--- krb5-1.8.1+dfsg.orig/.gbp.conf
+++ krb5-1.8.1+dfsg/.gbp.conf
@@ -0,0 +1,5 @@
+[DEFAULT]
+pristine-tar=True
+[git-import-orig]
+filter=doc/krb5-protocol
+pristine-tar=True
--- krb5-1.8.1+dfsg.orig/doc/rcp.html
+++ krb5-1.8.1+dfsg/doc/rcp.html
@@ -0,0 +1,183 @@
+
+
+
+
+
+
+NAME
+ rcp - remote file copy
+
+
+
+SYNOPSIS
+ rcp [-p] [-x] [-k realm ] [-c ccachefile] [-C configfile]
+ [-D port] [-N] [-PN | -PO] file1 file2
+
+ rcp [-p] [-x] [-k realm] [-r] [-D port] [-N] [-PN | -PO]
+ file ... directory
+
+ rcp [-f | -t] ...
+
+
+
+DESCRIPTION
+ Rcp copies files between machines. Each file or directory
+ argument is either a remote file name of the form
+ ``rhost:path'', or a local file name (containing no `:'
+ characters, or a `/' before any `:'s).
+
+ By default, the mode and owner of file2 are preserved if it
+ already existed; otherwise the mode of the source file modi-
+ fied by the umask(2) on the destination host is used.
+
+ If path is not a full path name, it is interpreted relative
+ to your login directory on rhost. A path on a remote host
+ may be quoted (using \, ", or ') so that the metacharacters
+ are interpreted remotely.
+
+ Rcp does not prompt for passwords; it uses Kerberos authen-
+ tication when connecting to rhost. Each user may have a
+ private authorization list in a file .k5login in his login
+ directory. Each line in this file should contain a Kerberos
+ principal name of the form principal/instance@realm. If
+ there is a ~/.k5login file, then access is granted to the
+ account if and only if the originater user is authenticated
+ to one of the principals named in the ~/.k5login file. Oth-
+ erwise, the originating user will be granted access to the
+ account if and only if the authenticated principal name of
+ the user can be mapped to the local account name using the
+ aname -> lname mapping rules (see krb5_anadd(8) for more
+ details).
+
+
+
+OPTIONS
+ -p attempt to preserve (duplicate) the modification times
+ and modes of the source files in the copies, ignoring
+ the umask.
+
+ -x encrypt all information transferring between hosts.
+
+ -k realm
+ obtain tickets for the remote host in realm instead of
+ the remote host's realm as determined by
+ krb_realmofhost(3).
+
+ -c ccachefile
+ change the default credentials cache file to ccachefile
+
+ -C configfile
+ change the default configuation file to configfile
+
+ -r if any of the source files are directories, copy each
+ subtree rooted at that name; in this case the destina-
+ tion must be a directory.
+
+ -PN
+
+ -PO Explicitly request new or old version of the Kerberos
+ ``rcmd'' protocol. The new protocol avoids many secu-
+ rity problems found in the old one, but is not interop-
+ erable with older servers. (An "input/output error"
+ and a closed connection is the most likely result of
+ attempting this combination.) If neither option is
+ specified, some simple heuristics are used to guess
+ which to try.
+
+ -D port
+ connect to port port on the remote machine.
+
+ -N use a network connection, even when copying files on
+ the local machine (used for testing purposes).
+
+ -f -t
+ These options are for internal use only. They tell the
+ remotely-running rcp process (started via the Kerberos
+ remote shell daemon) which direction files are being
+ sent. These options should not be used by the user.
+ In particular, -f does not mean that the user's Ker-
+ beros ticket should be forwarded!
+
+ Rcp handles third party copies, where neither source nor
+ target files are on the current machine. Hostnames may also
+ take the form ``rname@rhost'' to use rname rather than the
+ current user name on the remote host.
+
+
+
+FILES
+ ~/.k5login (on remote host) - file containing Kerberos
+ principals that are allowed access.
+
+
+
+SEE ALSO
+ cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3),
+ krb_getrealm(3), kshd(8), rcp(1) [UCB version]
+
+
+
+BUGS
+ Rcp doesn't detect all cases where the target of a copy
+ might be a file in cases where only a directory should be
+ legal.
+ Rcp is confused by any output generated by commands in a
+ .login, .profile, or .cshrc file on the remote host.
+
+ Kerberos is only used for the first connection of a third-
+ party copy; the second connection uses the standard Berkeley
+ rcp protocol.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Man(1) output converted with
+man2html
+
+
+
--- krb5-1.8.1+dfsg.orig/doc/ftp.html
+++ krb5-1.8.1+dfsg/doc/ftp.html
@@ -0,0 +1,822 @@
+
+
+
+
+
+
+NAME
+ ftp - ARPANET file transfer program
+
+
+
+SYNOPSIS
+ ftp [-v] [-d] [-i] [-n] [-g] [-k realm] [-f] [-x] [-u] [-t]
+ [host]
+
+
+
+DESCRIPTION
+ FTP is the user interface to the ARPANET standard File
+ Transfer Protocol. The program allows a user to transfer
+ files to and from a remote network site.
+
+
+
+OPTIONS
+ Options may be specified at the command line, or to the com-
+ mand interpreter.
+
+ -v Verbose option forces ftp to show all responses from
+ the remote server, as well as report on data transfer
+ statistics.
+
+ -n Restrains ftp from attempting ``auto-login'' upon ini-
+ tial connection. If auto-login is enabled, ftp will
+ check the .netrc (see below) file in the user's home
+ directory for an entry describing an account on the
+ remote machine. If no entry exists, ftp will prompt
+ for the remote machine login name (default is the user
+ identity on the local machine), and, if necessary,
+ prompt for a password and an account with which to
+ login.
+
+ -u Restrains ftp from attempting ``auto-authentication''
+ upon initial connection. If auto-authentication is
+ enabled, ftp attempts to authenticate to the FTP server
+ by sending the AUTH command, using whichever authenti-
+ cation types are locally supported. Once an authenti-
+ cation type is accepted, an authentication protocol
+ will proceed by issuing ADAT commands. This option
+ also disables auto-login.
+
+ -i Turns off interactive prompting during multiple file
+ transfers.
+
+ -d Enables debugging.
+
+ -g Disables file name globbing.
+
+ -f Causes credentials to be forwarded to the remote host.
+
+ -x Causes the client to attempt to negotiate encryption
+ (data and command protection levels ``private'')
+ immediately after successfully authenticating.
+
+ -t Enables packet tracing.
+
+
+
+COMMANDS
+ The client host with which ftp is to communicate may be
+ specified on the command line. If this is done, ftp will
+ immediately attempt to establish a connection to an FTP
+ server on that host; otherwise, ftp will enter its command
+ interpreter and await instructions from the user. When ftp
+ is awaiting commands from the user the prompt ``ftp>'' is
+ provided to the user. The following commands are recognized
+ by ftp:
+
+ ! [command] [args]]
+ Invoke an interactive shell on the local machine. If
+ there are arguments, the first is taken to be a command
+ to execute directly, with the rest of the arguments as
+ its arguments.
+
+ $ macro-name [args]
+ Execute the macro macro-name that was defined with the
+ macdef command. Arguments are passed to the macro
+ unglobbed.
+
+ account [passwd]
+ Supply a supplemental password required by a remote
+ system for access to resources once a login has been
+ successfully completed. If no argument is included,
+ the user will be prompted for an account password in a
+ non-echoing input mode.
+
+ append local-file [remote-file]
+ Append a local file to a file on the remote machine.
+ If remote-file is left unspecified, the local file name
+ is used in naming the remote file after being altered
+ by any ntrans or nmap setting. File transfer uses the
+ current settings for type, format, mode, and structure.
+
+ ascii
+ Set the file transfer type to network ASCII . This is
+ the default type.
+
+ bell Arrange that a bell be sounded after each file transfer
+ command is completed.
+
+ binary
+ Set the file transfer type to support binary file
+ transfer.
+
+ bye Terminate the FTP session with the remote server and
+ exit ftp. An end of file will also terminate the ses-
+ sion and exit.
+
+ case Toggle remote computer file name case mapping during
+ mget commands. When case is on (default is off),
+ remote computer file names with all letters in upper
+ case are written in the local directory with the
+ letters mapped to lower case.
+
+ ccc Turn off integrity protection on the command channel.
+ This command must be sent integrity protected, and must
+ be proceeded by a successful ADAT command. Since turn-
+ ing off integrity protection potentially allows an
+ attacker to insert commands onto the command channel,
+ some FTP servers may refuse to honor this command.
+
+ cd remote-directory
+ Change the working directory on the remote machine to
+ remote-directory.
+
+ cdup Change the remote machine working directory to the
+ parent of the current remote machine working directory.
+
+ chmod mode file-name
+ Change the permission modes of the file file-name on
+ the remote system to mode.
+
+ clear
+ Set the protection level on data transfers to
+ ``clear''. If no ADAT command succeeded, then this is
+ the default protection level.
+
+ close
+ Terminate the FTP session with the remote server, and
+ return to the command interpreter. Any defined macros
+ are erased.
+
+ cprotect [protection-level]
+ Set the protection level on commands to protection-
+ level. The valid protection levels are ``clear'' for
+ unprotected commands, ``safe'' for commands integrity
+ protected by cryptographic checksum, and ``private''
+ for commands confidentiality and integrity protected by
+ encryption. If an ADAT command succeeded, then the
+ default command protection level is ``safe'', otherwise
+ the only possible level is ``clear''. If no level is
+ specified, the current level is printed. cprotect
+ clear is equivalent to the ccc command.
+
+ cr Toggle carriage return stripping during ascii type file
+ retrieval. Records are denoted by a carriage
+ return/linefeed sequence during ascii type file
+ transfer. When cr is on (the default), carriage
+ returns are stripped from this sequence to conform with
+ the UNIX single linefeed record delimiter. Records on
+ non-UNIX remote systems may contain single linefeeds;
+ when an ascii type transfer is made, these linefeeds
+ may be distinguished from a record delimiter only when
+ cr is off.
+
+ delete remote-file
+ Delete the file remote-file on the remote machine.
+
+ debug [debug-value]
+ Toggle debugging mode. If an optional debug-value is
+ specified it is used to set the debugging level. When
+ debugging is on, ftp prints each command sent to the
+ remote machine, preceded by the string `-->'
+
+ dir [remote-directory] [local-file]
+ Print a listing of the directory contents in the direc-
+ tory, remote-directory, and, optionally, placing the
+ output in local-file. If interactive prompting is on,
+ ftp will prompt the user to verify that the last argu-
+ ment is indeed the target local file for receiving dir
+ output. If no directory is specified, the current
+ working directory on the remote machine is used. If no
+ local file is specified, or local-file is `-', output
+ comes to the terminal.
+
+ disconnect
+ A synonym for close.
+
+ form format
+ Set the file transfer form to format. The default for-
+ mat is ``file''.
+
+ get remote-file [local-file]
+ Retrieve the file remote-file and store it on the local
+ machine. If the local file name is not specified, it
+ is given the same name it has on the remote machine,
+ subject to alteration by the current case, ntrans, and
+ nmap settings. The current settings for type, form,
+ mode, and structure are used while transferring the
+ file.
+
+ glob Toggle filename expansion for mdelete, mget, and mput.
+ If globbing is turned off with glob, the file name
+ arguments are taken literally and not expanded. Glob-
+ bing for mput is done as in csh(1). For mdelete and
+ mget, each remote file name is expanded separately on
+ the remote machine and the lists are not merged.
+ Expansion of a directory name is likely to be different
+ from expansion of the name of an ordinary file: the
+ exact result depends on the foreign operating system
+ and ftp server, and can be previewed by doing `mls
+ remote-files -' Note: mget and mput are not meant to
+ transfer entire directory subtrees of files. That can
+ be done by transferring a tar(1) archive of the subtree
+ (in binary mode).
+
+ hash Toggle hash-sign (``#'') printing for each data block
+ transferred. The size of a data block is 1024 bytes.
+
+ help [command]
+ Print an informative message about the meaning of com-
+ mand. If no argument is given, ftp prints a list of
+ the known commands.
+
+ idle [seconds]
+ Set the inactivity timer on the remote server to
+ seconds seconds. If seconds is omitted, the current
+ inactivity timer is printed.
+
+ lcd [directory]
+ Change the working directory on the local machine. If
+ no directory is specified, the user's home directory is
+ used.
+
+ ls [remote-directory] [local-file]
+ Print a listing of the contents of a directory on the
+ remote machine. The listing includes any system-
+ dependent information that the server chooses to
+ include; for example, most UNIX systems will produce
+ output from the command `ls -l'. (See also nlist.) If
+ remote-directory is left unspecified, the current work-
+ ing directory is used. If interactive prompting is on,
+ ftp will prompt the user to verify that the last argu-
+ ment is indeed the target local file for receiving ls
+ output. If no local file is specified, or if local-
+ file is `-', the output is sent to the terminal.
+
+ macdefmacro-name
+ Define a macro. Subsequent lines are stored as the
+ macro macro-name; a null line (consecutive newline
+ characters in a file or carriage returns from the ter-
+ minal) terminates macro input mode. There is a limit
+ of 16 macros and 4096 total characters in all defined
+ macros. Macros remain defined until a close command is
+ executed. The macro processor interprets `$' and `\'
+ as special characters. A `$' followed by a number (or
+ numbers) is replaced by the corresponding argument on
+ the macro invocation command line. A `$' followed by
+ an `i' signals that macro processor that the executing
+ macro is to be looped. On the first pass `$i' is
+ replaced by the first argument on the macro invocation
+ command line, on the second pass it is replaced by the
+ second argument, and so on. A `\' followed by any
+ character is replaced by that character. Use the `\'
+ to prevent special treatment of the `$'.
+
+ mdelete [remote-files]
+ Delete remote-files on the remote machine.
+
+ mdir remote-files local-file
+ Like dir, except multiple remote files may be speci-
+ fied. If interactive prompting is on, ftp will prompt
+ the user to verify that the last argument is indeed the
+ target local file for receiving mdir output.
+
+ mget remote-files
+ Expand the remote-files on the remote machine and do a
+ get for each file name thus produced. See glob for
+ details on the filename expansion. Resulting file
+ names will then be processed according to case, ntrans,
+ and nmap settings. Files are transferred into the
+ local working directory, which can be changed with `lcd
+ directory'; new local directories can be created with
+ `! mkdir directory'.
+
+ mkdir directory-name
+ Make a directory on the remote machine.
+
+ mls remote-files local-file
+ Like nlist, except multiple remote files may be speci-
+ fied, and the local-file must be specified. If
+ interactive prompting is on, ftp will prompt the user
+ to verify that the last argument is indeed the target
+ local file for receiving mls output.
+
+ mode [mode-name]
+ Set the file transfer mode to mode-name. The default
+ mode is ``stream'' mode.
+
+ modtime file-name
+ Show the last modification time of the file on the
+ remote machine.
+
+ mput local-files
+ Expand wild cards in the list of local files given as
+ arguments and do a put for each file in the resulting
+ list. See glob for details of filename expansion.
+ Resulting file names will then be processed according
+ to ntrans and nmap settings.
+
+ newer file-name
+ Get the file only if the modification time of the
+ remote file is more recent that the file on the current
+ system. If the file does not exist on the current sys-
+ tem, the remote file is considered newer. Otherwise,
+ this command is identical to get.
+
+ nlist [remote-directory] [local-file]
+ Print a list of the files in a directory on the remote
+ machine. If remote-directory is left unspecified, the
+ current working directory is used. If interactive
+ prompting is on, ftp will prompt the user to verify
+ that the last argument is indeed the target local file
+ for receiving nlist output. If no local file is speci-
+ fied, or if local-file is `-', the output is sent to
+ the terminal.
+
+ nmap [inpattern outpattern]
+ Set or unset the filename mapping mechanism. If no
+ arguments are specified, the filename mapping mechanism
+ is unset. If arguments are specified, remote filenames
+ are mapped during mput commands and put commands issued
+ without a specified remote target filename. If argu-
+ ments are specified, local filenames are mapped during
+ mget commands and get commands issued without a speci-
+ fied local target filename. This command is useful
+ when connecting to non-UNIX remote computer with dif-
+ ferent file naming conventions or practices. The map-
+ ping follows the pattern set by inpattern and outpat-
+ tern. [Inpattern] is a template for incoming filenames
+ (which may have already been processed according to the
+ ntrans and case settings). Variable templating is
+ accomplished by including the sequences `$1', `$2',
+ ..., `$9' in inpattern. Use `\' to prevent this spe-
+ cial treatment of the `$' character. All other charac-
+ ters are treated literally, and are used to determine
+ the nmap [inpattern] variable values. For example,
+ given inpattern $1.$2 and the remote file name
+ "mydata.data", $1 would have the value "mydata", and $2
+ would have the value "data". The outpattern determines
+ the resulting mapped filename. The sequences `$1',
+ `$2', ..., `$9' are replaced by any value resulting
+ from the inpattern template. The sequence `$0' is
+ replace by the original filename. Additionally, the
+ sequence `[seq1, seq2]' is replaced by [seq1] if seq1
+ is not a null string; otherwise it is replaced by seq2.
+ For example, the command
+
+ nmap $1.$2.$3 [$1,$2].[$2,file]
+
+ would yield the output filename "myfile.data" for input
+ filenames "myfile.data" and "myfile.data.old",
+ "myfile.file" for the input filename "myfile", and
+ "myfile.myfile" for the input filename ".myfile".
+ Spaces may be included in outpattern, as in the exam-
+ ple: `nmap $1 sed "s/ *$//" > $1'. Use the `\' charac-
+ ter to prevent special treatment of the `$','[',']',
+ and `,' characters.
+
+ ntrans [inchars [outchars]]
+ Set or unset the filename character translation mechan-
+ ism. If no arguments are specified, the filename char-
+ acter translation mechanism is unset. If arguments are
+ specified, characters in remote filenames are
+ translated during mput commands and put commands issued
+ without a specified remote target filename. If argu-
+ ments are specified, characters in local filenames are
+ translated during mget commands and get commands issued
+ without a specified local target filename. This com-
+ mand is useful when connecting to a non-UNIX remote
+ computer with different file naming conventions or
+ practices. Characters in a filename matching a charac-
+ ter in inchars are replaced with the corresponding
+ character in outchars. If the character's position in
+ inchars is longer than the length of outchars, the
+ character is deleted from the file name.
+
+ open host [port] [-forward]
+ Establish a connection to the specified host FTP
+ server. An optional port number may be supplied, in
+ which case, ftp will attempt to contact an FTP server
+ at that port. If the auto-authenticate option is on
+ (default), ftp will attempt to authenticate to the FTP
+ server by sending the AUTH command, using whichever
+ authentication types which are locally supported. Once
+ an authentication type is accepted, an authentication
+ protocol will proceed by issuing ADAT commands. If the
+ auto-login option is on (default), ftp will also
+ attempt to automatically log the user in to the FTP
+ server (see below). If the -forward option is speci-
+ fied, ftp will forward a copy of the user's Kerberos
+ tickets to the remote host.
+
+ passive
+ Toggle passive data transfer mode. In passive mode,
+ the client initiates the data connection by listening
+ on the data port. Passive mode may be necessary for
+ operation from behind firewalls which do not permit
+ incoming connections.
+
+ private
+ Set the protection level on data transfers to
+ ``private''. Data transmissions are confidentiality
+ and integrity protected by encryption. If no ADAT com-
+ mand succeeded, then the only possible level is
+ ``clear''.
+
+ prompt
+ Toggle interactive prompting. Interactive prompting
+ occurs during multiple file transfers to allow the user
+ to selectively retrieve or store files. If prompting
+ is turned off (default is on), any mget or mput will
+ transfer all files, and any mdelete will delete all
+ files.
+
+ protect [protection-level]
+ Set the protection level on data transfers to
+ protection-level. The valid protection levels are
+ ``clear'' for unprotected data transmissions, ``safe''
+ for data transmissions integrity protected by crypto-
+ graphic checksum, and ``private'' for data transmis-
+ sions confidentiality and integrity protected by
+ encryption. If no ADAT command succeeded, then the
+ only possible level is ``clear''. If no level is
+ specified, the current level is printed. The default
+ protection level is ``clear''.
+
+ proxy ftp-command
+ Execute an ftp command on a secondary control connec-
+ tion. This command allows simultaneous connection to
+ two remote ftp servers for transferring files between
+ the two servers. The first proxy command should be an
+ open , to establish the secondary control connection.
+ Enter the command "proxy ?" to see other ftp commands
+ executable on the secondary connection. The following
+ commands behave differently when prefaced by proxy:
+ open will not define new macros during the auto-login
+ process, close will not erase existing macro defini-
+ tions, get and mget transfer files from the host on the
+ primary control connection to the host on the secondary
+ control connection, and put, mput, and append transfer
+ files from the host on the secondary control connection
+ to the host on the primary control connection. Third
+ party file transfers depend upon support of the ftp
+ protocol PASV command by the server on the secondary
+ control connection.
+
+ put local-file [remote-file]
+ Store a local file on the remote machine. If remote-
+ file is left unspecified, the local file name is used
+ after processing according to any ntrans or nmap set-
+ tings in naming the remote file. File transfer uses
+ the current settings for type, format, mode, and struc-
+ ture.
+
+ pwd Print the name of the current working directory on the
+ remote machine.
+
+ quit A synonym for bye.
+
+ quote arg1 [arg2] [...]
+ The arguments specified are sent, verbatim, to the
+ remote FTP server.
+
+ recv remote-file [local-file]
+ A synonym for get.
+
+ reget remote-file [local-file]
+ Reget acts like get, except that if local-file exists
+ and is smaller than remote-file, local-file is presumed
+ to be a partially transferred copy of remote-file and
+ the transfer is continued from the apparent point of
+ failure. This command is useful when transferring very
+ large files over networks that are prone to dropping
+ connections.
+
+ remotehelp [command-name]
+ Request help from the remote FTP server. If a
+ command-name is specified it is supplied to the server
+ as well.
+
+ remotestatus [file-name]
+ With no arguments, show status of remote machine. If
+ file-name is specified, show status of file-name on
+ remote machine.
+
+ rename [from] [to]
+ Rename the file from on the remote machine, to the file
+ to.
+
+ reset
+ Clear reply queue. This command re-synchronizes
+ command/reply sequencing with the remote ftp server.
+ Resynchronization may be necessary following a viola-
+ tion of the ftp protocol by the remote server.
+
+ restart marker
+ Restart the immediately following get or put at the
+ indicated marker. On UNIX systems, marker is usually a
+ byte offset into the file.
+
+ rmdir directory-name
+ Delete a directory on the remote machine.
+
+ runique
+ Toggle storing of files on the local system with unique
+ filenames. If a file already exists with a name equal
+ to the target local filename for a get or mget command,
+ a ".1" is appended to the name. If the resulting name
+ matches another existing file, a ".2" is appended to
+ the original name. If this process continues up to
+ ".99", an error message is printed, and the transfer
+ does not take place. The generated unique filename
+ will be reported. Note that runique will not affect
+ local files generated from a shell command (see below).
