head	1.6;
access;
symbols
	RELEASE_4_3_0:1.4
	RELEASE_4_2_0:1.3;
locks; strict;
comment	@# @;


1.6
date	2001.07.24.17.14.44;	author nectar;	state dead;
branches;
next	1.5;

1.5
date	2001.06.11.18.38.46;	author nectar;	state Exp;
branches;
next	1.4;

1.4
date	2001.01.24.20.36.33;	author nectar;	state Exp;
branches;
next	1.3;

1.3
date	2000.11.06.20.00.02;	author nectar;	state Exp;
branches;
next	1.2;

1.2
date	2000.11.06.19.56.21;	author nectar;	state Exp;
branches;
next	1.1;

1.1
date	2000.11.06.19.01.43;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.6
log
@Update pam_krb5 1.0 -> 1.0.1.
Change MASTER_SITES.

NB: This  versioning is  bogus.  Unfortunately,  there is  no official
release of  pam_krb5 yet,  but it has  substantially changed.   I made
this release based on what is in CVS.
@
text
@--- pam_krb5.h.orig	Tue Jan  4 19:08:51 2000
+++ pam_krb5.h	Mon Jun 11 13:24:14 2001
@@@@ -5,7 +5,16 @@@@
  */
 
 int get_user_info(pam_handle_t *, char *, int, char **);
-krb5_error_code pam_prompter(krb5_context, void *, const char *,
-			     const char *, int, krb5_prompt[]);
-int verify_krb_v5_tgt(krb5_context, krb5_ccache, int);
+int verify_krb_v5_tgt(krb5_context, krb5_ccache, char *, int);
 void cleanup_cache(pam_handle_t *, void *, int);
+
+krb5_prompter_fct pam_prompter;
+
+const char	*compat_princ_component(krb5_context, krb5_principal, int);
+void		 compat_free_data_contents(krb5_context, krb5_data *);
+
+#ifndef ENCTYPE_DES_CBC_MD5
+#define ENCTYPE_DES_CBC_MD5	ETYPE_DES_CBC_MD5
+#endif
+
+
@


1.5
log
@Update for heimdal-0.3f interface changes.
@
text
@@


1.4
log
@Bug fixes and paranoia:

compat_heimdal.c:
   = Stop shooting at feet when freeing a particular chunk of memory.
     Found by complaints from free(), and pinpointed with MALLOC_OPTIONS=A.
pam_krb5_auth.c:
   = In addition to dropping and restoring uid when delving in /tmp,
     drop and restore gid.
   = Explicitly set permissions on the credentials cache for good measure.

The following was
Obtained from:	Sam Hartman <hartmans@@mit.edu> via bugs.debian.org

support.c:
   = verify_krb_v5_tgt: Do a little more to prevent KDC spoofing.
     Allow for a key separate from the host key to use only for PAM.
@
text
@d2 2
a3 2
+++ pam_krb5.h	Wed Jan 24 13:37:28 2001
@@@@ -5,7 +5,18 @@@@
a16 2
+krb5_error_code	 compat_cc_next_cred(krb5_context, const krb5_ccache, 
+				     krb5_cc_cursor *, krb5_creds *);
@


1.3
log
@(forced commit)

Double oops.  I initially added a version of this port that was a bit
dated.  The last commit brings it up to date: in particular, MIT Kerberos
support was broken in theory (though not in practice).
@
text
@d2 1
a2 1
+++ pam_krb5.h	Mon Nov  6 13:42:22 2000
d9 2
a10 1
 int verify_krb_v5_tgt(krb5_context, krb5_ccache, int);
@


1.2
log
@Oops,
@
text
@@


1.1
log
@A Pluggable Authentication Module for Kerberos 5.
@
text
@d2 3
a4 2
+++ pam_krb5.h	Mon Nov  6 10:21:49 2000
@@@@ -6,6 +6,6 @@@@
d7 1
a7 1
 krb5_error_code pam_prompter(krb5_context, void *, const char *,
a8 1
+			     int, krb5_prompt[]);
d11 13
@

