iprop.h: KADM5_SLAVE_STATS
793
7942002-03-25  Jacques Vidrine  <n@nectar.com>
795
796	* init_c.c (get_cred_cache): bug fix: the default credentials
797	cache was not being used if a client name was specified.
798
7992002-03-25  Johan Danielsson  <joda@pdc.kth.se>
800
801	* init_c.c (get_cred_cache): when getting the default_client from
802	the cred cache, make sure the instance part is "admin"; this
803	should require fewer uses of -p
804
8052002-03-11  Assar Westerlund  <assar@sics.se>
806
807	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
808	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2
809
8102002-02-08  Johan Danielsson  <joda@pdc.kth.se>
811
812	* init_c.c: we have to create our own param struct before
813	marshaling
814
8152001-09-05  Johan Danielsson  <joda@pdc.kth.se>
816
817	* Makefile.am: link with LIB_pidfile
818
819	* iprop.h: include util.h for pidfile
820
8212001-08-31  Assar Westerlund  <assar@sics.se>
822
823	* ipropd_slave.c (main): syslog with the correct name
824
8252001-08-30  Jacques Vidrine <n@nectar.com>
826
827	* ipropd_slave.c, ipropd_master.c (main): call pidfile
828
8292001-08-28  Assar Westerlund  <assar@sics.se>
830
831	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0
832
8332001-08-24  Assar Westerlund  <assar@sics.se>
834
835	* acl.c (fetch_acl): do not return bogus flags and re-organize
836	function
837
838	* Makefile.am: rename variable name to avoid error from current
839	automake
840
8412001-08-13  Johan Danielsson  <joda@pdc.kth.se>
842
843	* set_keys.c: add easier afs configuration, defaulting to the
844	local realm in lower case; also try to remove duplicate salts
845
8462001-07-12  Assar Westerlund  <assar@sics.se>
847
848	* Makefile.am: add required library dependencies
849
8502001-07-03  Assar Westerlund  <assar@sics.se>
851
852	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2
853
8542001-06-29  Johan Danielsson  <joda@pdc.kth.se>
855
856	* init_c.c: call krb5_get_init_creds_opt_set_default_flags
857
8582001-02-19  Johan Danielsson  <joda@pdc.kth.se>
859
860	* replay_log.c: add --{start-end}-version flags to replay just
861	part of the log
862
8632001-02-15  Assar Westerlund  <assar@sics.se>
864
865	* ipropd_master.c (main): fix select-loop to decrement ret
866	correctly.  from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
867
8682001-01-30  Assar Westerlund  <assar@sics.se>
869
870	* Makefile.am: bump versions
871
8722000-12-31  Assar Westerlund  <assar@sics.se>
873
874	* init_s.c (*): handle krb5_init_context failure consistently
875	* init_c.c (init_context): handle krb5_init_context failure
876	consistently
877
8782000-12-11  Assar Westerlund  <assar@sics.se>
879
880	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0
881
8822000-11-16  Assar Westerlund  <assar@sics.se>
883
884	* set_keys.c (make_keys): clean-up salting loop and try not to
885	leak memory
886
887	* ipropd_master.c (main): check for fd's being too large to select
888	on
889
8902000-08-16  Assar Westerlund  <assar@sics.se>
891
892	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0
893
8942000-08-10  Assar Westerlund  <assar@sics.se>
895
896	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match
897
8982000-08-07  Assar Westerlund  <assar@sics.se>
899
900	* ipropd_master.c (main): ignore SIGPIPE
901
9022000-08-06  Assar Westerlund  <assar@sics.se>
903
904	* ipropd_slave.c (receive_everything): make `fd' an int instead of
905	a pointer.  From Derrick J Brashear <shadow@dementia.org>
906
9072000-08-04  Johan Danielsson  <joda@pdc.kth.se>
908
909	* admin.h: change void** to void*
910
9112000-07-25  Johan Danielsson  <joda@pdc.kth.se>
912
913	* Makefile.am: bump versions to 7:0:0 and 6:0:2
914
9152000-07-24  Assar Westerlund  <assar@sics.se>
916
917	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