+ The default value is off.
+
+ safe Set the protection level on data transfers to ``safe''.
+ Data transmissions are integrity-protected by crypto-
+ graphic checksum. If no ADAT command succeeded, then
+ the only possible level is ``clear''.
+
+ send local-file [remote-file]
+ A synonym for put.
+
+ sendport
+ Toggle the use of PORT commands. By default, ftp will
+ attempt to use a PORT command when establishing a con-
+ nection for each data transfer. The use of PORT com-
+ mands can prevent delays when performing multiple file
+ transfers. If the PORT command fails, ftp will use the
+ default data port. When the use of PORT commands is
+ disabled, no attempt will be made to use PORT commands
+ for each data transfer. This is useful for certain FTP
+ implementations which do ignore PORT commands but,
+ incorrectly, indicate they've been accepted.
+
+ site arg1 [arg2] [...]
+ The arguments specified are sent, verbatim, to the
+ remote FTP server as a SITE command.
+
+ size file-name
+ Return size of file-name on remote machine.
+
+ status
+ Show the current status of ftp.
+
+ struct struct-name
+ Set the file transfer structure to struct-name. By
+ default ``stream'' structure is used.
+
+ sunique
+ Toggle storing of files on remote machine under unique
+ file names. Remote ftp server must support ftp proto-
+ col STOU command for successful completion. The remote
+ server will report unique name. Default value is off.
+
+ system
+ Show the type of operating system running on the remote
+ machine.
+
+ tenex
+ Set the file transfer type to that needed to talk to
+ TENEX machines.
+
+ trace
+ Toggle packet tracing.
+
+ type [type-name]
+ Set the file transfer type to type-name. If no type is
+ specified, the current type is printed. The default
+ type is network ASCII.
+
+ umask [newmask]
+ Set the default umask on the remote server to newmask.
+ If newmask is omitted, the current umask is printed.
+
+ user user-name [password] [account]
+ Identify yourself to the remote FTP server. If the
+ password is not specified and the server requires it,
+ ftp will prompt the user for it (after disabling local
+ echo). If an account field is not specified, and the
+ FTP server requires it, the user will be prompted for
+ it. If an account field is specified, an account com-
+ mand will be relayed to the remote server after the
+ login sequence is completed if the remote server did
+ not require it for logging in. Unless ftp is invoked
+ with ``auto-login'' disabled, this process is done
+ automatically on initial connection to the FTP server.
+
+ verbose
+ Toggle verbose mode. In verbose mode, all responses
+ from the FTP server are displayed to the user. In
+ addition, if verbose is on, when a file transfer com-
+ pletes, statistics regarding the efficiency of the
+ transfer are reported. By default, verbose is on.
+
+ ? [command]
+ A synonym for help.
+
+ Command arguments which have embedded spaces may be quoted
+ with quote `"' marks.
+
+
+
+ABORTING A FILE TRANSFER
+ To abort a file transfer, use the terminal interrupt key
+ (usually Ctrl-C). Sending transfers will be immediately
+ halted. Receiving transfers will be halted by sending a FTP
+ protocol ABOR command to the remote server, and discarding
+ any further data received. The speed at which this is
+ accomplished depends upon the remote server's support for
+ ABOR processing. If the remote server does not support the
+ ABOR command, an `ftp>' prompt will not appear until the
+ remote server has completed sending the requested file.
+
+ The terminal interrupt key sequence will be ignored when ftp
+ has completed any local processing and is awaiting a reply
+ from the remote server. A long delay in this mode may
+ result from the ABOR processing described above, or from
+ unexpected behavior by the remote server, including viola-
+ tions of the ftp protocol. If the delay results from unex-
+ pected remote server behavior, the local ftp program must be
+ killed by hand.
+
+
+
+FILE NAMING CONVENTIONS
+ Files specified as arguments to ftp commands are processed
+ according to the following rules.
+
+ 1. If the file name `-' is specified, stdin (for reading)
+ or stdout (for writing) is used.
+
+ 2. If the first character of the file name is `|', the
+ remainder of the argument is interpreted as a shell
+ command. Ftp then forks a shell, using popen(3) with
+ the argument supplied, and reads from (writes to)
+ stdout (stdin). If the shell command includes spaces,
+ the argument must be quoted; e.g. ``" ls -lt"''. A
+ particularly useful example of this mechanism is:
+ ``dir more''.
+
+ 3. Failing the above checks, if ``globbing'' is enabled,
+ local file names are expanded according to the rules
+ used in csh(1); c.f. the glob command. If the ftp com-
+ mand expects a single local file (.e.g. put), only the
+ first filename generated by the ``globbing'' operation
+ is used.
+
+ 4. For mget commands and get commands with unspecified
+ local file names, the local filename is the remote
+ filename, which may be altered by a case, ntrans, or
+ nmap setting. The resulting filename may then be
+ altered if runique is on.
+
+ 5. For mput commands and put commands with unspecified
+ remote file names, the remote filename is the local
+ filename, which may be altered by a ntrans or nmap set-
+ ting. The resulting filename may then be altered by
+ the remote server if sunique is on.
+
+
+
+FILE TRANSFER PARAMETERS
+ The FTP specification specifies many parameters which may
+ affect a file transfer. The type may be one of ``ascii'',
+ ``image'' (binary), ``ebcdic'', and ``local byte size''
+ (mostly for PDP-10's and PDP-20's). Ftp supports the ascii
+ and image types of file transfer, plus local byte size 8 for
+ tenex mode transfers.
+
+ Ftp supports only the default values for the remaining file
+ transfer parameters: mode, form, and struct.
+
+
+
+THE .netrc FILE
+ The .netrc file contains login and initialization informa-
+ tion used by the auto-login process. It resides in the
+ user's home directory. The following tokens are recognized;
+ they may be separated by spaces, tabs, or new-lines:
+
+ machine name
+ Identify a remote machine name. The auto-login process
+ searches the .netrc file for a machine token that
+ matches the remote machine specified on the ftp command
+ line or as an open command argument. Once a match is
+ made, the subsequent .netrc tokens are processed, stop-
+ ping when the end of file is reached or another machine
+ or a default token is encountered.
+
+ default
+ This is the same as machine name except that default
+ matches any name. There can be only one default token,
+ and it must be after all machine tokens. This is nor-
+ mally used as:
+
+ default login anonymous password user@site
+
+ thereby giving the user automatic anonymous ftp login
+ to machines not specified in .netrc. This can be over-
+ ridden by using the -n flag to disable auto-login.
+
+ login name
+ Identify a user on the remote machine. If this token
+ is present, the auto-login process will initiate a
+ login using the specified name.
+
+ password string
+ Supply a password. If this token is present, the
+ auto-login process will supply the specified string if
+ the remote server requires a password as part of the
+ login process. Note that if this token is present in
+ the .netrc file for any user other than anonymous, ftp
+ will abort the auto-login process if the .netrc is
+ readable by anyone besides the user.
+
+ account string
+ Supply an additional account password. If this token
+ is present, the auto-login process will supply the
+ specified string if the remote server requires an addi-
+ tional account password, or the auto-login process will
+ initiate an ACCT command if it does not.
+
+ macdef name
+ Define a macro. This token functions like the ftp mac-
+ def command functions. A macro is defined with the
+ specified name; its contents begin with the next .netrc
+ line and continue until a null line (consecutive new-
+ line characters) is encountered. If a macro named init
+ is defined, it is automatically executed as the last
+ step in the auto-login process.
+
+
+
+ENVIRONMENT
+ Ftp utilizes the following environment variables.
+
+ HOME For default location of a .netrc file, if one exists.
+
+ SHELL
+ For default shell.
+
+
+
+SEE ALSO
+ ftpd(8)
+
+ Lunt, S. J., FTP Security Extensions, Internet Draft,
+ November 1993.
+
+
+
+HISTORY
+ The ftp command appeared in 4.2BSD.
+
+
+
+BUGS
+ Correct execution of many commands depends upon proper
+ behavior by the remote server.
+
+ An error in the treatment of carriage returns in the 4.2BSD
+ ascii-mode transfer code has been corrected. This correc-
+ tion may result in incorrect transfers of binary files to
+ and from 4.2BSD servers using the ascii type. Avoid this
+ problem by using the binary image type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Man(1) output converted with
+man2html
+
+
+
--- krb5-1.8.1+dfsg.orig/doc/rsh.html
+++ krb5-1.8.1+dfsg/doc/rsh.html
@@ -0,0 +1,183 @@
+
+
+
+
+
+
+NAME
+ rsh - remote shell
+
+
+
+SYNOPSIS
+ rsh host [-l username] [-n] [-d] [-k realm] [-f | -F] [-x]
+ [-PN | -PO] command
+
+
+
+DESCRIPTION
+ Rsh connects to the specified host, and executes the speci-
+ fied command. Rsh copies its standard input to the remote
+ command, the standard output of the remote command to its
+ standard output, and the standard error of the remote com-
+ mand to its standard error. This implementation of rsh will
+ accept any port for the standard error stream. Interrupt,
+ quit and terminate signals are propagated to the remote com-
+ mand; rsh normally terminates when the remote command does.
+
+ Each user may have a private authorization list in a file
+ .k5login in his login directory. Each line in this file
+ should contain a Kerberos principal name of the form
+ principal/instance@realm. If there is a ~/.k5login file,
+ then access is granted to the account if and only if the
+ originater user is authenticated to one of the princiapls
+ named in the ~/.k5login file. Otherwise, the originating
+ user will be granted access to the account if and only if
+ the authenticated principal name of the user can be mapped
+ to the local account name using the aname -> lname mapping
+ rules (see krb5_anadd(8) for more details).
+
+
+
+OPTIONS
+ -l username
+ sets the remote username to username. Otherwise, the
+ remote username will be the same as the local username.
+
+ -x causes the network session traffic to be encrypted.
+ This applies only to the input and output streams, and
+ not the command line.
+
+ -f cause nonforwardable Kerberos credentials to be for-
+ warded to the remote machine for use by the specified
+ command. They will be removed when command finishes.
+ This option is mutually exclusive with the -F option.
+
+ -F cause forwardable Kerberos credentials to be forwarded
+ to the remote machine for use by the specified command.
+ They will be removed when command finishes. This
+ option is mutually exclusive with the -f option.
+
+ -k realm
+ causes rsh to obtain tickets for the remote host in
+ realm instead of the remote host's realm as determined
+ by krb_realmofhost(3).
+
+ -d turns on socket debugging (via setsockopt(2)) on the
+ TCP sockets used for communication with the remote
+ host.
+
+ -n redirects input from the special device /dev/null (see
+ the BUGS section below).
+
+ -PN
+
+ -PO Explicitly request new or old version of the Kerberos
+ ``rcmd'' protocol. The new protocol avoids many secu-
+ rity problems found in the old one, but is not interop-
+ erable with older servers. (An "input/output error"
+ and a closed connection is the most likely result of
+ attempting this combination.) If neither option is
+ specified, some simple heuristics are used to guess
+ which to try.
+
+ If you omit command, then instead of executing a single com-
+ mand, you will be logged in on the remote host using rlo-
+ gin(1).
+
+ Shell metacharacters which are not quoted are interpreted on
+ the local machine, while quoted metacharacters are inter-
+ preted on the remote machine. Thus the command
+
+ rsh otherhost cat remotefile >> localfile
+
+ appends the remote file remotefile to the local file local-
+ file, while
+
+ rsh otherhost cat remotefile ">>" otherremotefile
+
+ appends remotefile to otherremotefile.
+
+
+
+FILES
+ /etc/hosts
+�7
+ ~/.k5login (on remote host) - file containing Kerberos
+ principals that are allowed access.
+
+
+
+SEE ALSO
+ rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3),
+ kshd(8)
+
+
+
+BUGS
+ If you are using csh(1) and put a rsh(1) in the background
+ without redirecting its input away from the terminal, it
+ will block even if no reads are posted by the remote com-
+ mand. If no input is desired you should redirect the input
+ of rsh to /dev/null using the -n option.
+
+
+ You cannot run an interactive command (like rogue(6) or
+ vi(1)); use rlogin(1).
+
+ Stop signals stop the local rsh process only; this is argu-
+ ably wrong, but currently hard to fix for reasons too com-
+ plicated to explain here.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Man(1) output converted with
+man2html
+
+
+
--- krb5-1.8.1+dfsg.orig/doc/telnet.html
+++ krb5-1.8.1+dfsg/doc/telnet.html
@@ -0,0 +1,863 @@
+
+
+
+
+
+
+NAME
+ telnet - user interface to the TELNET protocol
+
+
+
+SYNOPSIS
+ telnet [-8] [-E] [-F] [-K] [-L] [-S tos] [-X authtype] [-a]
+ [-c] [-d] [-e escapechar] [-f] [-k realm] [-l user] [-n tra-
+ cefile] [-r] [-x] [host [port]]
+
+
+
+DESCRIPTION
+ The telnet command is used to communicate with another host
+ using the TELNET protocol. If telnet is invoked without the
+ host argument, it enters command mode, indicated by its
+ prompt ( telnet>). In this mode, it accepts and executes
+ the commands listed below. If it is invoked with arguments,
+ it performs an open command with those arguments.
+
+
+
+OPTIONS
+ -8 Specify an 8-bit data path. This causes an attempt to
+ negotiate the TELNET BINARY option on both input and
+ output.
+
+ -E Stop any character from being recognized as an escape
+ character.
+
+ -F forward a forwardable copy of the local credentials to
+ the remote system.
+
+ -K Specify no automatic login to the remote system.
+
+ -L Specify an 8-bit data path on output. This causes the
+ BINARY option to be negotiated on output.
+
+ -S tos
+ Set the IP type-of-service (TOS) option for the telnet
+ connection to the value tos, which can be a numeric TOS
+ value (in decimal, or a hex value preceded by 0x, or an
+ octal value preceded by a leading 0) or, on systems
+ that support it, a symbolic TOS name found in the
+ /etc/iptos file.
+
+ -X atype
+ Disable the atype type of authentication.
+
+ -a Attempt automatic login. This sends the user name via
+ the USER variable of the ENVIRON option, if supported
+ by the remote system. The name used is that of the
+ current user as returned by getlogin(2) if it agrees
+ with the current user ID; otherwise it is the name
+ associated with the user ID.
+
+ -c Disable the reading of the user's .telnetrc file. (See
+ the toggle skiprc command on this man page.)
+
+ -d Set the initial value of the debug flag to TRUE
+
+ -e escape char
+ Set the initial telnet escape character to escape char.
+ If escape char is omitted, then there will be no escape
+ character.
+
+ -f forward a copy of the local credentials to the remote
+ system.
+
+ -k realm
+ If Kerberos authentication is being used, request that
+ telnet obtain tickets for the remote host in realm
+ realm instead of the remote host's realm, as determined
+ by krb_realmofhost(3).
+
+ -l user
+ If the remote system understands the ENVIRON option,
+ then user will be sent to the remote system as the
+ value for the variable USER. This option implies the -a
+ option. This option may also be used with the open
+ command.
+
+ -n tracefile
+ Open tracefile for recording trace information. See
+ the set tracefile command below.
+
+ -r Specify a user interface similar to rlogin(1). In this
+ mode, the escape character is set to the tilde (~)
+ character, unless modified by the -e option.
+
+ -x Turn on encryption of the data stream. When this
+ option is turned on, telnet will exit with an error if
+ authentication cannot be negotiated or if encryption
+ cannot be turned on.
+
+ host Indicates the name, alias, or Internet address of the
+ remote host.
+
+ port Indicates a port number (address of an application).
+ If the port is not specified, the default telnet port
+ (23) is used.
+
+ When in rlogin mode, ~ is the telnet escape character; a
+ line of the form ~. disconnects from the remote host. Simi-
+ larly, the line ~^Z suspends the telnet session. The line
+ ~^] escapes to the normal telnet escape prompt.
+
+ Once a connection has been opened, telnet will attempt to
+ enable the TELNET LINEMODE option. If this fails, then tel-
+ net will revert to one of two input modes: either ``charac-
+ ter at a time'' or ``old line by line,'' depending on what
+ the remote system supports.
+
+ When LINEMODE is enabled, character processing is done on
+ the local system, under the control of the remote system.
+ When input editing or character echoing is to be disabled,
+ the remote system will relay that information. The remote
+ system will also relay changes to any special characters
+ that happen on the remote system, so that they can take
+ effect on the local system.
+
+ In ``character at a time'' mode, most text typed is immedi-
+ ately sent to the remote host for processing.
+
+ In ``old line by line'' mode, all text is echoed locally,
+ and (normally) only completed lines are sent to the remote
+ host. The ``local echo character'' (initially ``^E'') may
+ be used to turn off and on the local echo. (This would
+ mostly be used to enter passwords without the password being
+ echoed).
+
+ If the LINEMODE option is enabled, or if the localchars flag
+ is TRUE (the default for ``old line by line''; see below),
+ the user's quit, intr, and flush characters are trapped
+ locally, and sent as TELNET protocol sequences to the remote
+ side. If LINEMODE has ever been enabled, then the user's
+ susp and eof are also sent as TELNET protocol sequences, and
+ quit is sent as a TELNET ABORT instead of BREAK. There are
+ options (see toggle autoflush and toggle autosynch below)
+ which cause this action to flush subsequent output to the
+ terminal (until the remote host acknowledges the TELNET
+ sequence) and flush previous terminal input (in the case of
+ quit and intr).
+
+ While connected to a remote host, telnet command mode may be
+ entered by typing the telnet ``escape character'' (initially
+ ``^]''). When in command mode, the normal terminal editing
+ conventions are available.
+
+ The following telnet commands are available. Only enough of
+ each command to uniquely identify it need be typed (this is
+ also true for arguments to the mode, set, toggle, unset,
+ slc, environ, and display commands).
+
+ auth argument ...
+ The auth command manipulates the information sent
+ through the TELNET AUTHENTICATE option. Valid argu-
+ ments for the auth command are as follows:
+
+ disable type
+ Disables the specified type of authentication. To
+ obtain a list of available types, use the auth
+ disable ? command.
+
+ enable type
+ Enables the specified type of authentication. To
+ obtain a list of available types, use the auth
+ enable ? command.
+
+ status
+ Lists the current status of the various types of
+ authentication.
+
+ close
+ Close a TELNET session and return to command mode.
+
+ display argument ...
+ Displays some or all of the set and toggle values (see
+ below).
+
+ encrypt argument ...
+ The encrypt command manipulates the information sent
+ through the TELNET ENCRYPT option.
+
+ Note: Because of export controls, the TELNET ENCRYPT option
+ is not supported outside of the United States and Canada.
+
+ Valid arguments for the encrypt command are as follows:
+
+ disable type [input|output]
+ Disables the specified type of encryption. If you
+ omit the input and output, both input and output
+ are disabled. To obtain a list of available
+ types, use the encrypt disable ? command.
+
+ enable type]fP [input|output]
+ Enables the specified type of encryption. If you
+ omit input and output, both input and output are
+ enabled. To obtain a list of available types, use
+ the encrypt enable ? command.
+
+ input
+ This is the same as the encrypt start input com-
+ mand.
+
+ -input
+ This is the same as the encrypt stop input com-
+ mand.
+
+ output
+ This is the same as the encrypt start output com-
+ mand.
+
+ -output
+ This is the same as the encrypt stop output com-
+ mand.
+
+ start [input|output]
+ Attempts to start encryption. If you omit input
+ and output, both input and output are enabled. To
+ obtain a list of available types, use the encrypt
+ enable ? command.
+
+ status
+ Lists the current status of encryption.
+
+ stop [input|output]
+ Stops encryption. If you omit input and output,
+ encryption is on both input and output.
+
+ type type
+ Sets the default type of encryption to be used
+ with later encrypt start or encrypt stop commands.
+
+ environ arguments ...
+ The environ command is used to manipulate the the vari-
+ ables that my be sent through the TELNET ENVIRON
+ option. The initial set of variables is taken from the
+ users environment, with only the DISPLAY and PRINTER
+ variables being exported by default. The USER variable
+ is also exported if the -a or -l options are used.
+
+ Valid arguments for the environ command are:
+
+ define variable value
+ Define the variable variable to have a value of
+ value. Any variables defined by this command are
+ automatically exported. The value may be enclosed
+ in single or double quotes so that tabs and spaces
+ may be included.
+
+ undefine variable
+ Remove variable from the list of environment vari-
+ ables.
+
+ export variable
+ Mark the variable variable to be exported to the
+ remote side.
+
+ unexport variable
+ Mark the variable variable to not be exported
+ unless explicitly asked for by the remote side.
+
+ list List the current set of environment variables.
+ Those marked with a * will be sent automatically;
+ other variables will only be sent if explicitly
+ requested.
+
+ ? Prints out help information for the environ
+ command.
+
+ logout
+ Sends the TELNET LOGOUT option to the remote side.
+ This command is similar to a close command; however, if
+ the remote side does not support the LOGOUT option,
+ nothing happens. If, however, the remote side does
+ support the LOGOUT option, this command should cause
+ the remote side to close the TELNET connection. If the
+ remote side also supports the concept of suspending a
+ user's session for later reattachment, the logout argu-
+ ment indicates that you should terminate the session
+ immediately.
+
+ mode type
+ Type is one of several options, depending on the state
+ of the TELNET session. The remote host is asked for
+ permission to go into the requested mode. If the
+ remote host is capable of entering that mode, the
+ requested mode will be entered.
+
+ character
+ Disable the TELNET LINEMODE option, or, if the
+ remote side does not understand the LINEMODE
+ option, then enter ``character at a time'' mode.
+
+ line Enable the TELNET LINEMODE option, or, if the
+ remote side does not understand the LINEMODE
+ option, then attempt to enter ``old-line-by-line''
+ mode.
+
+ isig (-isig)
+ Attempt to enable (disable) the TRAPSIG mode of
+ the LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ edit (-edit)
+ Attempt to enable (disable) the EDIT mode of the
+ LINEMODE option. This requires that the LINEMODE
+ option be enabled.
+
+ softtabs (-softtabs)
+ Attempt to enable (disable) the SOFT_TAB mode of
+ the LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ litecho (-litecho)
+ Attempt to enable (disable) the LIT_ECHO mode of
+ the LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ ? Prints out help information for the mode command.
+
+ open host [-a] [[-l] user] [-port]
+ Open a connection to the named host. If no port number
+ is specified, telnet will attempt to contact a TELNET
+ server at the default port. The host specification may
+ be either a host name (see hosts(5) or an Internet
+ address specified in the ``dot notation'' (see inet(3).
+ After establishing a connection, the file .telnetrc in
+ the user's home directory is opened. Lines beginning
+ with a # are comment lines. Blank lines are ignored.
+ Lines that begin without white space are the start of a
+ machine entry. The first thing on the line is the name
+ of the machine that is being connected to. The rest of
+ the line, and successive lines that begin with white
+ space are assumed to be telnet commands and are pro-
+ cessed as if they had been typed in manually to the
+ telnet command prompt.
