head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.6 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.4 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.2 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.3.0.32 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.30 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.28 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.26 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.24 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.22 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.20 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.18 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.16 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.14 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.12 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.10 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.8 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.6 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.4 pkgsrc-2008Q1:1.3.0.2 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.2.0.18 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.16 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.14 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.12 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.10 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.8 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.6 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.4 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.2 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.1.1.1.0.14 pkgsrc-2005Q3-base:1.1.1.1 pkgsrc-2005Q2:1.1.1.1.0.12 pkgsrc-2005Q2-base:1.1.1.1 pkgsrc-2005Q1:1.1.1.1.0.10 pkgsrc-2005Q1-base:1.1.1.1 pkgsrc-2004Q4:1.1.1.1.0.8 pkgsrc-2004Q4-base:1.1.1.1 pkgsrc-2004Q3:1.1.1.1.0.6 pkgsrc-2004Q3-base:1.1.1.1 pkgsrc-2004Q2:1.1.1.1.0.4 pkgsrc-2004Q2-base:1.1.1.1 pkgsrc-2004Q1:1.1.1.1.0.2 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2011.07.08.09.49.21; author adam; state dead; branches; next 1.3; 1.3 date 2008.02.28.08.14.41; author jlam; state Exp; branches; next 1.2; 1.2 date 2005.10.26.15.12.45; author jlam; state Exp; branches; next 1.1; 1.1 date 2004.01.10.14.56.45; author jlam; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2004.01.10.14.56.45; author jlam; state Exp; branches; next ; desc @@ 1.4 log @Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings @ text @$NetBSD: patch-ac,v 1.3 2008/02/28 08:14:41 jlam Exp $ --- configure.in.orig 2008-01-24 08:13:51.000000000 -0500 +++ configure.in @@@@ -16,9 +16,6 @@@@ AC_PROG_CPP AC_PREFIX_DEFAULT(/usr/heimdal) -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' -test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' - AC_CANONICAL_HOST CANONICAL_HOST=$host AC_SUBST(CANONICAL_HOST) @ 1.3 log @Update security/heimdal to version 1.1. Changes from version 0.7.2 include: * Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update security/heimdal to 0.7.1 (approved by lha). We drop support for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes @ text @d3 1 a3 1 --- configure.in.orig 2005-09-09 08:13:10.000000000 -0400 d5 1 a5 1 @@@@ -15,9 +15,6 @@@@ AM_MAINTAINER_MODE @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- configure.in.orig Mon May 12 11:26:39 2003 d5 1 a5 1 @@@@ -16,9 +16,6 @@@@ AM_MAINTAINER_MODE @ 1.1.1.1 log @Initial import of heimdal-0.6 into security/heimdal. Heimdal is a free implementation of Kerberos 5. Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is "unsafe". Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). All principals share a secret password (or key) with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Thus trusting the Kerberos server, users and services can authenticate each other. @ text @@