918	and make a new that takes a context
919	(kadm5_log_nop): add logging of missing lengths
920	(kadm5_log_truncate): new function
921
922	* dump_log.c (print_entry): update and correct
923	* randkey_s.c: call _kadm5_bump_pw_expire
924	* truncate_log.c: new program for truncating the log
925	* Makefile.am (sbin_PROGRAMS): add truncate_log
926	(C_SOURCES): add bump_pw_expire.c
927	* bump_pw_expire.c: new function for extending password expiration
928
9292000-07-22  Assar Westerlund  <assar@sics.se>
930
931	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys
932
933	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
934	functions
935
936	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
937	* Makefile.am (C_SOURCES): add keys.c
938	* init_c.c: remove unused variable and handle some parameters
939	being NULL
940
9412000-07-22  Johan Danielsson  <joda@pdc.kth.se>
942
943	* ipropd_slave.c: use krb5_read_priv_message
944
945	* ipropd_master.c: use krb5_{read,write}_priv_message
946
947	* init_c.c: use krb5_write_priv_message
948
9492000-07-11  Johan Danielsson  <joda@pdc.kth.se>
950
951	* ipropd_slave.c: no need to call gethostname, since
952	sname_to_principal will
953
954	* send_recv.c: assert that we have a connected socket
955
956	* get_princs_c.c: call _kadm5_connect
957
958	* rename_c.c: call _kadm5_connect
959
960	* randkey_c.c: call _kadm5_connect
961
962	* privs_c.c: call _kadm5_connect
963
964	* modify_c.c: call _kadm5_connect
965
966	* get_c.c: call _kadm5_connect
967
968	* delete_c.c: call _kadm5_connect
969
970	* create_c.c: call _kadm5_connect
971
972	* chpass_c.c: call _kadm5_connect
973
974	* private.h: add more fields to client context; remove prototypes
975
976	* admin.h: remove prototypes
977
978	* kadm5-protos.h: move public prototypes here
979
980	* kadm5-private.h: move private prototypes here
981
982	* init_c.c: break out connection code to separate function, and
983	defer calling it until we actually do something
984
9852000-07-07  Assar Westerlund  <assar@sics.se>
986
987	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
988	backwards compatability
989
9902000-06-26  Johan Danielsson  <joda@pdc.kth.se>
991
992	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
993	adaptable to different salts
994	
9952000-06-19  Johan Danielsson  <joda@pdc.kth.se>
996
997	* get_s.c: pa_* -> KRB5_PADATA_*
998
9992000-06-16  Assar Westerlund  <assar@sics.se>
1000
1001	* ipropd_slave.c: change default keytab to default keytab (as in
1002	typically FILE:/etc/krb5.keytab)
1003
10042000-06-08  Assar Westerlund  <assar@sics.se>
1005
1006	* ipropd_slave.c: bug fixes, for actually writing the full dump to
1007	the database.  based on a patch from Love <lha@stacken.kth.se>
1008
10092000-06-07  Assar Westerlund  <assar@sics.se>
1010
1011	* acl.c: add support for patterns of principals
1012	* log.c (kadm5_log_replay_create): handle more NULL pointers
1013	(should they really happen?)
1014	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
1015	max_renew == NULL
1016
1017	* ipropd_master.c: use syslog.  be less verbose
1018	* ipropd_slave.c: use syslog
1019
10202000-06-05  Assar Westerlund  <assar@sics.se>
1021
1022	* private.h (kadm_ops): add kadm_nop more prototypes
1023	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
1024	kadm5_log_replay_nop): add
1025	* ipropd_slave.c: and some more improvements
1026	* ipropd_master.c: lots of improvements
1027	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
1028	(iprop_cmd): add new commands
1029
1030	* dump_log.c: add nop
1031
10322000-05-15  Assar Westerlund  <assar@sics.se>
1033
1034	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1
1035
10362000-05-12  Assar Westerlund  <assar@sics.se>
1037
1038	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
1039	fallback.  handle not having any creator.