+
+ -a Attempt automatic login. This sends the user name
+ via the USER variable of the ENVIRON option, if
+ supported by the remote system. The name used is
+ that of the current user as returned by getlo-
+ gin(2) if it agrees with the current user ID; oth-
+ erwise it is the name associated with the user ID.
+
+ [-l] user
+ may be used to specify the user name to be passed
+ to the remote system via the ENVIRON option.
+
+ -port
+ When connecting to a non-standard port, telnet
+ omits any automatic initiation of TELNET options.
+ When the port number is preceded by a minus sign,
+ the initial option negotiation is done.
+
+ quit Close any open TELNET session and exit telnet. An end
+ of file (in command mode) will also close a session and
+ exit.
+
+ send arguments
+ Sends one or more special character sequences to the
+ remote host. The following are the arguments which may
+ be specified (more than one argument may be specified
+ at a time):
+
+ abort
+ Sends the TELNET ABORT (Abort processes) sequence.
+
+ ao Sends the TELNET AO (Abort Output) sequence, which
+ should cause the remote system to flush all output
+ from the remote system to the user's terminal.
+
+ ayt Sends the TELNET AYT (Are You There) sequence, to
+ which the remote system may or may not choose to
+ respond.
+
+ brk Sends the TELNET BRK (Break) sequence, which may
+ have significance to the remote system.
+
+ ec Sends the TELNET EC (Erase Character) sequence,
+ which should cause the remote system to erase the
+ last character entered.
+
+ el Sends the TELNET EL (Erase Line) sequence, which
+ should cause the remote system to erase the line
+ currently being entered.
+
+ eof Sends the TELNET EOF (End Of File) sequence.
+
+ eor Sends the TELNET EOR (End of Record) sequence.
+
+ escape
+ Sends the current telnet escape character (ini-
+ tially ``^''.
+
+ ga Sends the TELNET GA (Go Ahead) sequence, which
+ likely has no significance to the remote system.
+
+ getstatus
+ If the remote side supports the TELNET STATUS com-
+ mand, getstatus will send the subnegotiation to
+ request that the server send its current option
+ status.
+
+ ip Sends the TELNET IP (Interrupt Process) sequence,
+ which should cause the remote system to abort the
+ currently running process.
+
+ nop Sends the TELNET NOP (No OPeration) sequence.
+
+ susp Sends the TELNET SUSP (SUSPend process) sequence.
+
+ synch
+ Sends the TELNET SYNCH sequence. This sequence
+ causes the remote system to discard all previously
+ typed (but not yet read) input. This sequence is
+ sent as TCP urgent data (and may not work if the
+ remote system is a 4.2BSD system -- if it doesn't
+ work, a lower case ``r'' may be echoed on the ter-
+ minal).
+
+ do cmd
+
+ dont cmd
+
+ will cmd
+
+ wont cmd
+ Sends the TELNET DO cmd sequence. Cmd can be
+ either a decimal number between 0 and 255, or a
+ symbolic name for a specific TELNET command. Cmd
+ can also be either help or ? to print out help
+ information, including a list of known symbolic
+ names.
+
+ ? Prints out help information for the send command.
+
+ set argument value
+
+ unset argument value
+ The set command will set any one of a number of telnet
+ variables to a specific value or to TRUE. The special
+ value off turns off the function associated with the
+ variable; this is equivalent to using the unset com-
+ mand. The unset command will disable or set to FALSE
+ any of the specified functions. The values of vari-
+ ables may be interrogated with the display command.
+ The variables which may be set or unset, but not tog-
+ gled, are listed here. In addition, any of the vari-
+ ables for the toggle command may be explicitly set or
+ unset using the set and unset commands.
+
+ ayt If telnet is in localchars mode, or LINEMODE is
+ enabled, and the status character is typed, a TEL-
+ NET AYT sequence (see send ayt preceding) is sent
+ to the remote host. The initial value for the
+ "Are You There" character is the terminal's status
+ character.
+
+ echo This is the value (initially ``^E'') which, when
+ in ``line by line'' mode, toggles between doing
+ local echoing of entered characters (for normal
+ processing), and suppressing echoing of entered
+ characters (for entering, say, a password).
+
+ eof If telnet is operating in LINEMODE or ``old line
+ by line'' mode, entering this character as the
+ first character on a line will cause this charac-
+ ter to be sent to the remote system. The initial
+ value of the eof character is taken to be the
+ terminal's eof character.
+
+ erase
+ If telnet is in localchars mode (see toggle local-
+ chars below), and if telnet is operating in
+ ``character at a time'' mode, then when this char-
+ acter is typed, a TELNET EC sequence (see send ec
+ above) is sent to the remote system. The initial
+ value for the erase character is taken to be the
+ terminal's erase character.
+
+ escape
+ This is the telnet escape character (initially
+ ``^['') which causes entry into telnet command
+ mode (when connected to a remote system).
+
+ flushoutput
+ If telnet is in localchars mode (see toggle local-
+ chars below) and the flushoutput character is
+ typed, a TELNET AO sequence (see send ao above) is
+ sent to the remote host. The initial value for
+ the flush character is taken to be the terminal's
+ flush character.
+
+ forw1
+
+ forw2
+ If telnet is operating in LINEMODE, these are the
+ characters that, when typed, cause partial lines
+ to be forwarded to the remote system. The initial
+ value for the forwarding characters are taken from
+ the terminal's eol and eol2 characters.
+
+ interrupt
+ If telnet is in localchars mode (see toggle local-
+ chars below) and the interrupt character is typed,
+ a TELNET IP sequence (see send ip above) is sent
+ to the remote host. The initial value for the
+ interrupt character is taken to be the terminal's
+ intr character.
+
+ kill If telnet is in localchars mode (see toggle local-
+ chars below), and if telnet is operating in
+ ``character at a time'' mode, then when this char-
+ acter is typed, a TELNET EL sequence (see send el
+ above) is sent to the remote system. The initial
+ value for the kill character is taken to be the
+ terminal's kill character.
+
+ lnext
+ If telnet is operating in LINEMODE or ``old line
+ by line'' mode, then this character is taken to be
+ the terminal's lnext character. The initial value
+ for the lnext character is taken to be the
+ terminal's lnext character.
+
+ quit If telnet is in localchars mode (see toggle local-
+ chars below) and the quit character is typed, a
+ TELNET BRK sequence (see send brk above) is sent
+ to the remote host. The initial value for the
+ quit character is taken to be the terminal's quit
+ character.
+
+ reprint
+ If telnet is operating in LINEMODE or ``old line
+ by line'' mode, then this character is taken to be
+ the terminal's reprint character. The initial
+ value for the reprint character is taken to be the
+ terminal's reprint character.
+
+ rlogin
+ This is the rlogin escape character. If set, the
+ normal TELNET escape character is ignored unless
+ it is preceded by this character at the beginning
+ of a line. This character, at the beginning of a
+ line followed by a "." closes the connection;
+ when followed by a ^Z it suspends the telnet com-
+ mand. The initial state is to disable the rlogin
+ escape character.
+
+ start
+ If the TELNET TOGGLE-FLOW-CONTROL option has been
+ enabled, then this character is taken to be the
+ terminal's start character. The initial value for
+ the kill character is taken to be the terminal's
+ start character.
+
+ stop If the TELNET TOGGLE-FLOW-CONTROL option has been
+ enabled, then this character is taken to be the
+ terminal's stop character. The initial value for
+ the kill character is taken to be the terminal's
+ stop character.
+
+ susp If telnet is in localchars mode, or LINEMODE is
+ enabled, and the suspend character is typed, a
+ TELNET SUSP sequence (see send susp above) is sent
+ to the remote host. The initial value for the
+ suspend character is taken to be the terminal's
+ suspend character.
+
+ tracefile
+ This is the file to which the output, caused by
+ netdata or option tracing being TRUE, will be
+ written. If it is set to ``-'', then tracing
+ information will be written to standard output
+ (the default).
+
+ worderase
+ If telnet is operating in LINEMODE or ``old line
+ by line'' mode, then this character is taken to be
+ the terminal's worderase character. The initial
+ value for the worderase character is taken to be
+ the terminal's worderase character.
+
+ ? Displays the legal set (unset) commands.
+
+ slc state
+ The slc command (Set Local Characters) is used to set
+ or change the state of the the special characters when
+ the TELNET LINEMODE option has been enabled. Special
+ characters are characters that get mapped to telnet
+ commands sequences (like ip or quit ) or line editing
+ characters (like erase and kill). By default, the
+ local special characters are exported.
+
+ check
+ Verify the current settings for the current spe-
+ cial characters. The remote side is requested to
+ send all the current special character settings,
+ and if there are any discrepancies with the local
+ side, the local side will switch to the remote
+ value.
+
+ export
+ Switch to the local defaults for the special char-
+ acters. The local default characters are those of
+ the local terminal at the time when telnet was
+ started.
+
+ import
+ Switch to the remote defaults for the special
+ characters. The remote default characters are
+ those of the remote system at the time when the
+ TELNET connection was established.
+
+ ? Prints out help information for the slc command.
+
+ status
+ Show the current status of telnet. This includes the
+ peer one is connected to, as well as the current mode.
+
+ toggle arguments ...
+ Toggle (between TRUE and FALSE) various flags that con-
+ trol how telnet responds to events. These flags may be
+ set explicitly to TRUE or FALSE using the set and unset
+ commands listed above. More than one argument may be
+ specified. The state of these flags may be interro-
+ gated with the display command. Valid arguments are:
+
+ authdebug
+ Turns on debugging information for the authentica-
+ tion code.
+
+ autoflush
+ If autoflush and localchars are both TRUE , then
+ when the ao, or quit characters are recognized
+ (and transformed into TELNET sequences; see set
+ above for details), telnet refuses to display any
+ data on the user's terminal until the remote sys-
+ tem acknowledges (via a TELNET TIMING MARK option)
+ that it has processed those TELNET sequences. The
+ initial value for this toggle is TRUE if the ter-
+ minal user had not done an "stty noflsh", other-
+ wise FALSE (see stty(1).
+
+ autodecrypt
+ When the TELNET ENCRYPT option is negotiated, by
+ default the actual encryption (decryption) of the
+ data stream does not start automatically. The
+ autoencrypt (autodecrypt) command states that
+ encryption of the output (input) stream should be
+ enabled as soon as possible.
+
+ Note: Because of export controls, the TELNET ENCRYPT
+ option is not supported outside the United States and
+ Canada.
+
+ autologin
+ If the remote side supports the TELNET AUTHENTICA-
+ TION option telnet attempts to use it to perform
+ automatic authentication. If the AUTHENTICATION
+ option is not supported, the user's login name are
+ propagated through the TELNET ENVIRON option.
+ This command is the same as specifying the -a
+ option on the open command.
+
+ autosynch
+ If autosynch and localchars are both TRUE, then
+ when either the intr or quit characters is typed
+ (see set above for descriptions of the intr and
+ quit characters), the resulting TELNET sequence
+ sent is followed by the TELNET SYNCH sequence.
+ This procedure should cause the remote system to
+ begin throwing away all previously typed input
+ until both of the TELNET sequences have been read
+ and acted upon. The initial value of this toggle
+ is FALSE.
+
+ binary
+ Enable or disable the TELNET BINARY option on both
+ input and output.
+
+ inbinary
+ Enable or disable the TELNET BINARY option on
+ input.
+
+ outbinary
+ Enable or disable the TELNET BINARY option on out-
+ put.
+
+ crlf If this is TRUE, then carriage returns will be
+ sent as <CR><LF>. If this is FALSE, then carriage
+ returns will be send as <CR><NUL>. The initial
+ value for this toggle is FALSE.
+
+ crmod
+ Toggle carriage return mode. When this mode is
+ enabled, most carriage return characters received
+ from the remote host will be mapped into a car-
+ riage return followed by a line feed. This mode
+ does not affect those characters typed by the
+ user, only those received from the remote host.
+ This mode is not very useful unless the remote
+ host only sends carriage return, but never line
+ feed. The initial value for this toggle is FALSE
+ .
+
+ debug
+ Toggles socket level debugging (useful only to the
+ super user). The initial value for this toggle is
+ FALSE .
+
+ encdebug
+ Turns on debugging information for the encryption
+ code.
+
+ localchars
+ If this is TRUE , then the flush, interrupt, quit,
+ erase, and kill characters (see set above) are
+ recognized locally, and transformed into (hope-
+ fully) appropriate TELNET control sequences
+ (respectively ao, ip, brk, ec, and el; see send
+ above). The initial value for this toggle is TRUE
+ in ``old line by line'' mode, and FALSE in ``char-
+ acter at a time'' mode. When the LINEMODE option
+ is enabled, the value of localchars is ignored,
+ and assumed to always be TRUE. If LINEMODE has
+ ever been enabled, then quit is sent as abort, and
+ eof and suspend are sent as eof and susp, see send
+ above).
+
+ netdata
+ Toggles the display of all network data (in hexa-
+ decimal format). The initial value for this tog-
+ gle is FALSE.
+
+ options
+ Toggles the display of some internal telnet
+ protocol processing (having to do with TELNET
+ options). The initial value for this flag is
+ FALSE .
+
+ prettydump
+ When the netdata flag is enabled, if prettydump is
+ enabled the output from the netdata command will
+ be formatted in a more user-readable format.
+ Spaces are put between each character in the out-
+ put, and the beginning of any TELNET escape
+ sequence is preceded by a '*' to aid in locating
+ them.
+
+ skiprc
+ When the skiprc flag is TRUE, TELNET skips the
+ reading of the .telnetrc file in the user's home
+ directory when connections are opened. The ini-
+ tial value for this flag is FALSE.
+
+ termdata
+ Toggles the display of all terminal data (in hexa-
+ decimal format). The initial value for this flag
+ is FALSE.
+
+ verbose_encrypt
+ When the verbose_encrypt flag is TRUE, TELNET
+ prints out a message each time encryption is
+ enabled or disabled. The initial value for this
+ toggle is FALSE. Note: Because of export con-
+ trols, data encryption is not supported outside of
+ the United States and Canada.
+
+ ? Displays the legal toggle commands.
+
+ z Suspend telnet. This command only works when the
+ user's shell is csh(1).
+
+ ! [command]
+ Execute a single command in a subshell on the local
+ system. If command is omitted, then an interactive
+ subshell is invoked.
+
+ ? command
+ Get help. With no arguments, telnet prints a help sum-
+ mary. If a command is specified, telnet will print the
+ help information for just that command.
+
+
+
+ENVIRONMENT
+ Telnet uses at least the HOME, SHELL, DISPLAY, and TERM
+ environment variables. Other environment variables may be
+ propagated to the other side via the TELNET ENVIRON option.
+
+
+
+FILES
+ The Telnet command appeared in 4.2BSD.
+
+
+
+NOTES
+ On some remote systems, echo has to be turned off manually
+ when in ``old line by line'' mode.
+
+ In ``old line by line'' mode or LINEMODE the terminal's eof
+ character is only recognized (and sent to the remote system)
+ when it is the first character on a line.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Man(1) output converted with
+man2html
+
+
+
--- krb5-1.8.1+dfsg.orig/doc/rlogin.html
+++ krb5-1.8.1+dfsg/doc/rlogin.html
@@ -0,0 +1,182 @@
+
+
+
+
+
+
+NAME
+ rlogin - remote login
+
+
+
+SYNOPSIS
+ rlogin rhost [-ec] [-8] [-c] [ -a] [-f] [-F] [-t termtype]
+ [-n] [-7] [-PN | -PO] [-d] [-k realm] [-x] [-L] [-l user-
+ name]
+
+
+
+DESCRIPTION
+ Rlogin connects your terminal on the current local host sys-
+ tem lhost to the remote host system rhost.
+
+ The version built to use Kerberos authentication is very
+ similar to the standard Berkeley rlogin(1), except that
+ instead of the rhosts mechanism, it uses Kerberos authenti-
+ cation to determine the authorization to use a remote
+ account.
+
+ Each user may have a private authorization list in a file
+ .k5login in his login directory. Each line in this file
+ should contain a Kerberos principal name of the form
+ principal/instance@realm. If the originating user is
+ authenticated to one of the principals named in .k5login,
+ access is granted to the account. If there is no /.k5login
+ file, the principal will be granted access to the account
+ according to the aname->lname mapping rules. (See
+ krb5_anadd(8) for more details.) Otherwise a login and
+ password will be prompted for on the remote machine as in
+ login(1). To avoid some security problems, the .k5login
+ file must be owned by the remote user.
+
+ If there is some problem in marshaling the Kerberos authen-
+ tication information, an error message is printed and the
+ standard UCB rlogin is executed in place of the Kerberos
+ rlogin.
+
+ A line of the form ``~.'' disconnects from the remote host,
+ where ``~'' is the escape character. Similarly, the line
+ ``~^Z'' (where ^Z, control-Z, is the suspend character) will
+ suspend the rlogin session. Substitution of the delayed-
+ suspend character (normally ^Y) for the suspend character
+ suspends the send portion of the rlogin, but allows output
+ from the remote system.
+
+ The remote terminal type is the same as your local terminal
+ type (as given in your environment TERM variable), unless
+ the -t option is specified (see below). The terminal or
+ window size is also copied to the remote system if the
+ server supports the option, and changes in size are
+ reflected as well.
+
+
+ All echoing takes place at the remote site, so that (except
+ for delays) the rlogin is transparent. Flow control via ^S
+ and ^Q and flushing of input and output on interrupts are
+ handled properly.
+
+
+
+OPTIONS
+ -8 allows an eight-bit input data path at all times; oth-
+ erwise parity bits are stripped except when the remote
+ side's stop and start characters are other than ^S/^Q.
+ Eight-bit mode is the default.
+
+ -L allows the rlogin session to be run in litout mode.
+
+ -ec sets the escape character to c. There is no space
+ separating this option flag and the new escape charac-
+ ter.
+
+ -c require confirmation before disconnecting via ``~.''
+
+ -a force the remote machine to ask for a password by send-
+ ing a null local username. This option has no effect
+ unless the standard UCB rlogin is executed in place of
+ the Kerberos rlogin (see above).
+
+ -f forward a copy of the local credentials to the remote
+ system.
+
+ -F forward a forwardable copy of the local credentials to
+ the remote system.
+
+ -t termtype
+ replace the terminal type passed to the remote host
+ with termtype.
+
+ -n prevent suspension of rlogin via ``~^Z'' or ``~^Y''.
+
+ -7 force seven-bit transmissions.
+
+ -d turn on socket debugging (via setsockopt(2)) on the TCP
+ sockets used for communication with the remote host.
+
+ -k request rlogin to obtain tickets for the remote host in
+ realm realm instead of the remote host's realm as
+ determined by krb_realmofhost(3).
+
+ -x turn on DES encryption for data passed via the rlogin
+ session. This applies only to input and output
+ streams, so the username is sent unencrypted. This
+ significantly reduces response time and significantly
+ increases CPU utilization.
+
+ -PN
+ -PO Explicitly request new or old version of the Kerberos
+ ``rcmd'' protocol. The new protocol avoids many secu-
+ rity problems found in the old one, but is not interop-
+ erable with older servers. (An "input/output error"
+ and a closed connection is the most likely result of
+ attempting this combination.) If neither option is
+ specified, some simple heuristics are used to guess
+ which to try.
+
+
+
+SEE ALSO
+ rsh(1), kerberos(1), krb_sendauth(3), krb_realmofhost(3),
+ rlogin(1) [UCB version], klogind(8)
+
+
+
+FILES
+ ~/.k5login (on remote host) - file containing Kerberos
+ principals that are allowed access.
+
+
+
+BUGS
+ More of the environment should be propagated.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Man(1) output converted with
+man2html
+
+
+
--- krb5-1.8.1+dfsg.orig/src/krb5-config.in
+++ krb5-1.8.1+dfsg/src/krb5-config.in
@@ -117,6 +117,7 @@
echo " [--prefix] Kerberos installed prefix"
echo " [--exec-prefix] Kerberos installed exec_prefix"
echo " [--cflags] Compile time CFLAGS"
+ echo " [--deps] Include dependent libraries"
echo " [--libs] List libraries required to link [LIBRARIES]"
echo "Libraries:"
echo " krb5 Kerberos 5 application"
@@ -214,7 +215,12 @@
fi
if test $library = 'krb5'; then
- lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
+ if [ "x$do_deps" = "x1" ] ; then
+ dep_libs="$GEN_LIB $LIBS $DL_LIB"
+ else
+ dep_libs=""
+ fi
+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $dep_libs"
fi
echo $lib_flags
--- krb5-1.8.1+dfsg.orig/src/krb5-config.M
+++ krb5-1.8.1+dfsg/src/krb5-config.M
@@ -26,37 +26,38 @@
krb5-config \- tool for linking against MIT Kerberos libraries
.SH SYNOPSIS
.B krb5-config
-[ \fB--help\fP | \fB--all\fP | \fB--version\fP | \fB--vendor\fP | \fB--prefix\fP |
-\fB--exec-prefix\fP | \fB--cflags\fP | \fB--libs\fP libraries ]
+[ \fB\-\-help\fP | \fB\-\-all\fP | \fB\-\-version\fP | \fB\-\-vendor\fP
+| \fB\-\-prefix\fP | \fB\-\-exec\-prefix\fP | \fB\-\-cflags\fP
+| \fB\-\-libs\fP libraries ]
.br
.SH DESCRIPTION
-.I krb5-config
+.I krb5\-config
tells the application programmer what special flags to use to compile
and link programs against the installed Kerberos libraries.
.SH OPTIONS
.TP
-\fB\--help\fP
+\fB\-\-help\fP
print usage message. This is the default.
.TP
-\fB\--all\fP
+\fB\-\-all\fP
prints version, vendor, prefix and exec-prefix.
.TP
-\fB\--version\fP
+\fB\-\-version\fP
prints the version of the installed Kerberos implementation.
.TP
-\fB\--vendor\fP
+\fB\-\-vendor\fP
prints the vendor of the installed Kerberos implementation.
.TP
-\fB\--prefix\fP
+\fB\-\-prefix\fP
prints the prefix with which Kerberos was built.
.TP
-\fB\--exec-prefix\fP
+\fB\-\-exec\-prefix\fP
prints the exec-prefix with which Kerberos was built.
.TP
-\fB\--cflags\fP
+\fB\-\-cflags\fP
prints the compiler flags with which Kerberos was built.
