source: trunk/third/cns/src/kadmin/ChangeLog @ 8789

Revision 8789, 11.0 KB checked in by ghudson, 28 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r8788, which included commits to RCS files with non-trunk default branches.
Line 
1Tue Jun  4 23:24:43 1996  Marc Horowitz  <marc@mit.edu>
2
3        * ksrvutil.c: conditionalize sys_errlist declaration on
4        HAVE_SYS_ERRLIST_DECL
5
6Fri Feb 16 23:19:19 1996  Mark Eichin  <eichin@cygnus.com>
7
8        * kadmin.c (add_snk_key): use new random number generator for
9        initial SNK hardware keys.
10
11Fri Feb 16 22:43:41 1996  Mark Eichin  <eichin@cygnus.com>
12
13        * kadm_funcs.c (kadm_chg_srvtab): set default expiration date for
14        get_srvtab to 12/31/2009.
15
16Fri Feb 16 21:00:38 1996  Mark Eichin  <eichin@cygnus.com>
17
18        * ksrvutil.c (get_svc_new_key): use des_new_random_key seeded off
19        of the changepw session key.
20
21Tue Oct 24 22:17:42 1995  Mark Eichin  <eichin@cygnus.com>
22
23        * kadm_funcs.c (kadm_approve_pw): don't check password against
24        principal if we didn't get one. Need to enhance check_pw interface
25        later to take a key.
26
27Tue Sep 26 23:56:07 1995  Ken Raeburn  <raeburn@cygnus.com>
28
29        * admin_server.c (main): Tweak usage message.
30
31        * kadm_server.h.sed (RESTRICT_ACL_FILE): Define.
32        * kadm_funcs.c [POSIX]: Include unistd.h.
33        (check_restrict_access): Verify that if RESTRICT_ACL_FILE exists,
34        the supplied target principal name isn't in it.
35        (kadm_add_entry, kadm_mod_entry, kadm_del_entry): Check principal
36        to be changed (*not* administrator's principal) to see if it's in
37        the restricted list.
38        (kadm_approve_pw) [HAVE_FGETPWENT]: Declare fgetpwent.
39
40Fri Sep  1 16:19:39 1995  Ken Raeburn  <raeburn@cygnus.com>
41
42        * kadm_funcs.c [NO_STRERROR] (sys_errlist): Declare.
43        [NO_STRERROR] (strerror): New macro.
44        (malloc, gecos_file): Declare.
45        (sfree): New function.
46        (CLEANUP, BADPW): New macros, for optionally logging a message
47        before returning an insecure-password indication.  Changed most
48        code to use them.
49        (DEBUG_PW): New macro, controlling debugging code.  DO NOT ENABLE
50        THIS if you want your passwords to remain even vaguely secure.
51        (copy_downcase, check_substrings): New functions.
52        (str_check_gecos): Add several new checks.
53        (kadm_approve_pw): Ditto.  If gecos_file is non-null, pull the
54        GECOS field out of that file instead of the standard password
55        database.
56
57        * admin_server.c: Include unistd.h.
58        (gecos_file): New variable.
59        (main): Accept option `G' with argument.  If HAVE_FGETPWENT, set
60        gecos_file and complain if the file doesn't exist; otherwise,
61        always complain.
62
63        * kpasswd.c: Compare new and old passwords.  This check is not
64        currently enforced by the server.
65        (oldhist, newhist): New variables.
66        (get_pw_new_key): Build histograms of character frequencies in new
67        and old passwords, and reject changes that don't differ by a total
68        of at least 3.
69
70Wed Jul 26 19:33:57 1995  Ken Raeburn  <raeburn@cygnus.com>
71
72        * build_pwfile.c: Include string.h.
73
74Fri Jun  2 17:48:46 1995  Mark Eichin  <eichin@cygnus.com>
75
76        * Makefile.in (clean): unify clean rules to avoid ::.
77
78Thu Mar 30 17:30:24 1995  Ken Raeburn  <raeburn@cujo.cygnus.com>
79
80        * kadmin.tk: Disable logging of output to control terminal.
81
82Wed Mar 29 16:27:19 1995  Ian Lance Taylor  <ian@cygnus.com>
83
84        * kadmin.tk: Add preliminary version of expect/TK script providing
85        a GUI for kadmin.
86
87Mon Mar 27 16:27:00 1995  Mark Eichin  <eichin@cygnus.com>
88
89        * kadmin.c (get_admin_password): don't dest_tkt if we're using an
90        existing ticket file, since we didn't create it.
91
92Fri Jan 27 10:09:18 1995  Ian Lance Taylor  <ian@cygnus.com>
93
94        * get_srvtab.c: Don't include <netdb.h>; it's included by
95        cc-unix.h.
96
97Tue Jan 24 00:53:40 1995  Mark Eichin  <eichin@cygnus.com>
98
99        * kadm_funcs.c (kadm_check_srvtab): new function, open files for
100        get_srvtab support.
101        (kadm_chg_srvtab): process get_srvtab request, rewritten in our
102        portable style.