1040	* destroy_s.c (kadm5_s_destroy): free all allocated memory
1041	* context_s.c (set_field): free variable if it's already set
1042	(find_db_spec): malloc space for all strings
1043
10442000-04-05  Assar Westerlund  <assar@sics.se>
1045
1046	* Makefile.am (LDADD): add LIB_openldap
1047
10482000-04-03  Assar Westerlund  <assar@sics.se>
1049
1050	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
1051	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1
1052
10532000-03-24  Assar Westerlund  <assar@sics.se>
1054
1055	* set_keys.c (_kadm5_set_keys2): rewrite
1056	(_kadm5_set_keys3): add
1057
1058	* private.h (struct kadm_func): add chpass_principal_with_key
1059	* init_c.c (set_funcs): add chpass_principal_with_key
1060
10612000-03-23  Assar Westerlund  <assar@sics.se>
1062
1063	* context_s.c (set_funcs): add chpass_principal_with_key
1064	* common_glue.c (kadm5_chpass_principal_with_key): add
1065	* chpass_s.c: comment-ize and change calling convention for
1066	_kadm5_set_keys*
1067	* chpass_c.c (kadm5_c_chpass_principal_with_key): add
1068
10692000-02-07  Assar Westerlund  <assar@sics.se>
1070
1071	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0
1072
10732000-01-28  Assar Westerlund  <assar@sics.se>
1074
1075	* init_c.c (get_new_cache): make sure to request non-forwardable,
1076	non-proxiable
1077
10782000-01-06  Assar Westerlund  <assar@sics.se>
1079
1080	* Makefile.am (libkadm5srv.la): bump version to 5:1:0
1081
1082	* context_s.c (_kadm5_s_init_context): handle params == NULL
1083
10841999-12-26  Assar Westerlund  <assar@sics.se>
1085
1086	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
1087 	== NULL
1088
10891999-12-20  Assar Westerlund  <assar@sics.se>
1090
1091	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
1092
1093	* init_c.c (_kadm5_c_init_context): handle getting back port
1094 	number from admin host
1095	(kadm5_c_init_with_context): remove `proto/' part before doing
1096	getaddrinfo()
1097
10981999-12-06  Assar Westerlund  <assar@sics.se>
1099
1100	* Makefile.am: bump version to 5:0:0 and 4:0:0
1101
1102	* init_c.c (kadm5_c_init_with_context): don't use unitialized
1103 	stuff
1104
11051999-12-04  Assar Westerlund  <assar@sics.se>
1106
1107	* replay_log.c: adapt to changed kadm5_log_foreach
1108
1109	* log.c (kadm5_log_foreach): change to take a
1110 	`kadm5_server_context'
1111
1112	* init_c.c: use krb5_warn{,x}
1113
1114	* dump_log.c: adapt to changed kadm5_log_foreach
1115
1116	* init_c.c: re-write to use getaddrinfo
1117	* Makefile.am (install-build-headers): add dependency
1118	
11191999-12-03  Johan Danielsson  <joda@pdc.kth.se>
1120
1121	* log.c (kadm5_log_foreach): pass context
1122
1123	* dump_log.c: print more interesting things
1124
11251999-12-02  Johan Danielsson  <joda@pdc.kth.se>
1126
1127	* ipropd_master.c (process_msg): check for short reads
1128
11291999-11-25  Assar Westerlund  <assar@sics.se>
1130
1131	* modify_s.c (kadm5_s_modify_principal): support key_data
1132	(kadm5_s_modify_principal_with_key): remove
1133
1134	* admin.h (kadm5_s_modify_principal_with_key): remove
1135
11361999-11-20  Assar Westerlund  <assar@sics.se>
1137
1138	* context_s.c (find_db_spec): ugly cast work-around.