.TP
-\fB\--libs\fP \fIlibraries\fP
+\fB\-\-libs\fP \fIlibraries\fP
list compiler options required to link with \fIlibraries\fP. Possible
values for \fIlibraries\fP are:
.sp
--- krb5-1.8.1+dfsg.orig/src/patchlevel.h
+++ krb5-1.8.1+dfsg/src/patchlevel.h
@@ -53,6 +53,6 @@
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 8
#define KRB5_PATCHLEVEL 1
-/* #undef KRB5_RELTAIL */
+#define KRB5_RELTAIL "debian"
#define KRB5_RELDATE "20100408"
#define KRB5_RELTAG "tags/krb5-1-8-1-final"
--- krb5-1.8.1+dfsg.orig/src/lib/krb5/krb/pac.c
+++ krb5-1.8.1+dfsg/src/lib/krb5/krb/pac.c
@@ -582,6 +582,8 @@
checksum.checksum_type = load_32_le(p);
checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH;
checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH;
+ if (!krb5_c_is_keyed_cksum(checksum.checksum_type))
+ return KRB5KRB_AP_ERR_INAPP_CKSUM;
pac_data.length = pac->data.length;
pac_data.data = malloc(pac->data.length);
--- krb5-1.8.1+dfsg.orig/src/lib/krb5/krb/preauth2.c
+++ krb5-1.8.1+dfsg/src/lib/krb5/krb/preauth2.c
@@ -1578,7 +1578,9 @@
cksum = sc2->sam_cksum;
- while (*cksum) {
+ for (; *cksum; cksum++) {
+ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+ continue;
/* Check this cksum */
retval = krb5_c_verify_checksum(context, as_key,
KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@ -1592,7 +1594,6 @@
}
if (valid_cksum)
break;
- cksum++;
}
if (!valid_cksum) {
--- krb5-1.8.1+dfsg.orig/src/lib/krb5/krb/mk_safe.c
+++ krb5-1.8.1+dfsg/src/lib/krb5/krb/mk_safe.c
@@ -215,10 +215,28 @@
for (i = 0; i < nsumtypes; i++)
if (auth_context->safe_cksumtype == sumtypes[i])
break;
- if (i == nsumtypes)
- i = 0;
- sumtype = sumtypes[i];
krb5_free_cksumtypes (context, sumtypes);
+ if (i < nsumtypes)
+ sumtype = auth_context->safe_cksumtype;
+ else {
+ switch (enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ sumtype = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ sumtype = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ retval = krb5int_c_mandatory_cksumtype(context, enctype,
+ &sumtype);
+ if (retval) {
+ CLEANUP_DONE();
+ goto error;
+ }
+ break;
+ }
+ }
}
if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
plocal_fulladdr, premote_fulladdr,
--- krb5-1.8.1+dfsg.orig/src/lib/krb5/os/sn2princ.c
+++ krb5-1.8.1+dfsg/src/lib/krb5/os/sn2princ.c
@@ -62,6 +62,10 @@
}
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
krb5_error_code KRB5_CALLCONV
krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname, krb5_int32 type, krb5_principal *ret_princ)
{
--- krb5-1.8.1+dfsg.orig/src/lib/krb5/os/kuserok.c
+++ krb5-1.8.1+dfsg/src/lib/krb5/os/kuserok.c
@@ -41,6 +41,10 @@
#define MAX_USERNAME 65
+#ifndef MAXPATHLEN
+# define MAXPATHLEN 4096
+#endif
+
#if defined(__APPLE__) && defined(__MACH__)
#include /* XXX */
#define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID)
@@ -48,6 +52,7 @@
#define FILE_OWNER_OK(UID) ((UID) == 0)
#endif
+
/*
* Given a Kerberos principal "principal", and a local username "luser",
* determine whether user is authorized to login according to the
--- krb5-1.8.1+dfsg.orig/src/lib/crypto/krb/keyed_checksum_types.c
+++ krb5-1.8.1+dfsg/src/lib/crypto/krb/keyed_checksum_types.c
@@ -35,6 +35,13 @@
{
if (ctp->flags & CKSUM_UNKEYED)
return FALSE;
+ /* Stream ciphers do not play well with RFC 3961 key derivation, so be
+ * conservative with RC4. */
+ if ((ktp->etype == ENCTYPE_ARCFOUR_HMAC ||
+ ktp->etype == ENCTYPE_ARCFOUR_HMAC_EXP) &&
+ ctp->ctype != CKSUMTYPE_HMAC_MD5_ARCFOUR &&
+ ctp->ctype != CKSUMTYPE_MD5_HMAC_ARCFOUR)
+ return FALSE;
return (!ctp->enc || ktp->enc == ctp->enc);
}
--- krb5-1.8.1+dfsg.orig/src/lib/crypto/krb/dk/derive.c
+++ krb5-1.8.1+dfsg/src/lib/crypto/krb/dk/derive.c
@@ -91,6 +91,8 @@
blocksize = enc->block_size;
keybytes = enc->keybytes;
+ if (blocksize == 1)
+ return KRB5_BAD_ENCTYPE;
if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
return KRB5_CRYPTO_INTERNAL;
--- krb5-1.8.1+dfsg.orig/src/lib/gssapi/spnego/spnego_mech.c
+++ krb5-1.8.1+dfsg/src/lib/gssapi/spnego/spnego_mech.c
@@ -74,6 +74,10 @@
#include
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
#undef g_token_size
#undef g_verify_token_header
#undef g_make_token_header
@@ -3149,6 +3153,18 @@
*mechListMIC = get_input_token(&ptr, REMAIN);
if (*mechListMIC == GSS_C_NO_BUFFER)
return GSS_S_DEFECTIVE_TOKEN;
+
+ /* Handle Windows 2000 duplicate response token */
+ if (*responseToken &&
+ ((*responseToken)->length == (*mechListMIC)->length) &&
+ !memcmp((*responseToken)->value, (*mechListMIC)->value,
+ (*responseToken)->length)) {
+ OM_uint32 tmpmin;
+
+ gss_release_buffer(&tmpmin, *mechListMIC);
+ free(*mechListMIC);
+ *mechListMIC = NULL;
+ }
}
return GSS_S_COMPLETE;
#undef REMAIN
--- krb5-1.8.1+dfsg.orig/src/lib/gssapi/krb5/accept_sec_context.c
+++ krb5-1.8.1+dfsg/src/lib/gssapi/krb5/accept_sec_context.c
@@ -607,6 +607,13 @@
}
#endif
+ if (authdat->checksum == NULL) {
+ /* missing checksum counts as "inappropriate type" */
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
/* Samba does not send 0x8003 GSS-API checksums */
krb5_boolean valid;
--- krb5-1.8.1+dfsg.orig/src/lib/gssapi/krb5/util_crypt.c
+++ krb5-1.8.1+dfsg/src/lib/gssapi/krb5/util_crypt.c
@@ -119,10 +119,22 @@
if (code != 0)
return code;
- code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype,
- cksumtype);
- if (code != 0)
- return code;
+ switch (subkey->keyblock.enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ *cksumtype = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ *cksumtype = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ code = (*kaccess.mandatory_cksumtype)(context,
+ subkey->keyblock.enctype,
+ cksumtype);
+ if (code != 0)
+ return code;
+ break;
+ }
switch (subkey->keyblock.enctype) {
case ENCTYPE_DES_CBC_MD5:
--- krb5-1.8.1+dfsg.orig/src/tests/resolve/resolve.c
+++ krb5-1.8.1+dfsg/src/tests/resolve/resolve.c
@@ -73,6 +73,10 @@
#include
#include
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
int
main(argc, argv)
int argc;
--- krb5-1.8.1+dfsg.orig/src/plugins/preauth/pkinit/pkinit_srv.c
+++ krb5-1.8.1+dfsg/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -691,8 +691,7 @@
krb5_reply_key_pack *key_pack = NULL;
krb5_reply_key_pack_draft9 *key_pack9 = NULL;
krb5_data *encoded_key_pack = NULL;
- unsigned int num_types;
- krb5_cksumtype *cksum_types = NULL;
+ krb5_cksumtype cksum_type;
pkinit_kdc_context plgctx;
pkinit_kdc_req_context reqctx;
@@ -882,14 +881,25 @@
retval = ENOMEM;
goto cleanup;
}
- /* retrieve checksums for a given enctype of the reply key */
- retval = krb5_c_keyed_checksum_types(context,
- encrypting_key->enctype, &num_types, &cksum_types);
- if (retval)
- goto cleanup;
- /* pick the first of acceptable enctypes for the checksum */
- retval = krb5_c_make_checksum(context, cksum_types[0],
+ switch (encrypting_key->enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ cksum_type = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ cksum_type = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ retval = krb5int_c_mandatory_cksumtype(context,
+ encrypting_key->enctype,
+ &cksum_type);
+ if (retval)
+ goto cleanup;
+ break;
+ }
+
+ retval = krb5_c_make_checksum(context, cksum_type,
encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
req_pkt, &key_pack->asChecksum);
if (retval) {
@@ -1033,7 +1043,6 @@
krb5_free_data(context, encoded_key_pack);
free(dh_pubkey);
free(server_key);
- free(cksum_types);
switch ((int)padata->pa_type) {
case KRB5_PADATA_PK_AS_REQ:
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/db2/lockout.c
+++ krb5-1.8.1+dfsg/src/plugins/kdb/db2/lockout.c
@@ -158,13 +158,23 @@
return 0;
}
+ if (entry == NULL)
+ return 0;
+
code = lookup_lockout_policy(context, entry, &max_fail,
&failcnt_interval,
&lockout_duration);
if (code != 0)
return code;
- assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry));
+ /*
+ * Don't continue to modify the DB for an already locked account.
+ * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
+ * this check is unneeded, but in rare cases, we can fail with an
+ * integrity error or preauth failure before a policy check.)
+ */
+ if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+ return 0;
if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
/*
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/db2/libdb2/include/db-int.h
+++ krb5-1.8.1+dfsg/src/plugins/kdb/db2/libdb2/include/db-int.h
@@ -280,4 +280,8 @@
#ifndef O_BINARY
#define O_BINARY 0 /* Needed for Win32 compiles */
#endif
+
+#ifndef MAXPATHLEN
+# define MAXPATHLEN 4096
+#endif
#endif /* _DB_INT_H_ */
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/Makefile.in
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/Makefile.in
@@ -26,7 +26,7 @@
$(TOPLIBD)/libkrb5$(SHLIBEXT) \
$(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(SHLIBEXT)
SHLIB_EXPLIBS= -lkdb_ldap $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto -lkrb5support $(LIBS)
-SHLIB_DIRS=-L$(TOPLIBD)
+SHLIB_DIRS=-L$(TOPLIBD) -Wl,-rpath,$(KRB5_LIBDIR)/krb5
SHLIB_RDIRS=$(KRB5_LIBDIR)
$(TOPLIBD)/libkdb_ldap$(SHLIBEXT): all-recurse
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/ldap_util/Makefile.in
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/ldap_util/Makefile.in
@@ -3,7 +3,7 @@
DEFINES = -DKDB4_DISABLE
DEFS=
LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(top_srcdir)/lib/kdb
-PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
+PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) -Wl,-rpath,$(KRB5_LIBDIR)/krb5
PROG_RPATH=$(KRB5_LIBDIR)
#KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
KDB_DEP_LIB=$(DL_LIB) -lkdb_ldap $(THREAD_LINKOPTS)
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -103,10 +103,10 @@
unsigned int flags, krb5_db_entry *entries,
int *nentries, krb5_boolean *more)
{
- char *user=NULL, *filter=NULL, **subtree=NULL;
+ char *user=NULL, *filter=NULL, *filtuser=NULL;
unsigned int tree=0, ntrees=1, princlen=0;
krb5_error_code tempst=0, st=0;
- char **values=NULL, *cname=NULL;
+ char **values=NULL, **subtree=NULL, *cname=NULL;
LDAP *ld=NULL;
LDAPMessage *result=NULL, *ent=NULL;
krb5_ldap_context *ldap_context=NULL;
@@ -131,6 +131,7 @@
CHECK_LDAP_HANDLE(ldap_context);
if (is_principal_in_realm(ldap_context, searchfor) != 0) {
+ st = KRB5_KDB_NOENTRY;
*more = 0;
krb5_set_error_message (context, st, "Principal does not belong to realm");
goto cleanup;
@@ -142,12 +143,18 @@
if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
goto cleanup;
- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */
+ filtuser = ldap_filter_correct(user);
+ if (filtuser == NULL) {
+ st = ENOMEM;
+ goto cleanup;
+ }
+
+ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */
if ((filter = malloc(princlen)) == NULL) {
st = ENOMEM;
goto cleanup;
}
- snprintf(filter, princlen, FILTER"%s))", user);
+ snprintf(filter, princlen, FILTER"%s))", filtuser);
if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
goto cleanup;
@@ -231,6 +238,9 @@
if (user)
free(user);
+ if (filtuser)
+ free(filtuser);
+
if (cname)
free(cname);
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -102,14 +102,18 @@
#define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \
- do { \
- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
- if (ldap_server_handle) \
- ld = ldap_server_handle->ldap_handle; \
- } \
- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
+ tempst = 0; \
+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \
+ NULL, &timelimit, LDAP_NO_LIMIT, &result); \
+ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
+ if (ldap_server_handle) \
+ ld = ldap_server_handle->ldap_handle; \
+ if (tempst == 0) \
+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \
+ NULL, NULL, &timelimit, \
+ LDAP_NO_LIMIT, &result); \
+ } \
\
if (status_check != IGNORE_STATUS) { \
if (tempst != 0) { \
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -302,6 +302,7 @@
{
krb5_ldap_server_handle *handle = *ldap_server_handle;
+ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
|| (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -446,12 +446,11 @@
* portion, then the first portion of the principal name SHOULD be
* "krbtgt". All this check is done in the immediate block.
*/
- if (searchfor->length == 2)
- if ((strncasecmp(searchfor->data[0].data, "krbtgt",
- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
- (strncasecmp(searchfor->data[1].data, defrealm,
- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
+ if (searchfor->length == 2) {
+ if (data_eq_string(searchfor->data[0], "krbtgt") &&
+ data_eq_string(searchfor->data[1], defrealm))
return 0;
+ }
/* first check the length, if they are not equal, then they are not same */
if (strlen(defrealm) != searchfor->realm.length)
--- krb5-1.8.1+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+++ krb5-1.8.1+dfsg/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
@@ -150,15 +150,25 @@
return 0;
}
+ if (entry == NULL)
+ return 0;
+
code = lookup_lockout_policy(context, entry, &max_fail,
&failcnt_interval,
&lockout_duration);
if (code != 0)
return code;
- entry->mask = 0;
+ /*
+ * Don't continue to modify the DB for an already locked account.
+ * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
+ * this check is unneeded, but in rare cases, we can fail with an
+ * integrity error or preauth failure before a policy check.)
+ */
+ if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+ return 0;
- assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry));
+ entry->mask = 0;
if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
/*
--- krb5-1.8.1+dfsg.orig/src/kdc/do_tgs_req.c
+++ krb5-1.8.1+dfsg/src/kdc/do_tgs_req.c
@@ -543,6 +543,7 @@
to the caller */
ticket_reply = *(header_ticket);
enc_tkt_reply = *(header_ticket->enc_part2);
+ enc_tkt_reply.authorization_data = NULL;
clear(enc_tkt_reply.flags, TKT_FLG_INVALID);
}
@@ -554,6 +555,7 @@
to the caller */
ticket_reply = *(header_ticket);
enc_tkt_reply = *(header_ticket->enc_part2);
+ enc_tkt_reply.authorization_data = NULL;
old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime;
--- krb5-1.8.1+dfsg.orig/src/kdc/kdc_authdata.c
+++ krb5-1.8.1+dfsg/src/kdc/kdc_authdata.c
@@ -495,7 +495,7 @@
krb5_boolean copy,
krb5_boolean ignore_kdc_issued)
{
- size_t i, nadata = 0;
+ size_t i, j, nadata = 0;
krb5_authdata **authdata = *out_authdata;
if (in_authdata == NULL || in_authdata[0] == NULL)
@@ -529,16 +529,16 @@
in_authdata = tmp;
}
- for (i = 0; in_authdata[i] != NULL; i++) {
+ for (i = 0, j = 0; in_authdata[i] != NULL; i++) {
if (ignore_kdc_issued &&
is_kdc_issued_authdatum(context, in_authdata[i], 0)) {
free(in_authdata[i]->contents);
free(in_authdata[i]);
} else
- authdata[nadata + i] = in_authdata[i];
+ authdata[nadata + j++] = in_authdata[i];
}
- authdata[nadata + i] = NULL;
+ authdata[nadata + j] = NULL;
free(in_authdata);
--- krb5-1.8.1+dfsg.orig/src/kdc/do_as_req.c
+++ krb5-1.8.1+dfsg/src/kdc/do_as_req.c
@@ -784,6 +784,8 @@
pad->contents = td[size]->data;
pad->length = td[size]->length;
pa[size] = pad;
+ td[size]->data = NULL;
+ td[size]->length = 0;
}
krb5_free_typed_data(kdc_context, td);
}
--- krb5-1.8.1+dfsg.orig/src/clients/kinit/kinit.M
+++ krb5-1.8.1+dfsg/src/clients/kinit/kinit.M
@@ -70,7 +70,7 @@
.in -.3i
.fi
.sp
-as in "kinit -l 90m". You cannot mix units; a value of `3h30m' will
+as in "kinit \-l 90m". You cannot mix units; a value of `3h30m' will
result in an error.
.sp
If the
--- krb5-1.8.1+dfsg.orig/src/clients/ksu/ksu.M
+++ krb5-1.8.1+dfsg/src/clients/ksu/ksu.M
@@ -175,28 +175,28 @@
.PP
Ksu can be used to create a new security context for the
target program (either the target
-shell, or command specified via the -e option).
+shell, or command specified via the \-e option).
The target program inherits a set
of credentials from the source user.
By default, this set includes all of the credentials
in the source cache plus any
additional credentials obtained during authentication.
The source user is able to limit the credentials in this set
-by using -z or -Z option.
--z restricts the copy of tickets from the source cache
+by using \-z or \-Z option.
+\-z restricts the copy of tickets from the source cache
to the target cache to only the tickets where client ==
-the target principal name. The -Z option
+the target principal name. The \-Z option
provides the target user with a fresh target cache
(no creds in the cache). Note that for security reasons,
when the source user is root and target user is non-root,
--z option is the default mode of operation.
+\-z option is the default mode of operation.
While no authentication takes place if the source user
is root or is the same as the target user, additional
tickets can still be obtained for the target cache.
-If -n is specified and no credentials can be copied to the target
+If \-n is specified and no credentials can be copied to the target
cache, the source user is prompted for a Kerberos password
-(unless -Z specified or GET_TGT_VIA_PASSWD is undefined). If
+(unless \-Z specified or GET_TGT_VIA_PASSWD is undefined). If
successful, a TGT is obtained from the Kerberos server and
stored in the target cache. Otherwise,
if a password is not provided (user hit return)
@@ -301,7 +301,7 @@
\fB\-D
turn on debug mode.
.TP 10
-\fITicket granting ticket options: -l lifetime -r time -pf\fP
+\fITicket granting ticket options: \-l lifetime \-r time \-pf\fP
The ticket granting ticket options only apply to the
case where there are no appropriate tickets in
the cache to authenticate the source user. In this case
@@ -341,7 +341,7 @@
principal. Note that the
.B \-z
option is mutually
-exclusive with the -Z option.
+exclusive with the \-Z option.
.TP 10
\fB\-Z
Don't copy any tickets from the source cache to the
@@ -350,7 +350,7 @@
initialized to the target principal name. Note that
.B \-Z
option is mutually
-exclusive with the -z option.
+exclusive with the \-z option.
.TP 10
\fB\-q
suppress the printing of status messages.
@@ -365,7 +365,7 @@
ls
.B \-lag).
-\fIThe authorization algorithm for -e is as follows:\fP
+\fIThe authorization algorithm for \-e is as follows:\fP
If the source user is root or source user == target user,
no authorization takes place and
@@ -418,7 +418,7 @@
.TP 10
\fB\-a \fIargs
specify arguments to be passed to the target shell.
-Note: that all flags and parameters following -a
+Note: that all flags and parameters following \-a
will be passed to the shell, thus all options
intended for ksu must precede
.B \-a.
@@ -449,7 +449,7 @@
during the resolution of the default principal name,
PRINC_LOOK_AHEAD enables ksu to find principal names
in the .k5users file as described in the OPTIONS section
-(see -n option).
+(see \-n option).
.TP 10
\fICMD_PATH\fP
specifies a list of directories containing programs
@@ -463,8 +463,8 @@
shell is obtained from the passwd file.
.TP 10
SAMPLE CONFIGURATION:
-KSU_OPTS = -DGET_TGT_VIA_PASSWD
--DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin"
+KSU_OPTS = \-DGET_TGT_VIA_PASSWD
+\-DPRINC_LOOK_AHEAD \-DCMD_PATH='"/bin /usr/ucb /local/bin"
.TP 10
PERMISSIONS FOR KSU
ksu should be owned by root and have the set user id bit turned on.
--- krb5-1.8.1+dfsg.orig/src/clients/ksu/ksu.h
+++ krb5-1.8.1+dfsg/src/clients/ksu/ksu.h
@@ -55,8 +55,12 @@
#define CHUNK 3
#define CACHE_MODE 0600
-#define MAX_CMD 2048 /* this is temp, should use realloc instead,
- as done in most of the code */
+#define MAX_CMD 2048 /* this is temp, should use realloc instead,
+ as done in most of the code */
+
+#ifndef MAXPATHLEN
+# define MAXPATHLEN 4096
+#endif
extern int optind;
--- krb5-1.8.1+dfsg.orig/src/kadmin/cli/kadmin.M
+++ krb5-1.8.1+dfsg/src/kadmin/cli/kadmin.M
@@ -290,7 +290,7 @@
.TP
\fB\-policy\fP \fIpolicy\fP
policy used by this principal. If no policy is supplied, then if the
-policy "default" exists and the -clearpolicy is not also specified,
+policy "default" exists and the \-clearpolicy is not also specified,
then the policy "default" is used; otherwise, the principal
will have no policy, and a warning message will be printed.