103        (check_access): recognize STAB_ACL.
104        * kadm_server.c (kadm_ser_stab): New function for get_srvtab
105        support from MIT V4p10.
106        * kadm_server.h.sed (STAB_ACL_DEFINES, STAB_SERVICES_FILE,
107        STAB_HOSTS_FILE): new strings for filenames to support get_srvtab.
108        * get_srvtab.c: new file, actual application to request a srvtab.
109        * Makefile.in: build and install get_srvtab.
110
111Mon Jan 16 12:08:30 1995  John Gilmore  <gnu@cygnus.com>
112
113        * ksrvutil.c (main):  Insert newline in overlong, confusing
114        error message.
115
116Fri Jan 13 06:20:52 1995  Mark Eichin  <eichin@cygnus.com>
117
118        * kadmin.c (add_snk_key): fix octal input code to actually work
119        other than by accident.
120
121Tue Jan 10 01:04:32 1995  Mark Eichin  <eichin@cygnus.com>
122
123        * kadm_funcs.c (failadd): fix spelling error.
124        (kadm_del_entry): new function, handle delete principal request.
125        (check_access): recognize new acl type DELACL.
126        * kadm_ser_wrap.c (kadm_ser_in): recognize DEL_ENT request and
127        call kadm_ser_del.
128        * kadm_server.c (kadm_ser_del): parse arguments and call
129        kadm_del_entry.
130        * kadm_server.h.sed (DEL_ACL_FILE): define new acl filename.
131        * kadmin.c (delete_principal): prompt the user with a warning
132        message first and indicate success status.
133        * kadmin_cmds.ct: add delete_principal request.
134
135Wed Jan  4 17:43:38 1995  Ian Lance Taylor  <ian@sanguine.cygnus.com>
136
137        * kadm_ser_wrap.c (kadm_ser_init): Pass verify argument to
138        kdb_get_master_key_from.
139
140Fri Dec 30 12:36:29 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
141
142        * kadmin.c (add_snk_key): Cast arguments to des_ecb_encrypt.
143
144Fri Dec 30 00:09:49 1994  Mark Eichin  <eichin@cygnus.com>
145
146        * kadmin.c (add_snk_key): new function, creates a database entry
147        for a +SNK4 principal, optionally generates the key, and prints
148        the key checksum to verify the device is loaded correctly. (Should
149        still have a "change" function, or get "delete" working.)
150        * kadmin_cmds.ct: add add_snk_key request.
151
152Wed Dec 14 16:20:17 1994  Ian Lance Taylor  <ian@cygnus.com>
153
154        * kadm_ser_wrap.c (kadm_ser_in): Change type of r_len from u_long
155        to unsigned KRB_INT32.  Subtract sizeof(KRB_INT32) from
156        authent.length, not sizeof(u_long).
157
158Mon Nov 28 10:11:47 1994  Ian Lance Taylor  (ian@cygnus.com)
159
160        * kadm_ser_wrap.c (kadm_ser_in): Rewrite expression to avoid HP/UX
161        9.01 compiler bug.
162
163Wed Nov 16 17:22:25 1994  Mark Eichin  (eichin@cygnus.com)
164
165        * admin_server.c (main): initialize kfile.
166
167Tue Nov 15 16:32:23 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
168
169        * ksrvutil.c (main): Add krb_err_base to return value from
170        get_kvno before passing it to com_err.
171
172Wed Nov  9 15:48:27 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
173
174        * admin_server.c (doexit): Add dummy argument.
175        (process_client): Cast &on to char * when passing it to
176        setsockopt.
177
178        * Makefile.in (LOCALINCLUDE): Don't use / after $(SRCTOP) or
179        $(BUILDTOP).
180
181Thu Nov  3 16:45:49 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
182
183        * Makefile.in (install): Don't install mksrvtab.
184
185        * admin_server.c: Declare error_message.
186
187        * kadmin.c (help): Pass argument to the right printf statement.
188
189Wed Nov  2 19:07:31 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
190
191        * admin_server.c (kill_children): Combine both versions into one
192        using the new signal blocking macros.
193
194Tue Nov  1 16:51:19 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
195
196        * kadm_server.c (kadm_ser_cpw): Cast *datout to char * when
197        passing it to strcpy or strcat.
198        (kadm_ser_ckpw): Likewise.
199
200Mon Oct 31 19:39:44 1994  Ian Lance Taylor  <ian@sanguine.cygnus.com>
201
202        * Makefile.in (CODE): Use Makefile.in instead of Imakefile.
203
204Fri Sep 30 21:32:11 1994  John Gilmore  (gnu@tweedledumb.cygnus.com)
205
206        * kadmin.c (main): Add kadmin -t flag, which causes the existing
207        KRBTKFILE to be used for the admin ticket, and doesn't delete it
208        upon exit.  This allows kadmin to run without prompting for the
209        admin password, if a previous kadmin -t (or kinit) has left the
210        ticket in the cache.  This permits non-interactive runs of kadmin,
211        within the timeout of the cached ticket.