1139
11401999-11-14  Assar Westerlund  <assar@sics.se>
1141
1142	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
1143 	that we aren't dependent on the layout of krb5_context_data
1144	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
1145 	we aren't dependent on the layout of krb5_context_data
1146
11471999-11-13  Assar Westerlund  <assar@sics.se>
1148
1149	* password_quality.c (kadm5_setup_passwd_quality_check): use
1150	correct types for function pointers
1151	
11521999-11-09  Johan Danielsson  <joda@pdc.kth.se>
1153
1154	* randkey_s.c: always bail out if the fetch fails
1155
1156	* admin.h (kadm5_config_params): remove fields we're not using
1157
1158	* ipropd_slave.c: allow passing a realm
1159
1160	* ipropd_master.c: allow passing a realm
1161
1162	* dump_log.c: allow passing a realm
1163
1164	* acl.c: correctly get acl file
1165
1166	* private.h (kadm5_server_context): add config_params struct and
1167	remove acl_file; bump protocol version number
1168
1169	* marshall.c: marshalling of config parameters
1170
1171	* init_c.c (kadm5_c_init_with_context): try to cope with old
1172	servers
1173
1174	* init_s.c (kadm5_s_init_with_context): actually use some passed
1175	values
1176
1177	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
1178	stash_file from the config parameters, try to figure out these if
1179	they're not provided
1180
11811999-11-05  Assar Westerlund  <assar@sics.se>
1182
1183	* Makefile.am (install-build-headers): use `cp' instead of
1184 	INSTALL_DATA
1185
11861999-11-04  Assar Westerlund  <assar@sics.se>
1187
1188	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
1189 	directly in libkrb5's context - bad functions)
1190
1191	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
1192 	the copied keys
1193
11941999-10-20  Assar Westerlund  <assar@sics.se>
1195
1196	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
1197 	quality functions).
1198 	set version of kdam5clnt to 2:1:1 (no interface changes)
1199
1200	* Makefile.am (LDADD): add $(LIB_dlopen)
1201
12021999-10-17  Assar Westerlund  <assar@sics.se>
1203
1204	* randkey_s.c (kadm5_s_randkey_principal): use
1205 	_kadm5_set_keys_randomly
1206
1207	* set_keys.c (free_keys): free more memory
1208	(_kadm5_set_keys): a little bit more generic
1209	(_kadm5_set_keys_randomly): new function for setting random keys.
1210
12111999-10-14  Assar Westerlund  <assar@sics.se>
1212
1213	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
1214 	ones and always add 3 DES keys and one 3DES key
1215
12161999-10-03  Assar Westerlund  <assar@sics.se>
1217
1218	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
1219  	check return value from strdup
1220
12211999-09-26  Assar Westerlund  <assar@sics.se>
1222
1223	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
1224 	strlcpy
1225
12261999-09-24  Johan Danielsson  <joda@pdc.kth.se>
1227
1228	* dump_log.c: remove unused `optind'
1229
1230	* replay_log.c: remove unused `optind'
1231
12321999-09-13  Assar Westerlund  <assar@sics.se>
1233
1234	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv
1235
1236	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
1237 	so that we avoid copying it and don't need to dimension in
1238 	advance.  change all callers.
1239
12401999-09-10  Assar Westerlund  <assar@sics.se>
1241
1242	* password_quality.c: new file
1243
1244	* admin.h
1245 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
1246 	add prototypes
1247
1248	* Makefile.am (S_SOURCES): add password_quality.c
1249
12501999-07-26  Assar Westerlund  <assar@sics.se>
1251
1252	* Makefile.am: update versions to 2:0:1
1253
12541999-07-24  Assar Westerlund  <assar@sics.se>
1255
1256	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
1257 	and pw_expiration == 0 mean never
1258
12591999-07-22  Assar Westerlund  <assar@sics.se>
1260
1261	* log.c (kadm5_log_flush): extra cast
1262
12631999-07-07  Assar Westerlund  <assar@sics.se>
1264
1265	* marshall.c (store_principal_ent): encoding princ_expire_time and
1266 	pw_expiration in correct order
1267
12681999-06-28  Assar Westerlund  <assar@sics.se>
1269
1270	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
1271 	otherwise hdb will think that the new random keys are already
1272 	encrypted which will cause lots of confusion later.