.TP
@@ -617,7 +617,7 @@
Key: vno 1, DES cbc mode with CRC-32, Version 4
Attributes:
Policy: [none]
-kadmin: getprinc -terse systest
+kadmin: getprinc \-terse systest
systest@BLEEP.COM 3 86400 604800 1
785926535 753241234 785900000
tlyu/admin@BLEEP.COM 786100034 0 0
@@ -751,7 +751,7 @@
Minimum number of password character classes: 2
Number of old keys kept: 5
Reference count: 17
-kadmin: get_policy -terse admin
+kadmin: get_policy \-terse admin
admin 15552000 0 6 2 5 17
kadmin:
.TP
@@ -842,7 +842,7 @@
.RS
.TP
EXAMPLE:
-kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu
+kadmin: ktadd \-k /tmp/foo-new-keytab host/foo.mit.edu
Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with
kvno 3, encryption type DES-CBC-CRC added to keytab
WRFILE:/tmp/foo-new-keytab
@@ -869,7 +869,7 @@
.RS
.TP
EXAMPLE:
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
+kadmin: ktremove \-k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
Entry for principal kadmin/admin with kvno 3 removed
from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
kadmin:
--- krb5-1.8.1+dfsg.orig/src/kadmin/server/schpw.c
+++ krb5-1.8.1+dfsg/src/kadmin/server/schpw.c
@@ -74,8 +74,13 @@
plen = (*ptr++ & 0xff);
plen = (plen<<8) | (*ptr++ & 0xff);
- if (plen != req->length)
- return(KRB5KRB_AP_ERR_MODIFIED);
+ if (plen != req->length) {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ numresult = KRB5_KPASSWD_MALFORMED;
+ strlcpy(strresult, "Request length was inconsistent",
+ sizeof(strresult));
+ goto chpwfail;
+ }
/* verify version number */
--- krb5-1.8.1+dfsg.orig/src/kadmin/server/network.c
+++ krb5-1.8.1+dfsg/src/kadmin/server/network.c
@@ -1384,6 +1384,10 @@
if (local_kaddrs != NULL)
krb5_free_addresses(server_handle->context, local_kaddrs);
+ if ((*response)->data == NULL) {
+ free(*response);
+ *response = NULL;
+ }
krb5_kt_close(server_handle->context, kt);
return ret;
--- krb5-1.8.1+dfsg.orig/src/kadmin/server/kadmind.M
+++ krb5-1.8.1+dfsg/src/kadmin/server/kadmind.M
@@ -111,7 +111,7 @@
specifies that the master database password should be fetched from the
keyboard rather than from a file on disk. Note that the server gets the
password prior to putting itself in the background; in combination with
-the -nofork option, you must place it in the background by hand.
+the \-nofork option, you must place it in the background by hand.
.TP
.B \-nofork
specifies that the server does not put itself in the background and does
--- krb5-1.8.1+dfsg.orig/src/kadmin/ktutil/ktutil_funcs.c
+++ krb5-1.8.1+dfsg/src/kadmin/ktutil/ktutil_funcs.c
@@ -32,6 +32,10 @@
#include
#include
+#ifndef MAXPATHLEN
+# define MAXPATHLEN 4096
+#endif
+
/*
* Free a kt_list
*/
--- krb5-1.8.1+dfsg.orig/src/slave/kprop_sock.c
+++ krb5-1.8.1+dfsg/src/slave/kprop_sock.c
@@ -0,0 +1,39 @@
+#include
+#include
+#include
+
+#include "k5-int.h"
+#include "kprop.h"
+
+int sockaddr2krbaddr(int family, struct sockaddr *sa, krb5_address *dest)
+{
+ struct sockaddr_in *sa4;
+ struct sockaddr_in6 *sa6;
+
+ if (family == AF_INET) {
+ dest->addrtype = ADDRTYPE_INET;
+ sa4 = (struct sockaddr_in *)sa;
+ dest->length = sizeof(sa4->sin_addr);
+ dest->contents = (krb5_octet *) malloc(sizeof(sa4->sin_addr));
+ if (!dest->contents) {
+ (void) fprintf(stderr, _("\nCouldn't allocate memory"));
+ exit(1);
+ }
+ memcpy(dest->contents, &sa4->sin_addr, sizeof(sa4->sin_addr));
+ return 0;
+ } else if (family == AF_INET6) {
+ dest->addrtype = ADDRTYPE_INET6;
+ sa6 = (struct sockaddr_in6 *)sa;
+ dest->length = sizeof(sa6->sin6_addr);
+ dest->contents = (krb5_octet *) malloc(sizeof(sa6->sin6_addr));
+ if (!dest->contents) {
+ (void) fprintf(stderr, _("\nCouldn't allocate memory"));
+ exit(1);
+ }
+ memcpy(dest->contents, &sa6->sin6_addr, sizeof(sa6->sin6_addr));
+ return 0;
+ }
+
+ /* Bad address family */
+ return 1;
+}
--- krb5-1.8.1+dfsg.orig/src/slave/kproplog.M
+++ krb5-1.8.1+dfsg/src/slave/kproplog.M
@@ -24,7 +24,7 @@
.\"
.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
.\"
-.TH KPROPLOG 1
+.TH KPROPLOG 8
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.SH SYNOPSIS
--- krb5-1.8.1+dfsg.orig/src/slave/kprop.h
+++ krb5-1.8.1+dfsg/src/slave/kprop.h
@@ -37,3 +37,5 @@
#define KPROP_BUFSIZ 32768
/* pathnames are in osconf.h, included via k5-int.h */
+
+int sockaddr2krbaddr(int family, struct sockaddr *sa, krb5_address *dest);
--- krb5-1.8.1+dfsg.orig/src/slave/kpropd.M
+++ krb5-1.8.1+dfsg/src/slave/kpropd.M
@@ -74,7 +74,7 @@
This is done by adding a line to the inetd.conf file which looks like
this:
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
+krb5_prop stream tcp nowait root /usr/sbin/kpropd kpropd
However, kpropd can also run as a standalone daemon, if the
.B \-S
@@ -111,13 +111,13 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/from_master).
+(normally /var/lib/krb5kdc/from_master).
.TP
.B \-p
allows the user to specify the pathname to the
.IR kdb5_util (8)
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
-(normally /usr/local/sbin/kdb5_util).
+(normally /usr/sbin/kdb5_util).
.TP
.B \-S
turn on standalone mode. Normally, kpropd is invoked out of
--- krb5-1.8.1+dfsg.orig/src/slave/kprop.c
+++ krb5-1.8.1+dfsg/src/slave/kprop.c
@@ -319,53 +319,57 @@
unsigned int ErrmsgSz;
{
int s;
- krb5_error_code retval;
-
- struct hostent *hp;
- register struct servent *sp;
- struct sockaddr_in my_sin;
+ krb5_error_code retval = 1;
GETSOCKNAME_ARG3_TYPE socket_length;
-
- hp = gethostbyname(host);
- if (hp == NULL) {
- (void) snprintf(Errmsg, ErrmsgSz, "%s: unknown host", host);
+ struct addrinfo hints, *res, *answers;
+ struct sockaddr *sa;
+ struct sockaddr_storage my_sin;
+ int error;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_ADDRCONFIG;
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ if ((error = getaddrinfo(host, KPROP_SERVICE, &hints, &answers)) != 0) {
+ (void) snprintf(Errmsg, ErrmsgSz, "%s: %s", host, gai_strerror(error));
*fd = -1;
return(0);
}
- my_sin.sin_family = hp->h_addrtype;
- memcpy(&my_sin.sin_addr, hp->h_addr, sizeof(my_sin.sin_addr));
- if(!port) {
- sp = getservbyname(KPROP_SERVICE, "tcp");
- if (sp == 0) {
- my_sin.sin_port = htons(KPROP_PORT);
- } else {
- my_sin.sin_port = sp->s_port;
+ for (res = answers; res != NULL; res = res->ai_next) {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s < 0) {
+ (void) snprintf(Errmsg, ErrmsgSz, "in call to socket");
+ freeaddrinfo(answers);
+ return(errno);
+ }
+ if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
+ retval = errno;
+ close(s);
+ s = -1;
+ continue;
+ }
+
+ /* We successfully connect()ed */
+ *fd = s;
+ if (sockaddr2krbaddr(res->ai_family, res->ai_addr, &receiver_addr) != 0) {
+ (void) snprintf(Errmsg, ErrmsgSz, "Bad address family");
+ *fd = -1;
+ return(0);
}
- } else
- my_sin.sin_port = port;
- s = socket(AF_INET, SOCK_STREAM, 0);
-
- if (s < 0) {
- (void) snprintf(Errmsg, ErrmsgSz, "in call to socket");
- return(errno);
+
+ break;
}
- if (connect(s, (struct sockaddr *)&my_sin, sizeof my_sin) < 0) {
- retval = errno;
- close(s);
+
+ freeaddrinfo(answers);
+
+ if (s == -1) {
(void) snprintf(Errmsg, ErrmsgSz, "in call to connect");
return(retval);
}
- *fd = s;
/*
- * Set receiver_addr and sender_addr.
+ * Set sender_addr.
*/
- receiver_addr.addrtype = ADDRTYPE_INET;
- receiver_addr.length = sizeof(my_sin.sin_addr);
- receiver_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr));
- memcpy(receiver_addr.contents, &my_sin.sin_addr,
- sizeof(my_sin.sin_addr));
-
socket_length = sizeof(my_sin);
if (getsockname(s, (struct sockaddr *)&my_sin, &socket_length) < 0) {
retval = errno;
@@ -373,11 +377,15 @@
(void) snprintf(Errmsg, ErrmsgSz, "in call to getsockname");
return(retval);
}
- sender_addr.addrtype = ADDRTYPE_INET;
- sender_addr.length = sizeof(my_sin.sin_addr);
- sender_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr));
- memcpy(sender_addr.contents, &my_sin.sin_addr,
- sizeof(my_sin.sin_addr));
+
+ sa = (struct sockaddr *) &my_sin;
+
+ if (sockaddr2krbaddr(sa->sa_family, sa, &sender_addr) != 0) {
+ (void) snprintf(Errmsg, ErrmsgSz, "Bad address family");
+ close(s);
+ *fd = -1;
+ return(0);
+ }
return(0);
}
--- krb5-1.8.1+dfsg.orig/src/slave/kpropd.c
+++ krb5-1.8.1+dfsg/src/slave/kpropd.c
@@ -162,7 +162,7 @@
int,
krb5_principal *,
krb5_enctype *,
- struct sockaddr_in);
+ struct sockaddr_storage *);
krb5_boolean authorized_principal(krb5_context, krb5_principal, krb5_enctype);
void recv_database(krb5_context, int, int, krb5_data *);
void load_database(krb5_context, char *, char *);
@@ -242,10 +242,10 @@
int do_standalone(iprop_role iproprole)
{
struct sockaddr_in my_sin, frominet;
- struct servent *sp;
+ struct addrinfo hints, *res, *answers;
int finet, s;
GETPEERNAME_ARG3_TYPE fromlen;
- int ret;
+ int ret, error;
/*
* Timer for accept/read calls, in case of network type errors.
*/
@@ -253,92 +253,86 @@
retry:
- finet = socket(AF_INET, SOCK_STREAM, 0);
- if (finet < 0) {
- com_err(progname, errno, "while obtaining socket");
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+
+ if ((error = getaddrinfo(NULL, KPROP_SERVICE, &hints, &answers)) != 0) {
+ (void) fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(error));
exit(1);
}
- memset(&my_sin,0, sizeof(my_sin));
- if(!port) {
- sp = getservbyname(KPROP_SERVICE, "tcp");
- if (sp == NULL) {
- com_err(progname, 0, "%s/tcp: unknown service", KPROP_SERVICE);
- my_sin.sin_port = htons(KPROP_PORT);
- }
- else my_sin.sin_port = sp->s_port;
- } else {
- my_sin.sin_port = port;
- }
- my_sin.sin_family = AF_INET;
- /*
- * We need to close the socket immediately if iprop is enabled,
- * since back-to-back full resyncs are possible, so we do not
- * linger around for too long
- */
- if (iproprole == IPROP_SLAVE) {
+ for (res = answers; res != NULL; res = res->ai_next) {
int on = 1;
- struct linger linger;
+ finet = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (finet < 0) {
+ com_err(progname, errno, "while obtaining socket");
+ exit(1);
+ }
+
+ if (setsockopt (finet, SOL_SOCKET, SO_REUSEADDR,
+ (void *)&on, sizeof(on)) < 0)
+ com_err(progname, errno,
+ _("while setting socket option (SO_REUSEADDR)"));
- if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR,
- (char *)&on, sizeof(on)) < 0)
- com_err(progname, errno,
- _("while setting socket option (SO_REUSEADDR)"));
- linger.l_onoff = 1;
- linger.l_linger = 2;
- if (setsockopt(finet, SOL_SOCKET, SO_LINGER,
- (void *)&linger, sizeof(linger)) < 0)
- com_err(progname, errno,
- _("while setting socket option (SO_LINGER)"));
/*
- * We also want to set a timer so that the slave is not waiting
- * until infinity for an update from the master.
+ * We need to close the socket immediately if iprop is enabled,
+ * since back-to-back full resyncs are possible, so we do not
+ * linger around for too long
*/
- gfd = finet;
- signal(SIGALRM, resync_alarm);
- if (debug) {
- fprintf(stderr, "do_standalone: setting resync alarm to %d\n",
- backoff_timer);
- }
- if (alarm(backoff_timer) != 0) {
+ if (iproprole == IPROP_SLAVE) {
+ struct linger linger;
+
+ linger.l_onoff = 1;
+ linger.l_linger = 2;
+ if (setsockopt(finet, SOL_SOCKET, SO_LINGER,
+ (void *)&linger, sizeof(linger)) < 0)
+ com_err(progname, errno,
+ _("while setting socket option (SO_LINGER)"));
+ /*
+ * We also want to set a timer so that the slave is not waiting
+ * until infinity for an update from the master.
+ */
+ gfd = finet;
+ signal(SIGALRM, resync_alarm);
if (debug) {
- fprintf(stderr,
- _("%s: alarm already set\n"), progname);
+ fprintf(stderr, "do_standalone: setting resync alarm to %d\n",
+ backoff_timer);
}
+ if (alarm(backoff_timer) != 0) {
+ if (debug) {
+ fprintf(stderr,
+ _("%s: alarm already set\n"), progname);
+ }
+ }
+ backoff_timer *= 2;
}
- backoff_timer *= 2;
- }
- if ((ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin))) < 0) {
- if (debug) {
- int on = 1;
- fprintf(stderr,
- "%s: attempting to rebind socket with SO_REUSEADDR\n",
- progname);
- if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR,
- (char *)&on, sizeof(on)) < 0)
- com_err(progname, errno, "in setsockopt(SO_REUSEADDR)");
- ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin));
- }
- if (ret < 0) {
+
+ if ((ret = bind(finet, res->ai_addr, res->ai_addrlen)) < 0) {
perror("bind");
com_err(progname, errno, "while binding listener socket");
exit(1);
}
- }
- if (!debug && iproprole != IPROP_SLAVE)
- daemon(1, 0);
+ if (!debug && iproprole != IPROP_SLAVE)
+ daemon(1, 0);
#ifdef PID_FILE
- if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
- fprintf(pidfile, "%d\n", getpid());
- fclose(pidfile);
- } else
- com_err(progname, errno,
- "while opening pid file %s for writing", PID_FILE);
+ if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
+ fprintf(pidfile, "%d\n", getpid());
+ fclose(pidfile);
+ } else
+ com_err(progname, errno,
+ "while opening pid file %s for writing", PID_FILE);
#endif
- if (listen(finet, 5) < 0) {
- com_err(progname, errno, "in listen call");
- exit(1);
+
+ if (listen(finet, 5) < 0) {
+ com_err(progname, errno, "in listen call");
+ exit(1);
+ }
+ break;
}
+
while (1) {
int child_pid;
int status;
@@ -404,11 +398,11 @@
}
close(s);
- if (iproprole == IPROP_SLAVE)
+ if (iproprole == IPROP_SLAVE) {
close(finet);
-
- if ((ret = WEXITSTATUS(status)) != 0)
- return (ret);
+ if ((ret = WEXITSTATUS(status)) != 0)
+ return (ret);
+ }
}
if (iproprole == IPROP_SLAVE)
break;
@@ -419,16 +413,16 @@
void doit(fd)
int fd;
{
- struct sockaddr_in from;
+ struct sockaddr_storage from;
int on = 1;
GETPEERNAME_ARG3_TYPE fromlen;
- struct hostent *hp;
krb5_error_code retval;
krb5_data confmsg;
int lock_fd;
mode_t omask;
krb5_enctype etype;
int database_fd;
+ char host[INET6_ADDRSTRLEN+1];
if (kpropd_context->kdblog_context &&
kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) {
@@ -468,23 +462,19 @@
"while attempting setsockopt (SO_KEEPALIVE)");
}
- if (!(hp = gethostbyaddr((char *) &(from.sin_addr.s_addr), fromlen,
- AF_INET))) {
- syslog(LOG_INFO, "Connection from %s",
- inet_ntoa(from.sin_addr));
- if (debug)
- printf("Connection from %s\n",
- inet_ntoa(from.sin_addr));
- } else {
- syslog(LOG_INFO, "Connection from %s", hp->h_name);
+
+ if (getnameinfo((const struct sockaddr *) &from, fromlen,
+ host, sizeof(host), NULL, 0, 0) == 0) {
+ syslog(LOG_INFO, "Connection from %s", host);
if (debug)
- printf("Connection from %s\n", hp->h_name);
+ printf("Connection from %s\n", host);
}
+
/*
* Now do the authentication
*/
- kerberos_authenticate(kpropd_context, fd, &client, &etype, from);
+ kerberos_authenticate(kpropd_context, fd, &client, &etype, &from);
/*
* Turn off alarm upon successful authentication from master.
@@ -1216,22 +1206,18 @@
int fd;
krb5_principal * clientp;
krb5_enctype * etype;
- struct sockaddr_in my_sin;
+ struct sockaddr_storage * my_sin;
{
krb5_error_code retval;
krb5_ticket * ticket;
- struct sockaddr_in r_sin;
+ struct sockaddr_storage r_sin;
GETSOCKNAME_ARG3_TYPE sin_length;
krb5_keytab keytab = NULL;
/*
* Set recv_addr and send_addr
*/
- sender_addr.addrtype = ADDRTYPE_INET;
- sender_addr.length = sizeof(my_sin.sin_addr);
- sender_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr));
- memcpy(sender_addr.contents, &my_sin.sin_addr,
- sizeof(my_sin.sin_addr));
+ sockaddr2krbaddr(my_sin->ss_family, my_sin, &sender_addr);
sin_length = sizeof(r_sin);
if (getsockname(fd, (struct sockaddr *) &r_sin, &sin_length)) {
@@ -1239,11 +1225,7 @@
exit(1);
}
- receiver_addr.addrtype = ADDRTYPE_INET;
- receiver_addr.length = sizeof(r_sin.sin_addr);
- receiver_addr.contents = (krb5_octet *) malloc(sizeof(r_sin.sin_addr));
- memcpy(receiver_addr.contents, &r_sin.sin_addr,
- sizeof(r_sin.sin_addr));
+ sockaddr2krbaddr(r_sin.ss_family, &r_sin, &receiver_addr);
if (debug) {
char *name;
--- krb5-1.8.1+dfsg.orig/src/slave/kprop.M
+++ krb5-1.8.1+dfsg/src/slave/kprop.M
@@ -39,7 +39,7 @@
This is done by transmitting the dumped database file to the slave
server over an encrypted, secure channel. The dump file must be created
by kdb5_util, and is normally KPROP_DEFAULT_FILE
-(/usr/local/var/krb5kdc/slave_datatrans).
+(/var/lib/krb5kdc/slave_datatrans).
.SH OPTIONS
.TP
\fB\-r\fP \fIrealm\fP
@@ -51,7 +51,7 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
found; by default the dumped database file is KPROP_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/slave_datatrans).
+(normally /var/lib/krb5kdc/slave_datatrans).
.TP
\fB\-P\fP \fIport\fP
specifies the port to use to contact the
--- krb5-1.8.1+dfsg.orig/src/slave/Makefile.in
+++ krb5-1.8.1+dfsg/src/slave/Makefile.in
@@ -6,11 +6,11 @@
all:: kprop kpropd kproplog
-CLIENTSRCS= $(srcdir)/kprop.c
-CLIENTOBJS= kprop.o
+CLIENTSRCS= $(srcdir)/kprop.c $(srcdir)/kprop_sock.c
+CLIENTOBJS= kprop.o kprop_sock.o
-SERVERSRCS= $(srcdir)/kpropd.c $(srcdir)/kpropd_rpc.c
-SERVEROBJS= kpropd.o kpropd_rpc.o
+SERVERSRCS= $(srcdir)/kpropd.c $(srcdir)/kpropd_rpc.c $(srcdir)/kprop_sock.c
+SERVEROBJS= kpropd.o kpropd_rpc.o kprop_sock.o
LOGSRCS= $(srcdir)/kproplog.c
LOGOBJS= kproplog.o
--- krb5-1.8.1+dfsg.orig/src/config-files/kdc.conf.M
+++ krb5-1.8.1+dfsg/src/config-files/kdc.conf.M
@@ -82,14 +82,14 @@
.B string
specifies the location of the access control list (acl) file that
kadmin uses to determine which principals are allowed which permissions
-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
+on the database. The default value is /etc/krb5kdc/kadm5.acl.
.IP admin_keytab
This
.B string
Specifies the location of the keytab file that kadmin uses to
authenticate to the database. The default value is
-/usr/local/var/krb5kdc/kadm5.keytab.
+/etc/krb5kdc/kadm5.keytab.
.IP database_name
This
@@ -254,7 +254,7 @@
realm names and the [capaths] section of its krb5.conf file
.SH FILES
-/usr/local/var/krb5kdc/kdc.conf
+/etc/krb5kdc/kdc.conf
.SH SEE ALSO
krb5.conf(5), krb5kdc(8)
--- krb5-1.8.1+dfsg.orig/src/config-files/krb5.conf.M
+++ krb5-1.8.1+dfsg/src/config-files/krb5.conf.M
@@ -461,7 +461,7 @@
In the following example, the logging messages from the KDC will go to
the console and to the system log under the facility LOG_DAEMON with
default severity of LOG_INFO; and the logging messages from the
-administrative server will be appended to the file /var/adm/kadmin.log
+administrative server will be appended to the file /var/log/kadmin.log
and sent to the device /dev/tty04.