212
213Tue Aug 9 12:00:00 1994  John Rivlin  (jrivlin@fusion.com)
214       
215        * kadmin_ser_wrap.c: Added definitions for malloc so that
216        they may be removed from kadm.h
217       
218        * admin_server.c: Added definitions for malloc, relloc
219        so that they may be removed from kadm.h
220
221Sat Jul 30 02:28:54 1994  Mark Eichin  (eichin@cygnus.com)
222
223        * ksrvutil.c (get_svc_new_key): cleaned up error code logic to
224        always use com_err error table values.
225        (get_kvno): new function.
226        (main): fixed error table usage after get_svc_new_key.
227        Call get_kvno, and prompt for change of kvno if necessary.
228
229Sat Jul 30 01:55:49 1994  Mark Eichin  (eichin@cygnus.com)
230
231        * kpasswd.c (krb_get_krbhst): New function, calls krb_get_admhst,
232        just like in ksrvutil, to avoid confusing the user with an "old"
233        password from a slave KDC.
234
235Fri Jul 29 17:13:51 1994  Mark Eichin  (eichin@cygnus.com)
236
237        * ksrvutil.c (main): init_kadm_error_table too, since we're
238        getting errors from that package as well...
239
240Fri Jul 22 20:56:51 1994  John Gilmore  (gnu@cygnus.com)
241
242        * kpasswd.c:  Remove RCS crud.
243
244Thu Jul 21 18:07:57 1994  Mark Eichin  (eichin@tweedledumber.cygnus.com)
245
246        * admin_server.c (kill_children): If we HAVE_SIGSET, then do the
247        right thing with SIGCHLD (so that kadmind exits cleanly.) For now,
248        hpux and solaris20 HAVE_SIGSET.
249        (main): support alternate port from krb.conf, alternate stashed
250        key file.
251
252        * kadm_ser_wrap.c (kadm_ser_init): extra argument "kfile"
253        specifies the keyfile for kdb_get_master_key_from.
254
255        * kadmin.c (get_admin_password, princ_exists, do_init, usage): add
256        preauth support.
257
258        * ksrvutil.c (get_svc_new_key): add preauth support.
259        (usage): mention preauth support.
260        (main): add -p arg to enable preauth.
261
262        * kpasswd.c (main, get_pw_new_key, usage): ditto.
263
264Wed Jul 20 20:39:01 1994  Mark Eichin  (eichin@cygnus.com)
265
266        * Makefile.in (all:): build mksrvtab, since we're installing it.
267
268Fri Jul  1 05:08:45 1994  John Gilmore  (gnu@cygnus.com)
269
270        * kadmin.c, kpasswd.c:  krb_err_txt -> krb_get_err_text.
271
272Wed Jun 22 16:00:17 1994  Ken Raeburn  (raeburn@cujo.cygnus.com)
273
274        * kadm_ser_wrap.c (kadm_ser_in): Fix quad_cksum arg types.
275
276        * admin_server.c, kadm_funcs.c, kadm_ser_wrap.c, kadm_server.c,
277        kadmin.c, kpasswd.c, ksrvutil.c: Include string.h.
278
279Wed Jun 22 15:32:23 1994  Mark Eichin  (eichin@cygnus.com)
280
281        * mksrvtab.c: new program, trivial srvtab builder (portable enough
282        to build on VMS.)
283        * Makefile.in: build mksrvtab.
284
285Sun Jun 19 20:49:21 1994  John Gilmore  (gnu@cygnus.com)
286
287        * admin_server.c, kadm_ser_wrap.c:  Avoid dup inclusion
288        of <sys/socket.h> and <netdb.h>.
289
290Fri May 13 01:48:47 1994  John Gilmore  (gnu@cygnus.com)
291
292        * Makefile.in:  build kadm_server.h as part of `all',
293        so `make depend' is not required.
294        * build_pwfile.c, kadm_funcs.c, ksrvutil.c:  Move kadm.h and
295        friends above system includes to allow #if's around system includes.
296
297Mon May  9 00:11:20 1994  John Gilmore  (gnu@cygnus.com)
298
299        * Makefile.in:  Move "all:" line to first place.
300        * admin_server.c:  Eliminate attempt to return; or return(0) based
301        on guessed type of signal handler functions.
302        * kadm_ser_wrap.c:  Lint.
303
304Fri May  6 02:26:31 1994  John Gilmore  (gnu@cygnus.com)
305
306        * kadm_ser_wrap.c:  Lint, remove RCS crud.
307
308Wed Feb 16 20:54:18 1994  John Gilmore  (gnu@cygnus.com)
309
310        * kadm_ser_wrap.c (kadm_ser_in):  Pass correct length field
311        (after subtracting the byte used specify what operation is
312        occurring) to the operation routines.  Avoid examining the
313        garbage byte just after the stream ends.  Fixes problem with
314        password change from Mac failing due to "mismatched password".
315        See also zero-length string fix in ../lib/kadm/kadm_stream.c.
316
317
Note: See TracBrowser for help on using the repository browser.