1273
12741999-06-23  Assar Westerlund  <assar@sics.se>
1275
1276	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
1277 	correctly.  From Michal Vocu <michal@karlin.mff.cuni.cz>
1278
12791999-06-15  Assar Westerlund  <assar@sics.se>
1280
1281	* init_c.c (get_cred_cache): use get_default_username
1282
12831999-05-23  Assar Westerlund  <assar@sics.se>
1284
1285	* create_s.c (create_principal): if there's no default entry the
1286	mask should be zero.
1287
12881999-05-21  Assar Westerlund  <assar@sics.se>
1289
1290	* init_c.c (get_cred_cache): use $USERNAME
1291
12921999-05-17  Johan Danielsson  <joda@pdc.kth.se>
1293
1294	* init_c.c (get_cred_cache): figure out principal
1295
12961999-05-05  Johan Danielsson  <joda@pdc.kth.se>
1297
1298	* send_recv.c: cleanup _kadm5_client_{send,recv}
1299
13001999-05-04  Assar Westerlund  <assar@sics.se>
1301
1302	* set_keys.c (_kadm5_set_keys2): don't check the recently created
1303 	memory for NULL pointers
1304
1305	* private.h (_kadm5_setup_entry): change prototype
1306
1307	* modify_s.c: call new _kadm5_setup_entry
1308
1309	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
1310 	masks, one for what bits to set and one for each of principal and
1311 	def containing the bits that are set there.
1312
1313	* create_s.c: call new _kadm5_setup_entry
1314
1315	* create_s.c (get_default): check return value
1316	(create_principal): send wider mask to _kadm5_setup_entry
1317
13181999-05-04  Johan Danielsson  <joda@pdc.kth.se>
1319
1320	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
1321	packets, check for errors
1322
1323	* get_c.c: check for failure from _kadm5_client_{send,recv}
1324
13251999-05-04  Assar Westerlund  <assar@sics.se>
1326
1327	* init_c.c (get_new_cache): don't abort when interrupted from
1328 	password prompt
1329	
1330	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
1331 	auth context
1332
13331999-05-03  Johan Danielsson  <joda@pdc.kth.se>
1334
1335	* chpass_s.c: fix arguments to _kadm5_set_keys2
1336
1337	* private.h: proto
1338
1339	* set_keys.c: clear mkvno
1340
1341	* rename_s.c: add flags to fetch and store; seal keys before
1342	logging
1343
1344	* randkey_s.c: add flags to fetch and store; seal keys before
1345	logging
1346
1347	* modify_s.c: add flags to fetch and store; seal keys before
1348	logging
1349
1350	* log.c: add flags to fetch and store; seal keys before logging
1351
1352	* get_s.c: add flags to fetch and store; seal keys before logging
1353
1354	* get_princs_s.c: add flags to fetch and store; seal keys before
1355	logging
1356
1357	* delete_s.c: add flags to fetch and store; seal keys before
1358	logging
1359
1360	* create_s.c: add flags to fetch and store; seal keys before
1361	logging
1362
1363	* chpass_s.c: add flags to fetch and store; seal keys before
1364	logging
1365
1366	* Makefile.am: remove server.c
1367
1368	* admin.h: add prototypes
1369
1370	* ent_setup.c (_kadm5_setup_entry): set key_data
1371
1372	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data
1373
1374	* modify_s.c: add kadm5_s_modify_principal_with_key
1375
1376	* create_s.c: add kadm5_s_create_principal_with_key
1377
1378	* chpass_s.c: add kadm5_s_chpass_principal_with_key
1379
1380	* kadm5_locl.h: move stuff to private.h
1381
1382	* private.h: move stuff from kadm5_locl.h
1383	
1384