.sp
.nf
@@ -469,7 +469,7 @@
[logging]
kdc = CONSOLE
kdc = SYSLOG:INFO:DAEMON
- admin_server = FILE:/var/adm/kadmin.log
+ admin_server = FILE:/var/log/kadmin.log
admin_server = DEVICE=/dev/tty04
.in -1i
.fi
--- krb5-1.8.1+dfsg.orig/src/config/config.sub
+++ krb5-1.8.1+dfsg/src/config/config.sub
@@ -243,6 +243,7 @@
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
| bfin \
+ | bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
@@ -288,6 +289,9 @@
| z8k)
basic_machine=$basic_machine-unknown
;;
+ m32c)
+ basic_machine=$basic_machine-unknown
+ ;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
@@ -372,6 +376,8 @@
| ymp-* \
| z8k-*)
;;
+ m32c-*)
+ ;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
--- krb5-1.8.1+dfsg.orig/src/include/k5-int.h
+++ krb5-1.8.1+dfsg/src/include/k5-int.h
@@ -556,6 +556,9 @@
#ifdef HAVE_SYS_PARAM_H
#include /* MAXPATHLEN */
#endif
+#ifndef MAXPATHLEN
+# define MAXPATHLEN 4096
+#endif
#ifdef HAVE_SYS_FILE_H
#include /* prototypes for file-related
--- krb5-1.8.1+dfsg.orig/src/include/osconf.hin
+++ krb5-1.8.1+dfsg/src/include/osconf.hin
@@ -123,8 +123,8 @@
* krb5 slave support follows
*/
-#define KPROP_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/slave_datatrans"
-#define KPROPD_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/from_master"
+#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/slave_datatrans"
+#define KPROPD_DEFAULT_FILE "/var/lib/krb5kdc/from_master"
#define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
#define KPROPD_DEFAULT_KDB5_EDIT "@SBINDIR/kdb5_edit"
#define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop"
--- krb5-1.8.1+dfsg.orig/debian/krb5-admin-server.install
+++ krb5-1.8.1+dfsg/debian/krb5-admin-server.install
@@ -0,0 +1,6 @@
+usr/sbin/kadmin.local
+usr/share/man/man8/kadmin.local.8
+usr/sbin/kadmind
+usr/share/man/man8/kadmind.8
+usr/sbin/kprop
+usr/share/man/man8/kprop.8
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.dirs
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.dirs
@@ -0,0 +1,5 @@
+usr/lib/krb5/plugins/kdb
+var/lib/krb5kdc
+etc/krb5kdc
+usr/share/doc/krb5-kdc/examples
+usr/share/krb5-kdc
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-3.symbols
+++ krb5-1.8.1+dfsg/debian/libkrb5-3.symbols
@@ -0,0 +1,641 @@
+libkrb5.so.3 libkrb5-3 #MINVER#
+ HIDDEN@HIDDEN 1.6.dfsg.2
+ _krb5_conf_boolean@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_ad_kdcissued@krb5_3_MIT 1.8+dfsg
+ decode_krb5_ad_signedpath@krb5_3_MIT 1.8+dfsg
+ decode_krb5_alt_method@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_ap_rep@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_ap_rep_enc_part@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_ap_req@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_as_rep@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_as_req@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_authdata@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_authenticator@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_cred@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_enc_cred_part@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_enc_data@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_enc_kdc_rep_part@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_enc_priv_part@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_enc_sam_response_enc@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_enc_sam_response_enc_2@krb5_3_MIT 1.7dfsg
+ decode_krb5_enc_tkt_part@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_encryption_key@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_error@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_etype_info2@krb5_3_MIT 1.7dfsg
+ decode_krb5_etype_info@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_fast_req@krb5_3_MIT 1.7dfsg
+ decode_krb5_kdc_req_body@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_pa_enc_ts@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_pa_for_user@krb5_3_MIT 1.7dfsg
+ decode_krb5_pa_fx_fast_request@krb5_3_MIT 1.7dfsg
+ decode_krb5_pa_pac_req@krb5_3_MIT 1.7dfsg
+ decode_krb5_pa_s4u_x509_user@krb5_3_MIT 1.8+dfsg
+ decode_krb5_padata_sequence@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_predicted_sam_response@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_priv@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_pwd_data@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_pwd_sequence@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_safe@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_sam_challenge@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_sam_response@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_sam_response_2@krb5_3_MIT 1.7dfsg
+ decode_krb5_setpw_req@krb5_3_MIT 1.7dfsg
+ decode_krb5_tgs_rep@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_tgs_req@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_ticket@krb5_3_MIT 1.6.dfsg.2
+ decode_krb5_typed_data@krb5_3_MIT 1.7dfsg
+ encode_krb5_ad_kdcissued@krb5_3_MIT 1.8+dfsg
+ encode_krb5_ad_signedpath@krb5_3_MIT 1.8+dfsg
+ encode_krb5_ad_signedpath_data@krb5_3_MIT 1.8+dfsg
+ encode_krb5_alt_method@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_ap_rep@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_ap_rep_enc_part@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_ap_req@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_as_rep@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_as_req@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_authdata@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_authenticator@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_checksum@krb5_3_MIT 1.8+dfsg
+ encode_krb5_cred@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_enc_cred_part@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_enc_data@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_enc_kdc_rep_part@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_enc_priv_part@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_enc_sam_response_enc@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_enc_sam_response_enc_2@krb5_3_MIT 1.7dfsg
+ encode_krb5_enc_tkt_part@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_encryption_key@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_error@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_etype_info2@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_etype_info@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_fast_response@krb5_3_MIT 1.7dfsg
+ encode_krb5_kdc_req_body@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_pa_enc_ts@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_pa_for_user@krb5_3_MIT 1.7dfsg
+ encode_krb5_pa_fx_fast_reply@krb5_3_MIT 1.7dfsg
+ encode_krb5_pa_s4u_x509_user@krb5_3_MIT 1.8+dfsg
+ encode_krb5_pa_server_referral_data@krb5_3_MIT 1.7dfsg
+ encode_krb5_pa_svr_referral_data@krb5_3_MIT 1.7dfsg
+ encode_krb5_padata_sequence@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_predicted_sam_response@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_priv@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_pwd_data@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_pwd_sequence@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_s4u_userid@krb5_3_MIT 1.8+dfsg
+ encode_krb5_safe@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_sam_challenge@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_sam_key@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_sam_response@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_sam_response_2@krb5_3_MIT 1.7dfsg
+ encode_krb5_tgs_rep@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_tgs_req@krb5_3_MIT 1.6.dfsg.2
+ encode_krb5_ticket@krb5_3_MIT 1.6.dfsg.2
+ et_asn1_error_table@krb5_3_MIT 1.6.dfsg.2
+ et_k524_error_table@krb5_3_MIT 1.6.dfsg.2
+ et_kdb5_error_table@krb5_3_MIT 1.6.dfsg.2
+ et_krb5_error_table@krb5_3_MIT 1.6.dfsg.2
+ et_kv5m_error_table@krb5_3_MIT 1.6.dfsg.2
+ et_prof_error_table@krb5_3_MIT 1.6.dfsg.2
+ initialize_asn1_error_table@krb5_3_MIT 1.6.dfsg.2
+ initialize_k524_error_table@krb5_3_MIT 1.6.dfsg.2
+ initialize_kdb5_error_table@krb5_3_MIT 1.6.dfsg.2
+ initialize_krb5_error_table@krb5_3_MIT 1.6.dfsg.2
+ initialize_kv5m_error_table@krb5_3_MIT 1.6.dfsg.2
+ initialize_prof_error_table@krb5_3_MIT 1.6.dfsg.2
+ krb524_convert_creds_kdc@krb5_3_MIT 1.6.dfsg.2
+ krb524_init_ets@krb5_3_MIT 1.6.dfsg.2
+ krb5_3_MIT@krb5_3_MIT 1.6.dfsg.2
+ krb5_425_conv_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_524_conv_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_524_convert_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_address_compare@krb5_3_MIT 1.6.dfsg.2
+ krb5_address_order@krb5_3_MIT 1.6.dfsg.2
+ krb5_address_search@krb5_3_MIT 1.6.dfsg.2
+ krb5_allow_weak_crypto@krb5_3_MIT 1.8+dfsg
+ krb5_aname_to_localname@krb5_3_MIT 1.6.dfsg.2
+ krb5_anonymous_principal@krb5_3_MIT 1.8+dfsg
+ krb5_anonymous_realm@krb5_3_MIT 1.8+dfsg
+ krb5_appdefault_boolean@krb5_3_MIT 1.6.dfsg.2
+ krb5_appdefault_string@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_free@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_genaddrs@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_get_authdata_context@krb5_3_MIT 1.8+dfsg
+ krb5_auth_con_get_checksum_func@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getaddrs@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getauthenticator@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getflags@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getivector@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getkey_k@krb5_3_MIT 1.8+dfsg
+ krb5_auth_con_getlocalseqnumber@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getlocalsubkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getpermetypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getrcache@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getrecvsubkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getrecvsubkey_k@krb5_3_MIT 1.8+dfsg
+ krb5_auth_con_getremoteseqnumber@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getremotesubkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getsendsubkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_getsendsubkey_k@krb5_3_MIT 1.8+dfsg
+ krb5_auth_con_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_initivector@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_set_authdata_context@krb5_3_MIT 1.8+dfsg
+ krb5_auth_con_set_checksum_func@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_set_req_cksumtype@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_set_safe_cksumtype@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setaddrs@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setflags@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setivector@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setpermetypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setports@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setrcache@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setrecvsubkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setsendsubkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_con_setuseruserkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_auth_to_rep@krb5_3_MIT 1.6.dfsg.2
+ krb5_authdata_context_copy@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_context_free@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_context_init@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_delete_attribute@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_export_attributes@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_export_authdata@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_export_internal@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_free_internal@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_get_attribute@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_get_attribute_types@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_import_attributes@krb5_3_MIT 1.8+dfsg
+ krb5_authdata_set_attribute@krb5_3_MIT 1.8+dfsg
+ krb5_build_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_build_principal_alloc_va@krb5_3_MIT 1.7dfsg
+ krb5_build_principal_ext@krb5_3_MIT 1.6.dfsg.2
+ krb5_build_principal_va@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_close@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_copy_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_default@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_default_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_destroy@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_dfl_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_end_seq_get@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_file_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_gen_new@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_get_config@krb5_3_MIT 1.8+dfsg
+ krb5_cc_get_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_get_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_get_type@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_initialize@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_new_unique@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_next_cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_register@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_remove_cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_resolve@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_retrieve_cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_retrieve_cred_default@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_set_config@krb5_3_MIT 1.8+dfsg
+ krb5_cc_set_default_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_set_flags@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_start_seq_get@krb5_3_MIT 1.6.dfsg.2
+ krb5_cc_store_cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_cccol_cursor_free@krb5_3_MIT 1.6.dfsg.2
+ krb5_cccol_cursor_new@krb5_3_MIT 1.6.dfsg.2
+ krb5_cccol_cursor_next@krb5_3_MIT 1.6.dfsg.2
+ krb5_change_cache@krb5_3_MIT 1.6.dfsg.2
+ krb5_change_password@krb5_3_MIT 1.6.dfsg.2
+ krb5_check_transited_list@krb5_3_MIT 1.6.dfsg.2
+ krb5_chpw_result_code_string@krb5_3_MIT 1.6.dfsg.2
+ krb5_clear_error_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_addr@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_addresses@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_authdata@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_authenticator@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_checksum@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_context@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_data@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_error_message@krb5_3_MIT 1.7dfsg
+ krb5_copy_keyblock@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_keyblock_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_copy_ticket@krb5_3_MIT 1.6.dfsg.2
+ krb5_create_secure_file@krb5_3_MIT 1.6.dfsg.2
+ krb5_crypto_us_timeofday@krb5_3_MIT 1.6.dfsg.2
+ krb5_decode_authdata_container@krb5_3_MIT 1.7dfsg
+ krb5_decode_ticket@krb5_3_MIT 1.6.dfsg.2
+ krb5_decrypt_tkt_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_default_pwd_prompt1@krb5_3_MIT 1.6.dfsg.2
+ krb5_default_pwd_prompt2@krb5_3_MIT 1.6.dfsg.2
+ krb5_defkeyname@krb5_3_MIT 1.6.dfsg.2
+ krb5_deltat_to_string@krb5_3_MIT 1.6.dfsg.2
+ krb5_do_preauth@krb5_3_MIT 1.6.dfsg.2
+ krb5_encode_authdata_container@krb5_3_MIT 1.7dfsg
+ krb5_encode_kdc_rep@krb5_3_MIT 1.6.dfsg.2
+ krb5_encrypt_helper@krb5_3_MIT 1.6.dfsg.2
+ krb5_encrypt_tkt_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_externalize_data@krb5_3_MIT 1.6.dfsg.2
+ krb5_externalize_opaque@krb5_3_MIT 1.6.dfsg.2
+ krb5_fcc_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_find_serializer@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_ad_kdcissued@krb5_3_MIT 1.8+dfsg
+ krb5_free_ad_signedpath@krb5_3_MIT 1.8+dfsg
+ krb5_free_address@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_addresses@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_alt_method@krb5_3_MIT 1.7dfsg
+ krb5_free_ap_rep@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_ap_rep_enc_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_ap_req@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_authdata@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_authenticator@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_authenticator_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_checksum@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_checksum_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_config_files@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_context@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_cred_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_cred_enc_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_data@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_data_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_default_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_enc_data@krb5_3_MIT 1.7dfsg
+ krb5_free_enc_kdc_rep_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_enc_sam_response_enc@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_enc_sam_response_enc_2@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_enc_sam_response_enc_2_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_enc_sam_response_enc_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_enc_tkt_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_error@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_error_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_etype_info@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_fast_armored_req@krb5_3_MIT 1.7dfsg
+ krb5_free_fast_req@krb5_3_MIT 1.7dfsg
+ krb5_free_host_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_kdc_rep@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_kdc_req@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_keyblock@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_keyblock_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_keytab_entry_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_krbhst@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_ktypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_last_req@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_pa_data@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_pa_enc_ts@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_pa_for_user@krb5_3_MIT 1.7dfsg
+ krb5_free_pa_pac_req@krb5_3_MIT 1.7dfsg
+ krb5_free_pa_s4u_x509_user@krb5_3_MIT 1.8+dfsg
+ krb5_free_pa_server_referral_data@krb5_3_MIT 1.7dfsg
+ krb5_free_pa_svr_referral_data@krb5_3_MIT 1.7dfsg
+ krb5_free_passwd_phrase_element@krb5_3_MIT 1.7dfsg
+ krb5_free_predicted_sam_response@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_predicted_sam_response_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_priv@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_priv_enc_part@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_pwd_data@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_pwd_sequences@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_realm_string@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_realm_tree@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_safe@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_challenge@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_challenge_2@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_challenge_2_body@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_challenge_2_body_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_challenge_2_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_challenge_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_response@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_response_2@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_response_2_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_sam_response_contents@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_tgt_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_ticket@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_tickets@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_tkt_authent@krb5_3_MIT 1.6.dfsg.2
+ krb5_free_typed_data@krb5_3_MIT 1.7dfsg
+ krb5_free_unparsed_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_fwd_tgt_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_gen_portaddr@krb5_3_MIT 1.6.dfsg.2
+ krb5_gen_replay_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_generate_seq_number@krb5_3_MIT 1.6.dfsg.2
+ krb5_generate_subkey@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_cred_from_kdc@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_cred_from_kdc_renew@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_cred_from_kdc_validate@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_cred_via_tkt@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_credentials@krb5_3_MIT 1.7dfsg
+ krb5_get_credentials_for_proxy@krb5_3_MIT 1.8+dfsg
+ krb5_get_credentials_for_user@krb5_3_MIT 1.8+dfsg
+ krb5_get_credentials_renew@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_credentials_validate@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_default_config_files@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_default_in_tkt_ktypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_default_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_error_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_fallback_host_realm@krb5_3_MIT 1.7dfsg
+ krb5_get_host_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_in_tkt@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_in_tkt_with_keytab@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_in_tkt_with_password@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_in_tkt_with_skey@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_keytab@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_alloc@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_free@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_free_pa@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_get_fast_flags@krb5_3_MIT 1.8+dfsg
+ krb5_get_init_creds_opt_get_pa@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_address_list@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_anonymous@krb5_3_MIT 1.8+dfsg
+ krb5_get_init_creds_opt_set_canonicalize@krb5_3_MIT 1.7dfsg
+ krb5_get_init_creds_opt_set_change_password_prompt@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_etype_list@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_fast_ccache_name@krb5_3_MIT 1.8+dfsg
+ krb5_get_init_creds_opt_set_fast_flags@krb5_3_MIT 1.8+dfsg
+ krb5_get_init_creds_opt_set_forwardable@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_out_ccache@krb5_3_MIT 1.8+dfsg
+ krb5_get_init_creds_opt_set_pa@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_preauth_list@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_proxiable@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_renew_life@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_salt@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_opt_set_tkt_life@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_init_creds_password@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_krbhst@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_notification_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_permitted_enctypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_profile@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_prompt_types@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_realm_domain@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_renewed_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_server_rcache@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_tgs_ktypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_time_offsets@krb5_3_MIT 1.6.dfsg.2
+ krb5_get_validated_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_init_context@krb5_3_MIT 1.6.dfsg.2
+ krb5_init_creds_free@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_get@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_get_creds@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_get_error@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_get_times@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_init@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_set_keytab@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_set_password@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_set_service@krb5_3_MIT 1.8+dfsg
+ krb5_init_creds_step@krb5_3_MIT 1.8.1+dfsg
+ krb5_init_keyblock@krb5_3_MIT 1.6.dfsg.2
+ krb5_init_secure_context@krb5_3_MIT 1.6.dfsg.2
+ krb5_internalize_opaque@krb5_3_MIT 1.6.dfsg.2
+ krb5_is_config_principal@krb5_3_MIT 1.8+dfsg
+ krb5_is_permitted_enctype@krb5_3_MIT 1.6.dfsg.2
+ krb5_is_referral_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_is_thread_safe@krb5_3_MIT 1.6.dfsg.2
+ krb5_kdc_rep_decrypt_proc@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_add_entry@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_close@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_default@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_default_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_dfl_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_end_seq_get@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_free_entry@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_get_entry@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_get_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_get_type@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_next_entry@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_read_service_key@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_register@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_remove_entry@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_resolve@krb5_3_MIT 1.6.dfsg.2
+ krb5_kt_start_seq_get@krb5_3_MIT 1.6.dfsg.2
+ krb5_ktf_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_ktf_writable_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_kts_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_kuserok@krb5_3_MIT 1.6.dfsg.2
+ krb5_locate_kdc@krb5_3_MIT 1.6.dfsg.2
+ krb5_lock_file@krb5_3_MIT 1.6.dfsg.2
+ krb5_make_authdata_kdc_issued@krb5_3_MIT 1.8+dfsg
+ krb5_make_full_ipaddr@krb5_3_MIT 1.6.dfsg.2
+ krb5_make_fulladdr@krb5_3_MIT 1.6.dfsg.2
+ krb5_max_dgram_size@krb5_3_MIT 1.6.dfsg.2
+ krb5_max_skdc_timeout@krb5_3_MIT 1.6.dfsg.2
+ krb5_mcc_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_merge_authdata@krb5_3_MIT 1.7dfsg
+ krb5_mk_1cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_mk_error@krb5_3_MIT 1.6.dfsg.2
+ krb5_mk_ncred@krb5_3_MIT 1.6.dfsg.2
+ krb5_mk_priv@krb5_3_MIT 1.6.dfsg.2
+ krb5_mk_rep@krb5_3_MIT 1.7dfsg
+ krb5_mk_rep_dce@krb5_3_MIT 1.7dfsg
+ krb5_mk_req@krb5_3_MIT 1.7dfsg
+ krb5_mk_req_extended@krb5_3_MIT 1.7dfsg
+ krb5_mk_safe@krb5_3_MIT 1.6.dfsg.2
+ krb5_net_read@krb5_3_MIT 1.6.dfsg.2
+ krb5_net_write@krb5_3_MIT 1.6.dfsg.2
+ krb5_obtain_padata@krb5_3_MIT 1.6.dfsg.2
+ krb5_os_free_context@krb5_3_MIT 1.6.dfsg.2
+ krb5_os_hostaddr@krb5_3_MIT 1.6.dfsg.2
+ krb5_os_init_context@krb5_3_MIT 1.6.dfsg.2
+ krb5_os_localaddr@krb5_3_MIT 1.6.dfsg.2
+ krb5_overridekeyname@krb5_3_MIT 1.6.dfsg.2
+ krb5_pac_add_buffer@krb5_3_MIT 1.7dfsg
+ krb5_pac_free@krb5_3_MIT 1.7dfsg
+ krb5_pac_get_buffer@krb5_3_MIT 1.7dfsg
+ krb5_pac_get_types@krb5_3_MIT 1.7dfsg
+ krb5_pac_init@krb5_3_MIT 1.7dfsg
+ krb5_pac_parse@krb5_3_MIT 1.7dfsg
+ krb5_pac_verify@krb5_3_MIT 1.7dfsg
+ krb5_parse_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_parse_name_flags@krb5_3_MIT 1.7dfsg
+ krb5_principal2salt@krb5_3_MIT 1.6.dfsg.2
+ krb5_principal2salt_norealm@krb5_3_MIT 1.6.dfsg.2
+ krb5_principal_compare@krb5_3_MIT 1.6.dfsg.2
+ krb5_principal_compare_any_realm@krb5_3_MIT 1.7dfsg
+ krb5_principal_compare_flags@krb5_3_MIT 1.7dfsg
+ krb5_process_padata@krb5_3_MIT 1.6.dfsg.2
+ krb5_prompter_posix@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_close@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_default@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_default_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_default_type@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_destroy@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_close@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_close_no_free@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_destroy@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_expunge@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_get_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_get_span@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_ops@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_recover@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_resolve@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_dfl_store@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_expunge@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_free_entry@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_get_lifespan@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_get_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_get_type@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_hash_message@krb5_3_MIT 1.7dfsg
+ krb5_rc_initialize@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_close@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_creat@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_destroy@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_mark@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_move@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_open@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_read@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_size@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_sync@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_unmark@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_io_write@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_recover@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_recover_or_initialize@krb5_3_MIT 1.7dfsg
+ krb5_rc_register_type@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_resolve@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_resolve_full@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_resolve_type@krb5_3_MIT 1.6.dfsg.2
+ krb5_rc_store@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_cred@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_error@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_priv@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_rep@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_rep_dce@krb5_3_MIT 1.7dfsg
+ krb5_rd_req@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_req_decoded@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_req_decoded_anyflag@krb5_3_MIT 1.6.dfsg.2
+ krb5_rd_safe@krb5_3_MIT 1.6.dfsg.2
+ krb5_read_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_read_password@krb5_3_MIT 1.6.dfsg.2
+ krb5_realm_compare@krb5_3_MIT 1.6.dfsg.2
+ krb5_realm_iterator@krb5_3_MIT 1.6.dfsg.2
+ krb5_realm_iterator_create@krb5_3_MIT 1.6.dfsg.2
+ krb5_realm_iterator_free@krb5_3_MIT 1.6.dfsg.2
+ krb5_recvauth@krb5_3_MIT 1.6.dfsg.2
+ krb5_recvauth_version@krb5_3_MIT 1.6.dfsg.2
+ krb5_register_serializer@krb5_3_MIT 1.6.dfsg.2
+ krb5_salttype_to_string@krb5_3_MIT 1.6.dfsg.2
+ krb5_secure_config_files@krb5_3_MIT 1.6.dfsg.2
+ krb5_sendauth@krb5_3_MIT 1.6.dfsg.2
+ krb5_sendto_kdc@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_address_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_auth_context_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_authdata_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_authenticator_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_ccache_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_checksum_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_context_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_keyblock_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_keytab_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_pack_bytes@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_pack_int32@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_pack_int64@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_principal_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_rcache_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_unpack_bytes@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_unpack_int32@krb5_3_MIT 1.6.dfsg.2
+ krb5_ser_unpack_int64@krb5_3_MIT 1.6.dfsg.2
+ krb5_server_decrypt_ticket_keytab@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_config_files@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_debugging_time@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_default_in_tkt_ktypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_default_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_default_tgs_enctypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_default_tgs_ktypes@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_error_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_error_message_fl@krb5_3_MIT 1.7dfsg
+ krb5_set_password@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_password_using_ccache@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_principal_realm@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_real_time@krb5_3_MIT 1.6.dfsg.2
+ krb5_set_time_offsets@krb5_3_MIT 1.6.dfsg.2
+ krb5_size_opaque@krb5_3_MIT 1.6.dfsg.2
+ krb5_skdc_timeout_1@krb5_3_MIT 1.6.dfsg.2
+ krb5_skdc_timeout_shift@krb5_3_MIT 1.6.dfsg.2
+ krb5_sname_to_principal@krb5_3_MIT 1.6.dfsg.2
+ krb5_string_to_deltat@krb5_3_MIT 1.6.dfsg.2
+ krb5_string_to_salttype@krb5_3_MIT 1.6.dfsg.2
+ krb5_string_to_timestamp@krb5_3_MIT 1.6.dfsg.2
+ krb5_sync_disk_file@krb5_3_MIT 1.6.dfsg.2
+ krb5_tgtname@krb5_3_MIT 1.6.dfsg.2
+ krb5_timeofday@krb5_3_MIT 1.6.dfsg.2
+ krb5_timestamp_to_sfstring@krb5_3_MIT 1.6.dfsg.2
+ krb5_timestamp_to_string@krb5_3_MIT 1.6.dfsg.2
+ krb5_try_realm_txt_rr@krb5_3_MIT 1.6.dfsg.2
+ krb5_unlock_file@krb5_3_MIT 1.6.dfsg.2
+ krb5_unpack_full_ipaddr@krb5_3_MIT 1.6.dfsg.2
+ krb5_unparse_name@krb5_3_MIT 1.6.dfsg.2
+ krb5_unparse_name_ext@krb5_3_MIT 1.6.dfsg.2
+ krb5_unparse_name_flags@krb5_3_MIT 1.7dfsg
+ krb5_unparse_name_flags_ext@krb5_3_MIT 1.7dfsg
+ krb5_us_timeofday@krb5_3_MIT 1.6.dfsg.2
+ krb5_use_natural_time@krb5_3_MIT 1.6.dfsg.2
+ krb5_validate_times@krb5_3_MIT 1.6.dfsg.2
+ krb5_verify_authdata_kdc_issued@krb5_3_MIT 1.8+dfsg
+ krb5_verify_init_creds@krb5_3_MIT 1.6.dfsg.2
+ krb5_verify_init_creds_opt_init@krb5_3_MIT 1.6.dfsg.2
+ krb5_verify_init_creds_opt_set_ap_req_nofail@krb5_3_MIT 1.6.dfsg.2
+ krb5_vset_error_message@krb5_3_MIT 1.6.dfsg.2
+ krb5_walk_realm_tree@krb5_3_MIT 1.6.dfsg.2
+ krb5_write_message@krb5_3_MIT 1.6.dfsg.2
+ krb5int_accessor@krb5_3_MIT 1.6.dfsg.2
+ krb5int_cc_default@krb5_3_MIT 1.6.dfsg.2
+ krb5int_clean_hostname@krb5_3_MIT 1.8+dfsg
+ krb5int_cleanup_library@krb5_3_MIT 1.6.dfsg.2
+ krb5int_cm_call_select@krb5_3_MIT 1.6.dfsg.2
+ krb5int_copy_data_contents_add0@krb5_3_MIT 1.7dfsg
+ krb5int_find_authdata@krb5_3_MIT 1.7dfsg
+ krb5int_find_pa_data@krb5_3_MIT 1.7dfsg
+ krb5int_foreach_localaddr@krb5_3_MIT 1.6.dfsg.2
+ krb5int_free_addrlist@krb5_3_MIT 1.6.dfsg.2
+ krb5int_free_data_list@krb5_3_MIT 1.8+dfsg
+ krb5int_get_authdata_containee_types@krb5_3_MIT 1.8+dfsg
+ krb5int_init_context_kdc@krb5_3_MIT 1.6.dfsg.2
+ krb5int_initialize_library@krb5_3_MIT 1.6.dfsg.2
+ krb5int_pac_sign@krb5_3_MIT 1.7dfsg
+ krb5int_sendtokdc_debug_handler@krb5_3_MIT 1.6.dfsg.2
+ profile_abandon@krb5_3_MIT 1.6.dfsg.2
+ profile_add_node@krb5_3_MIT 1.6.dfsg.2
+ profile_add_relation@krb5_3_MIT 1.6.dfsg.2
+ profile_clear_relation@krb5_3_MIT 1.6.dfsg.2
+ profile_close_file@krb5_3_MIT 1.6.dfsg.2
+ profile_create_node@krb5_3_MIT 1.6.dfsg.2
+ profile_dereference_data@krb5_3_MIT 1.6.dfsg.2
+ profile_find_node@krb5_3_MIT 1.6.dfsg.2
+ profile_find_node_relation@krb5_3_MIT 1.6.dfsg.2
+ profile_find_node_subsection@krb5_3_MIT 1.6.dfsg.2
+ profile_flush@krb5_3_MIT 1.6.dfsg.2
+ profile_flush_file_data@krb5_3_MIT 1.6.dfsg.2
+ profile_free_file@krb5_3_MIT 1.6.dfsg.2
+ profile_free_list@krb5_3_MIT 1.6.dfsg.2
+ profile_free_node@krb5_3_MIT 1.6.dfsg.2
+ profile_get_boolean@krb5_3_MIT 1.6.dfsg.2
+ profile_get_integer@krb5_3_MIT 1.6.dfsg.2
+ profile_get_node_name@krb5_3_MIT 1.6.dfsg.2
+ profile_get_node_parent@krb5_3_MIT 1.6.dfsg.2
+ profile_get_node_value@krb5_3_MIT 1.6.dfsg.2
+ profile_get_relation_names@krb5_3_MIT 1.6.dfsg.2
+ profile_get_string@krb5_3_MIT 1.6.dfsg.2
+ profile_get_subsection_names@krb5_3_MIT 1.6.dfsg.2
+ profile_get_value@krb5_3_MIT 1.6.dfsg.2
+ profile_get_values@krb5_3_MIT 1.6.dfsg.2
+ profile_init@krb5_3_MIT 1.6.dfsg.2
+ profile_init_path@krb5_3_MIT 1.6.dfsg.2
+ profile_is_node_final@krb5_3_MIT 1.6.dfsg.2
+ profile_iterator@krb5_3_MIT 1.6.dfsg.2
+ profile_iterator_create@krb5_3_MIT 1.6.dfsg.2
+ profile_iterator_free@krb5_3_MIT 1.6.dfsg.2
+ profile_make_node_final@krb5_3_MIT 1.6.dfsg.2
+ profile_node_iterator@krb5_3_MIT 1.6.dfsg.2
+ profile_node_iterator_create@krb5_3_MIT 1.6.dfsg.2
+ profile_node_iterator_free@krb5_3_MIT 1.6.dfsg.2
+ profile_open_file@krb5_3_MIT 1.6.dfsg.2
+ profile_parse_file@krb5_3_MIT 1.6.dfsg.2
+ profile_release@krb5_3_MIT 1.6.dfsg.2
+ profile_release_string@krb5_3_MIT 1.6.dfsg.2
+ profile_remove_node@krb5_3_MIT 1.6.dfsg.2
+ profile_rename_node@krb5_3_MIT 1.6.dfsg.2
+ profile_rename_section@krb5_3_MIT 1.6.dfsg.2
+ profile_ser_externalize@krb5_3_MIT 1.6.dfsg.2
+ profile_ser_internalize@krb5_3_MIT 1.6.dfsg.2
+ profile_ser_size@krb5_3_MIT 1.6.dfsg.2
+ profile_set_relation_value@krb5_3_MIT 1.6.dfsg.2
+ profile_update_file_data@krb5_3_MIT 1.6.dfsg.2
+ profile_update_relation@krb5_3_MIT 1.6.dfsg.2
+ profile_verify_node@krb5_3_MIT 1.6.dfsg.2
+ profile_write_tree_file@krb5_3_MIT 1.6.dfsg.2
--- krb5-1.8.1+dfsg.orig/debian/libkadm5clnt-mit7.symbols
+++ krb5-1.8.1+dfsg/debian/libkadm5clnt-mit7.symbols
@@ -0,0 +1,112 @@
+libkadm5clnt_mit.so.7 libkadm5clnt-mit7 #MINVER#
+ HIDDEN@HIDDEN 1.8+dfsg
+ _kadm5_check_handle@kadm5clnt_mit_7_MIT 1.8+dfsg
+ _kadm5_chpass_principal_util@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_chpass_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_chpass_principal_3@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_chpass_principal_util@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_create_policy@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_create_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_create_principal_3@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_decrypt_key@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_delete_policy@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_delete_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_destroy@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_flush@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_free_config_params@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_free_key_data@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_free_name_list@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_free_policy_ent@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_free_principal_ent@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_admin_service_name@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_config_params@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_policies@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_policy@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_principals@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_get_privs@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init_anonymous@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init_iprop@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init_krb5_context@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init_with_creds@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init_with_password@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_init_with_skey@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_lock@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_modify_policy@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_modify_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_randkey_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_randkey_principal_3@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_rename_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_setkey_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_setkey_principal_3@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_setv4key_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5_unlock@kadm5clnt_mit_7_MIT 1.8+dfsg
+ kadm5clnt_mit_7_MIT@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_finish@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_boolean@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_deltat@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_int32@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_string@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_getvals@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_aprof_init@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_flags_to_string@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_free_key_data_contents@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_free_realm_params@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_input_flag_to_string@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_keysalt_is_present@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_keysalt_iterate@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_klog_close@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_klog_init@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_klog_reopen@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_klog_syslog@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_read_realm_params@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_string_to_flags@kadm5clnt_mit_7_MIT 1.8+dfsg
+ krb5_string_to_keysalts@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_chpass3_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_chpass_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_chrand3_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_chrand_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_chrand_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_cpol_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_cprinc3_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_cprinc_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_dpol_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_dprinc_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_generic_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_getprivs_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gpol_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gpol_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gpols_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gpols_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gprinc_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gprinc_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gprincs_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_gprincs_ret@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_kadm5_policy_ent_rec@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_kadm5_principal_ent_rec@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_kadm5_ret_t@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_deltat@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_enctype@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_flags@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_int16@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_key_data_nocontents@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_key_salt_tuple@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_keyblock@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_kvno@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_octet@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_principal@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_salttype@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_timestamp@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_tl_data@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_ui_2@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_krb5_ui_4@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_mpol_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_mprinc_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_nullstring@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_nulltype@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_rprinc_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_setkey3_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_setkey_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_setv4key_arg@kadm5clnt_mit_7_MIT 1.8+dfsg
+ xdr_ui_4@kadm5clnt_mit_7_MIT 1.8+dfsg
--- krb5-1.8.1+dfsg.orig/debian/krb5-multidev.dirs
+++ krb5-1.8.1+dfsg/debian/krb5-multidev.dirs
@@ -0,0 +1,2 @@
+usr/include/mit-krb5
+usr/lib/mit-krb5
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-dev.install
+++ krb5-1.8.1+dfsg/debian/libkrb5-dev.install
@@ -0,0 +1,2 @@
+usr/bin/krb5-config
+usr/share/man/man1/krb5-config.1
--- krb5-1.8.1+dfsg.orig/debian/krb5-doc.info
+++ krb5-1.8.1+dfsg/debian/krb5-doc.info
@@ -0,0 +1,3 @@
+build/info/krb5-admin.info
+build/info/krb5-install.info
+build/info/krb5-user.info
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc-ldap.insserv-override
+++ krb5-1.8.1+dfsg/debian/krb5-kdc-ldap.insserv-override
@@ -0,0 +1,9 @@
+### BEGIN INIT INFO
+# Provides: krb5-kdc
+# Required-Start: $local_fs $remote_fs $network $syslog
+# Required-Stop: $local_fs $remote_fs $network $syslog
+# Should-Start: slapd
+# Should-Stop: slapd
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.config
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.config
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+db_input low krb5-kdc/debconf || true
+db_go
+
+db_get krb5-kdc/debconf
+if [ x"$RET" = xtrue ] ; then
+ if [ -f "/etc/default/krb5-kdc" ] ; then
+ . /etc/default/krb5-kdc
+ fi
+fi
+
+
+
--- krb5-1.8.1+dfsg.orig/debian/krb5-admin-server.links
+++ krb5-1.8.1+dfsg/debian/krb5-admin-server.links
@@ -0,0 +1 @@
+usr/share/man/man8/kadmin.8.gz usr/share/man/man8/kadmin.local.8.gz
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-dev.dirs
+++ krb5-1.8.1+dfsg/debian/libkrb5-dev.dirs
@@ -0,0 +1,3 @@
+usr/lib
+usr/include
+usr/share/aclocal
--- krb5-1.8.1+dfsg.orig/debian/krb5-user.lintian-overrides
+++ krb5-1.8.1+dfsg/debian/krb5-user.lintian-overrides
@@ -0,0 +1 @@
+krb5-user: setuid-binary
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.postinst
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.postinst
@@ -0,0 +1,58 @@
+#! /bin/sh
+
+set -e
+
+if [ "configure" = "$1" ] || [ "reconfigure" = "$1" ] ; then
+ . /usr/share/debconf/confmodule
+ db_version 2.0
+
+ db_get krb5-config/default_realm || true
+ KRB5LD_DEFAULT_REALM="$RET"
+ if [ -z "$KRB5LD_DEFAULT_REALM" ] ; then
+ KRB5LD_DEFAULT_REALM=EXAMPLE.COM
+ fi
+ export KRB5LD_DEFAULT_REALM
+
+ db_get krb5-kdc/debconf
+ DEBCONF="$RET"
+
+ if [ ! -f /etc/krb5kdc/kdc.conf ] && [ $DEBCONF = "true" ] ; then
+ sed -e "s/@MYREALM/$KRB5LD_DEFAULT_REALM/" \
+ /usr/share/krb5-kdc/kdc.conf.template > /etc/krb5kdc/kdc.conf
+ fi
+
+ if [ $DEBCONF = "true" ] ; then
+ if [ -f "/etc/default/krb5-kdc" ] ; then
+ . /etc/default/krb5-kdc
+ fi
+ cat <<'EOF' > /etc/default/krb5-kdc
+
+# Automatically generated. Only the value of DAEMON_ARGS will be preserved.
+# If you change anything in this file other than DAEMON_ARGS, first run
+# dpkg-reconfigure krb5-kdc and disable managing the KDC configuration with
+# debconf. Otherwise, changes will be overwritten.
+
+EOF
+ if [ -n "$DAEMON_ARGS" ] ; then
+ echo "DAEMON_ARGS=\"$DAEMON_ARGS\"" >> /etc/default/krb5-kdc
+ fi
+ fi
+
+ db_stop
+fi
+
+# Only try to add the inetd line on an initial installation. Add it
+# commented out in a way that will not be automatically enabled, since the
+# Kerberos administrator should do that manually when ready.
+#
+# If update-inetd isn't available, don't bother, since it's just an example.
+if [ "configure" = "$1" ] && which update-inetd >/dev/null 2>&1 ; then
+ if [ -z "$2" ] || [ x"$2" = x"" ] ; then
+ update-inetd --add --group Kerberos \
+ '#krb5_prop\tstream\ttcp\tnowait\troot\t/usr/sbin/kpropd kpropd'
+ fi
+fi
+
+#DEBHELPER#
+
+exit 0
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-3.lintian-overrides
+++ krb5-1.8.1+dfsg/debian/libkrb5-3.lintian-overrides
@@ -0,0 +1 @@
+libkrb5-3: package-contains-empty-directory usr/lib/krb5/plugins/krb5/
--- krb5-1.8.1+dfsg.orig/debian/libkadm5srv-mit7.install
+++ krb5-1.8.1+dfsg/debian/libkadm5srv-mit7.install
@@ -0,0 +1 @@
+usr/lib/libkadm5srv_mit.so.7*
--- krb5-1.8.1+dfsg.orig/debian/rules
+++ krb5-1.8.1+dfsg/debian/rules
@@ -0,0 +1,181 @@
+#!/usr/bin/make -f
+# Based on sample debian/rules that uses debhelper.
+# GNU copyright 1997 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+SHELL=/bin/bash
+export SHELL
+
+# Tell Autoconf the correct system types. Needed for cross builds.
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+ SYSTEM = --build $(DEB_HOST_GNU_TYPE)
+ CACHE =
+else
+ SYSTEM = --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
+ CACHE = --cache-file=$(DEB_HOST_GNU_TYPE).cache
+endif
+
+CCOPTS=-g
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CCOPTS +=-O0
+else
+ CCOPTS +=-O2
+endif
+
+ifneq (,$(filter i486-linux-gnu x86_64-linux-gnu,$(DEB_HOST_GNU_TYPE)))
+ CCOPTS +=-D_FORTIFY_SOURCE=2 -fstack-protector
+ endif
+
+ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+ NUMJOBS = -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+endif
+
+# The flags to pass to dh_install specifying the upstream files to exclude.
+# We use --fail-missing to be sure we catch any new upstream files, so be
+# sure to update this list if upstream adds any more files we don't want.
+EXCLUDE = -Xtmac.doc -Xexamples/krb5 -Xgnats/mit -Xkrb5-send-pr \
+ -Xsserver -Xsim_server -Xuuserver -Xgss-server \
+ -Xsclient -Xsim_client -Xuuclient -Xgss-client
+
+LIB_PACKAGES = libkrb5-3 libgssapi-krb5-2 libkadm5clnt-mit7 libkadm5srv-mit7 libkdb5-4 libgssrpc4 \
+ libkrb5support0 libk5crypto3
+
+# We touch each configure and Autoconf-related file so that we do not attempt
+# to use Autoconf. The cache is used by the Embdebian project for cross
+# compiles.
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+ mkdir -p build
+ find src -name configure -print | xargs touch
+ find src \( -name \*hin -o -name \*.h.in -o -name \*.stmp \) -print \
+ | xargs touch
+ [ ! -f $(DEB_HOST_GNU_TYPE).cache ] \
+ || cp $(DEB_HOST_GNU_TYPE).cache build/
+ cd build && ../src/configure CFLAGS="$(CCOPTS) -D_REENTRANT" \
+ --prefix=/usr --localstatedir=/etc --mandir=/usr/share/man \
+ --with-system-et --with-system-ss --disable-rpath \
+ --enable-shared --with-ldap --without-tcl \
+ $(SYSTEM) $(CACHE)
+ touch configure-stamp
+
+# Build the info pages in a separate directory, since otherwise we'll
+# overwrite the info pages provided upstream and then debian/rules clean won't
+# get back to a virgin copy of the package.
+build: build-stamp
+build-stamp: configure-stamp
+ cd build && $(MAKE) $(NUMJOBS) all
+ -mkdir build/info
+ cd build/info && makeinfo ../../doc/admin.texinfo
+ cd build/info && makeinfo ../../doc/install.texinfo
+ cd build/info && makeinfo ../../doc/user-guide.texinfo
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ -rm -rf build
+ dh_clean build-stamp configure-stamp
+
+install: DH_OPTIONS=
+install: build
+ dh_testdir
+ dh_testroot
+ dh_prep
+ dh_installdirs
+
+ cd build && $(MAKE) install DESTDIR=`pwd`/../debian/tmp
+ install -d $(CURDIR)/debian/tmp/usr/lib/krb5 $(CURDIR)/debian/tmp/etc/insserv/overrides
+ install -m644 debian/krb5-kdc-ldap.insserv-override debian/tmp/etc/insserv/overrides/krb5-kdc
+ mv $(CURDIR)/debian/tmp/usr/lib/libkdb_ldap* \
+ $(CURDIR)/debian/tmp/usr/lib/krb5/
+ rm -f $(CURDIR)/debian/tmp/usr/lib/krb5/libkdb_ldap*.so
+
+ install -m644 src/util/ac_check_krb5.m4 \
+ debian/libkrb5-dev/usr/share/aclocal
+
+ dh_install --sourcedir=debian/tmp --fail-missing $(EXCLUDE)
+ set -e ; find debian/krb5-multidev/usr/lib/mit-krb5 -type l -name \*.so -print |\
+ while read linkname; do \
+ ln -s -f ../`readlink $$linkname` \
+ $$linkname; \
+ done
+ for dir in include lib; do \
+ (cd debian/krb5-multidev/usr/$$dir/mit-krb5 && \
+ find . -type d -print ) | (cd debian/libkrb5-dev/usr/$$dir && \
+ xargs mkdir -p); \
+ (cd debian/krb5-multidev/usr/$$dir/mit-krb5 && find . \( -type f -o -type l \) -print ) | \
+ (cd debian/libkrb5-dev/usr/$$dir && xargs -I+ ln -s /usr/$$dir/mit-krb5/+ +) ; \
+ done
+ # however we will handle libkadm5{srv,clnt.so} in dh_link
+# because they actually point to the current level not one level up
+ rm -f debian/krb5-multidev/usr/lib/mit-krb5/libkadm5{clnt,srv}.so
+
+
+ docbook-to-man debian/krb5_newrealm.sgml \
+ > debian/krb5-admin-server/usr/share/man/man8/krb5_newrealm.8
+ install -o root -g root -m 755 debian/krb5_newrealm \
+ debian/krb5-admin-server/usr/sbin
+ install -o root -g root -m 644 debian/kdc.conf \
+ debian/krb5-kdc/usr/share/krb5-kdc/kdc.conf.template
+ ln -s /usr/share/krb5-kdc/kdc.conf.template \
+ debian/krb5-kdc/usr/share/doc/krb5-kdc/examples/kdc.conf
+
+# Build architecture-independent files here.
+# Pass -i to all debhelper commands in this target to reduce clutter.
+binary-indep: DH_OPTIONS=-i
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs doc/CHANGES
+ dh_installdocs
+ dh_installinfo
+ dh_link
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture-dependent files here.
+# Pass -a to all debhelper commands in this target to reduce clutter. Strip
+# library packages separately and save the debug information for the
+# libkrb5-dbg package. This method strips the libraries in those packages
+# twice, but that should be harmless and all other ways of doing this seem
+# uglier.
+binary-arch: DH_OPTIONS=-a
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installdebconf
+ dh_installinit -- defaults 18 18
+ dh_lintian
+ set -e ; for pkg in $(LIB_PACKAGES) ; do \
+ DH_OPTIONS="" dh_strip -p$$pkg --dbg-package=libkrb5-dbg; \
+ DH_OPTIONS="" dh_makeshlibs -p$$pkg -Xusr/lib/krb5/plugins -- -c4 ; \
+ done
+ dh_strip
+ dh_link
+ dh_compress
+ dh_fixperms
+ chmod u+s debian/krb5-user/usr/bin/ksu
+ chmod 700 debian/krb5-kdc/var/lib/krb5kdc
+ chmod 700 debian/krb5-kdc/etc/krb5kdc
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean configure binary-indep binary-arch binary install
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.install
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.install
@@ -0,0 +1,10 @@
+usr/sbin/kproplog
+usr/share/man/man8/kproplog.8
+usr/sbin/kdb5_util
+usr/share/man/man8/kdb5_util.8
+usr/sbin/kpropd
+usr/share/man/man8/kpropd.8
+usr/sbin/krb5kdc
+usr/share/man/man8/krb5kdc.8
+usr/share/man/man5/kdc.conf.5
+usr/lib/krb5/plugins/kdb/db2.so
--- krb5-1.8.1+dfsg.orig/debian/README.KDC
+++ krb5-1.8.1+dfsg/debian/README.KDC
@@ -0,0 +1,51 @@
+ Running a Debian Kerberos Realm
+
+You will want to install the krb5-kdc and krb5-admin-server on your master
+KDC and at least krb5-kdc on any slave KDCs you have. You may wish to
+install krb5-admin-server on slaves in case you need them to become the
+master KDC in a hurry, but in this case you may want to configure
+krb5-admin-server to not start unless started manually. Otherwise,
+clients may change their password on a slave server, a change that will
+then be overwritten silently later and may cause user confusion. (This
+can only happen if the client is misconfigured to use a slave server as
+the admin server, but sometimes this happens.)
+
+If you want to use the LDAP backend, also install the krb5-kdc-ldap
+package, which contains the kldap plugin.
+
+krb5-kdc adds a commented-out line for kpropd to /etc/inetd.conf. You
+will want to uncomment this on slave KDCs so that they can receive updates
+from the master, but leave it commented out on the master.
+
+You should look at the KDC configuration file (/etc/krb5kdc/kdc.conf) and
+adjust the parameters appropriately. If you expect to be using a lot of
+Kerberos4 services, you should either remove +preauth from the default
+principal flags or select full krb4 support when prompted by debconf.
+(You can run dpkg-reconfigure on krb5-kdc to see this prompt again.) If
+you remove +preauth from the flags, principals will by default not require
+preauthentication. This is less secure since it opens you to offline
+dictionary attacks, but this level of security is what people have been
+suffering with throughout the lifetime of Kerberos4. You can turn on
+requires_preauth for specific high-security principals in kadmin. If you
+simply select full krb4 support, then Kerberos5 clients will require
+preauthentication, but all principals will be accepted for Kerberos4.
+This has a similar vulnerability to dictionary attacks and cannot be
+overridden by setting requires_preauth selectively.
+
+By default principals are created with most supported keys, including AES
+and 3DES keys. This means that if you ever decide at some point in the
+future that you no longer have any services using older weaker enctypes,
+you can get the full security benefits of stronger encryption types by
+dropping the weaker ones from supported_enctypes in /etc/krb5kdc/kdc.conf.
+Note however, that for some services, like AFS and Zephyr, you may need to
+only create single DES keys. You might do this by for example:
+
+ kadmin.local -e des-cbc-crc:normal -q "ktadd afs/ATHENA.MIT.EDU"
+
+Similarly, for old Java applications, you may need to create keys without
+AES enctypes, particularly if Java is using a ticket cache created by a
+different program.
+
+You will probably want to create /etc/krb5kdc/kadm5.acl to include a list
+of users who are authorized to run kadmin in your realm. The kadmind
+documentation provides examples.
--- krb5-1.8.1+dfsg.orig/debian/libgssrpc4.symbols
+++ krb5-1.8.1+dfsg/debian/libgssrpc4.symbols
@@ -0,0 +1,145 @@
+libgssrpc.so.4 libgssrpc4 #MINVER#
+ HIDDEN@HIDDEN 1.6.dfsg.2
+ gssrpc_4_MIT@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_debug_gss@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_debug_gssapi@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_create_default@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_display_status@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_seal_seq@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_unseal_seq@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_unwrap_data@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_auth_gssapi_wrap_data@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authgss_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authgss_create_default@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authgss_get_private_data@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authgss_service@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authnone_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authunix_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_authunix_create_default@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_bindresvport@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_callrpc@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_broadcast@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_pcreateerror@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_perrno@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_perror@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_spcreateerror@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_sperrno@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnt_sperror@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clntraw_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clnttcp_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clntudp_bufcreate@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_clntudp_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_get_myaddress@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_getrpcport@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_log_debug@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_log_hexdump@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_log_status@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_misc_debug_gss@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_misc_debug_gssapi@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_pmap_getmaps@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_pmap_getport@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_pmap_rmtcall@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_pmap_set@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_pmap_unset@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_registerrpc@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_rpc_createrr@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_auth_gss_creds@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_auth_gss_ops@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_auth_gssapi_ops@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_auth_none@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_auth_none_ops@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_debug_gss@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_debug_gssapi@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_fdset@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_fdset_init@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_getreq@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_getreqset@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_maxfd@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_register@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_run@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_sendreply@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svc_unregister@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gss_get_principal@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gss_set_log_badauth_func@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gss_set_log_badverf_func@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gss_set_log_miscerr_func@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gss_set_svc_name@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gssapi_set_log_badauth_func@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gssapi_set_log_badverf_func@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gssapi_set_log_miscerr_func@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gssapi_set_names@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcauth_gssapi_unset_names@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_auth@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_decode@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_noproc@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_noprog@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_progvers@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_systemerr@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcerr_weakauth@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcfd_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcraw_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svctcp_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcudp_bufcreate@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcudp_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_svcudp_enablecache@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_accepted_reply@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_array@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_authgssapi_creds@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_authgssapi_init_arg@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_authgssapi_init_res@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_authunix_parms@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_bool@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_bytes@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_callhdr@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_callmsg@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_char@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_des_block@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_enum@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_free@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_gss_buf@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_int32@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_int@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_long@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_netobj@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_opaque@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_opaque_auth@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_pmap@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_pmaplist@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_pointer@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_reference@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rejected_reply@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_replymsg@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rmtcall_args@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rmtcallres@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_buf@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_cred@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_data@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_init_args@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_init_res@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_unwrap_data@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_rpc_gss_wrap_data@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_short@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_sizeof@gssrpc_4_MIT 1.7dfsg~alpha1
+ gssrpc_xdr_string@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_u_char@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_u_int32@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_u_int@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_u_long@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_u_short@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_union@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_vector@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_void@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdr_wrapstring@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdralloc_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdralloc_getdata@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdralloc_release@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdrmem_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdrrec_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdrrec_endofrecord@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdrrec_eof@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdrrec_skiprecord@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xdrstdio_create@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xprt_register@gssrpc_4_MIT 1.6.dfsg.2
+ gssrpc_xprt_unregister@gssrpc_4_MIT 1.6.dfsg.2
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-3.install
+++ krb5-1.8.1+dfsg/debian/libkrb5-3.install
@@ -0,0 +1,2 @@
+usr/lib/libkrb5.so.3*
+usr/lib/krb5/plugins/preauth/encrypted_challenge.so
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.lintian-overrides
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.lintian-overrides
@@ -0,0 +1 @@
+krb5-kdc: non-standard-dir-perm
--- krb5-1.8.1+dfsg.orig/debian/libgssrpc4.install
+++ krb5-1.8.1+dfsg/debian/libgssrpc4.install
@@ -0,0 +1 @@
+usr/lib/libgssrpc.so.4*
--- krb5-1.8.1+dfsg.orig/debian/copyright
+++ krb5-1.8.1+dfsg/debian/copyright
@@ -0,0 +1,389 @@
+This package was debianized by Sam Hartman on
+Thu, 19 Oct 2000 16:05:06 -0400.
+
+It was downloaded from:
+
+
+
+Upstream Maintainers:
+
+ MIT Kerberos Team
+
+The doc/krb5-protocol directory has been removed from the upstream
+source package because it does not comply with the Debian Free
+Software Guidelines.
+
+Copyright:
+
+Copyright (C) 1985-2006 by the Massachusetts Institute of Technology.
+
+All rights reserved.
+
+Export of this software from the United States of America may require
+a specific license from the United States Government. It is the
+responsibility of any person or organization contemplating export to
+obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. Furthermore if you modify this software you must label
+your software as modified software and not distribute it in such a
+fashion that it might be confused with the original MIT software.
+M.I.T. makes no representations about the suitability of this software
+for any purpose. It is provided "as is" without express or implied
+warranty.
+
+THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+Individual source code files are copyright MIT, Cygnus Support,
+Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
+FundsXpress, and others.
+
+Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+and Zephyr are trademarks of the Massachusetts Institute of Technology
+(MIT). No commercial use of these trademarks may be made without
+prior written permission of MIT.
+
+"Commercial use" means use of a name in a product or other for-profit
+manner. It does NOT prevent a commercial firm from referring to the
+MIT trademarks in order to convey information (although in doing so,
+recognition of their trademark status should be given).
+
+ --------------------
+
+Portions of src/lib/crypto have the following copyright:
+
+ Copyright (C) 1998 by the FundsXpress, INC.
+
+ All rights reserved.
+
+ Export of this software from the United States of America may require
+ a specific license from the United States Government. It is the
+ responsibility of any person or organization contemplating export to
+ obtain such a license before exporting.
+
+ WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ distribute this software and its documentation for any purpose and
+ without fee is hereby granted, provided that the above copyright
+ notice appear in all copies and that both that copyright notice and
+ this permission notice appear in supporting documentation, and that
+ the name of FundsXpress. not be used in advertising or publicity pertaining
+ to distribution of the software without specific, written prior
+ permission. FundsXpress makes no representations about the suitability of
+ this software for any purpose. It is provided "as is" without express
+ or implied warranty.
+
+ THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+
+ --------------------
+
+The following copyright and permission notice applies to the
+OpenVision Kerberos Administration system located in kadmin/create,
+kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
+of lib/rpc:
+
+ Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
+
+ WARNING: Retrieving the OpenVision Kerberos Administration system
+ source code, as described below, indicates your acceptance of the
+ following terms. If you do not agree to the following terms, do not
+ retrieve the OpenVision Kerberos administration system.
+
+ You may freely use and distribute the Source Code and Object Code
+ compiled from it, with or without modification, but this Source
+ Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
+ INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
+ FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
+ EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
+ FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
+ CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
+ WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
+ CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
+ OTHER REASON.
+
+ OpenVision retains all copyrights in the donated Source Code. OpenVision
+ also retains copyright to derivative works of the Source Code, whether
+ created by OpenVision or by a third party. The OpenVision copyright
+ notice must be preserved if derivative works are made based on the
+ donated Source Code.
+
+ OpenVision Technologies, Inc. has donated this Kerberos
+ Administration system to MIT for inclusion in the standard
+ Kerberos 5 distribution. This donation underscores our
+ commitment to continuing Kerberos technology development
+ and our gratitude for the valuable work which has been
+ performed by MIT and the Kerberos community.
+
+ --------------------
+
+ Portions contributed by Matt Crawford were
+ work performed at Fermi National Accelerator Laboratory, which is
+ operated by Universities Research Association, Inc., under
+ contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
+
+ --------------------
+
+The implementation of the Yarrow pseudo-random number generator in
+src/lib/crypto/yarrow has the following copyright:
+
+ Copyright 2000 by Zero-Knowledge Systems, Inc.
+
+ Permission to use, copy, modify, distribute, and sell this software
+ and its documentation for any purpose is hereby granted without fee,
+ provided that the above copyright notice appear in all copies and that
+ both that copyright notice and this permission notice appear in
+ supporting documentation, and that the name of Zero-Knowledge Systems,
+ Inc. not be used in advertising or publicity pertaining to
+ distribution of the software without specific, written prior
+ permission. Zero-Knowledge Systems, Inc. makes no representations
+ about the suitability of this software for any purpose. It is
+ provided "as is" without express or implied warranty.
+
+ ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
+ ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
+ OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ --------------------
+
+The implementation of the AES encryption algorithm in
+src/lib/crypto/aes has the following copyright:
+
+ Copyright (c) 2001, Dr Brian Gladman , Worcester, UK.
+ All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explcit or implied warranties
+ in respect of any properties, including, but not limited to, correctness
+ and fitness for purpose.
+
+ --------------------
+
+Portions contributed by Red Hat, including the pre-authentication
+plug-ins framework, contain the following copyright:
+
+ Copyright (c) 2006 Red Hat, Inc.
+ Portions copyright (c) 2006 Massachusetts Institute of Technology
+ All Rights Reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+ * Neither the name of Red Hat, Inc., nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ --------------------
+
+The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
+src/lib/gssapi, including the following files:
+
+ lib/gssapi/generic/gssapi_err_generic.et
+ lib/gssapi/mechglue/g_accept_sec_context.c
+ lib/gssapi/mechglue/g_acquire_cred.c
+ lib/gssapi/mechglue/g_canon_name.c
+ lib/gssapi/mechglue/g_compare_name.c
+ lib/gssapi/mechglue/g_context_time.c
+ lib/gssapi/mechglue/g_delete_sec_context.c
+ lib/gssapi/mechglue/g_dsp_name.c
+ lib/gssapi/mechglue/g_dsp_status.c
+ lib/gssapi/mechglue/g_dup_name.c
+ lib/gssapi/mechglue/g_exp_sec_context.c
+ lib/gssapi/mechglue/g_export_name.c
+ lib/gssapi/mechglue/g_glue.c
+ lib/gssapi/mechglue/g_imp_name.c
+ lib/gssapi/mechglue/g_imp_sec_context.c
+ lib/gssapi/mechglue/g_init_sec_context.c
+ lib/gssapi/mechglue/g_initialize.c
+ lib/gssapi/mechglue/g_inquire_context.c
+ lib/gssapi/mechglue/g_inquire_cred.c
+ lib/gssapi/mechglue/g_inquire_names.c
+ lib/gssapi/mechglue/g_process_context.c
+ lib/gssapi/mechglue/g_rel_buffer.c
+ lib/gssapi/mechglue/g_rel_cred.c
+ lib/gssapi/mechglue/g_rel_name.c
+ lib/gssapi/mechglue/g_rel_oid_set.c
+ lib/gssapi/mechglue/g_seal.c
+ lib/gssapi/mechglue/g_sign.c
+ lib/gssapi/mechglue/g_store_cred.c
+ lib/gssapi/mechglue/g_unseal.c
+ lib/gssapi/mechglue/g_userok.c
+ lib/gssapi/mechglue/g_utils.c
+ lib/gssapi/mechglue/g_verify.c
+ lib/gssapi/mechglue/gssd_pname_to_uid.c
+ lib/gssapi/mechglue/mglueP.h
+ lib/gssapi/mechglue/oid_ops.c
+ lib/gssapi/spnego/gssapiP_spnego.h
+ lib/gssapi/spnego/spnego_mech.c
+
+are subject to the following license:
+
+ Copyright (c) 2004 Sun Microsystems, Inc.
+
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+ --------------------
+
+MIT Kerberos includes documentation and software developed at the
+University of California at Berkeley, which includes this copyright
+notice:
+
+ Copyright (C) 1983 Regents of the University of California.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+ 3. Neither the name of the University nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+ --------------------
+
+Portions contributed by Novell, Inc., including the LDAP database
+backend, are subject to the following license:
+
+ Copyright (c) 2004-2005, Novell, Inc.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ * The copyright holder's name is not used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+The file doc/kadmin/draft-ietf-cat-kerb-chg-password-02.txt is
+distributed under the following license:
+
+Copyright (c) 1998 Marc Horowitz.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. The names of Marc Horowitz or contributors
+ may not be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY MARC HOROWITZ AND THE CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL MARC HOROWITZ OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.postrm
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.postrm
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+if [ $1 = "purge" ] ; then
+ rm -f /etc/krb5kdc/kdc.conf 2>/dev/null || true
+ rm -f /etc/default/krb5-kdc 2>/dev/null || true
+ rm -f /etc/krb5kdc/kadm5.keytab 2>/dev/null || true
+ rm -f /etc/krb5kdc/kadm5.acl 2>/dev/null || true
+ rm -f /etc/krb5kdc/stash 2>/dev/null || true
+
+ # Prompt for whether we should remove the database.
+ if [ -d /var/lib/krb5kdc ] && [ -e /usr/share/debconf/confmodule ] ; then
+ . /usr/share/debconf/confmodule
+ db_version 2.0
+
+ db_input medium krb5-kdc/purge_data_too || true
+ db_go || true
+ db_get krb5-kdc/purge_data_too
+ if [ "$RET" = true ] ; then
+ rm -rf /var/lib/krb5kdc
+ fi
+ fi
+fi
+
+#DEBHELPER#
--- krb5-1.8.1+dfsg.orig/debian/libkdb-ldap1.install
+++ krb5-1.8.1+dfsg/debian/libkdb-ldap1.install
@@ -0,0 +1 @@
+usr/lib/libkdb_ldap*so.*
--- krb5-1.8.1+dfsg.orig/debian/libkrb5support0.install
+++ krb5-1.8.1+dfsg/debian/libkrb5support0.install
@@ -0,0 +1 @@
+usr/lib/libkrb5support.so.0*
--- krb5-1.8.1+dfsg.orig/debian/README.source
+++ krb5-1.8.1+dfsg/debian/README.source
@@ -0,0 +1,30 @@
+dpkg-source -x will generate sources ready for editing. The
+debian/patches directory is for the maintainer's convenience in
+tracking some old changes and is no longer used.
+
+Submitting Patch to the Maintainer:
+
+It's best to clone the git repository mentioned in debian/control and
+use the git format-patch command to generate patches. Attach these
+patches to bugs on the krb5 source package.
+
+
+Preparing a new Upstream version:
+
+You'll need two things to do this correctly. First, you'll need the
+upstream tarball. Secondly, you'll need the upstream subversion
+repository converted to git with parameters compatible with
+git://git.debian.org/git/pkg-k5-afs/krb5.git . My work flow combines
+the process of making DFSG modifications with the process of handling
+the SCM issues.
+From within a git repository containing both the upstream tag for the release and the debian packaging:
+
+1) Make sure there is a local upstream branch that descends from origin/upstream
+2) debian/prepsource upstream_tarfile tag_from_subversion upstream/version_number
+
+This will update the upstream branch and create an upstream tag. You
+will then probably want to `git merge upstream/upstream_version` to
+merge in the changes into the Debian packaging branch.
+
+
+ -- Sam Hartman , Wed, 27 May 2009 20:48:33 -0400
--- krb5-1.8.1+dfsg.orig/debian/README.Debian
+++ krb5-1.8.1+dfsg/debian/README.Debian
@@ -0,0 +1,110 @@
+ MIT Kerberos for Debian
+
+Kerberos Package Roadmap
+
+ Most systems using Kerberos should install at least krb5-user, which
+ contains the basic kinit, klist, and kdestroy binaries to manage user
+ Kerberos credentials, as well as other basic utilities. In order to
+ use Kerberos passwords for local authentication and obtain Kerberos
+ credentials automatically when logging in, install and configure
+ libpam-krb5.
+
+ To log on to other systems using Kerberos authentication, most sites
+ will find a Kerberos-enabled sshd the most convenient. Either
+ the openssh-client and openssh-server packages version 1:4.2p1-2 or
+ later (preferrable) or openssh-krb5 (for older Debian releases) will
+ work. See the ssh documentation for information on enabling GSSAPI
+ authentication (which is how Kerberos authentication is done over the
+ ssh protocol).
+
+ Some sites will instead prefer to use Kerberos-enabled versions of the
+ standard Unix login utilities (rsh, rlogin, telnet, ftp). The clients
+ are available in the krb5-clients package and the servers are available
+ in the krb5-rsh-server, krb5-telnetd, and krb5-ftpd packages. Please
+ note that the telnetd and ftpd included in those packages do not use PAM
+ (this is not supported upstream and may or may not ever be supported);
+ they only support Kerberos and will not run other PAM modules. For more
+ flexible login support, use Kerberos-enabled ssh instead.
+
+ The krb5-kdc and krb5-admin-server packages are only needed and used on
+ Kerberos KDCs, only one set of which is needed for each independently
+ managed Kerberos realm. For more information on how to set up a
+ Kerberos realm using the Debian packages, install krb5-kdc and then read
+ /usr/share/doc/krb5-kdc/README.KDC.
+
+Documentation
+
+ All Kerberos binaries and most configuration files have manual pages.
+ For the info pages and reference manual, install krb5-doc. If you need
+ additional information, see .
+
+Debian-Specific Information
+
+ MIT distributes the Kerberos sources as a tarball and a PGP signature,
+ tarred up into a single .tar file. In order to create the Debian
+ original upstream source (.orig.tar.gz), I untarred the parent tarball,
+ checked the PGP signature, and used the contained tarball as the
+ upstream source.
+
+ MIT Kerberos is built against the libcom_err and libss provided by the
+ e2fsprogs source package. It is built against the version of db
+ included in src/util/db2 in the Kerberos sources. In the future,
+ krb5-kdc may change to use db4, although doing so will make upgrades
+ somewhat difficult.
+
+ None of the sample clients and servers are installed. As a general
+ rule, these are not useful unless you are doing development, and in such
+ a situation you probably want to build them from source.
+
+ Note that by default, no unencrypted services are enabled. That means,
+ if you are using krb5-clients and the supporting server packages, you
+ need to use rlogin -x to connect to a Debian system and if you use rsh
+ or rcp without the -x option you will get an error that encryption is
+ required. In this day and age, not encrypting network traffic is a good
+ way to get attacked.
+
+ If installed, krb5-rsh-server by default allows any user in the local
+ realm whose principal matches a local account name to log on to that
+ account. See the klogind and kshd man pages. If this isn't the
+ behavior you want, one option is to create an empty .k5login file in the
+ home directory of every user and then add principals to those files
+ where it's appropriate. One way to do this for all newly created users
+ is:
+
+ touch /etc/skel/.k5login
+
+ This will cause an empty .k5login file to be put in the home directory
+ of newly created users.
+
+krb524 AFS Conversion
+
+ The following section is only of use to Kerberos users who also use the
+ AFS distributed file system.
+
+ An alternate conversion is provided for AFS servers that support the
+ encrypted part of a krb5 ticket as an AFS token. If krb524d is
+ converting a principal whose first component is afs and if the encrypted
+ part of the ticket fits in 344 bytes, then it will default to simply
+ returning the encrypted part of the ticket as a token. If it turns out
+ that the AFS server does not support the ticket, then users will get an
+ unknown key version error and the krb524d must be configured to use v4
+ tickets for this AFS service.
+
+ The krb524d looks in the appdefaults section of krb5.conf for an
+ application called afs_krb5 to determine whether AFS principals support
+ encrypted ticket parts as tokens. The following configuration fragment
+ says that afs/sipb.mit.edu@ATHENA.MIT.EDU supports the new token format
+ but afs@ATHENA.MIT.EDU and afs/athena.mit.edu@ATHENA.MIT.EDU do not.
+ Note that the default is to assume afs servers support the new format.
+
+ [appdefaults]
+ afs_krb5 = {
+ ATHENA.MIT.EDU = {
+ # This stanza describes principals in the ATHENA.MIT.EDU realm
+ afs = false
+ afs/athena.mit.edu = false
+ afs/sipb.mit.edu = true
+ }
+ }
+
+ -- Russ Allbery , Fri Dec 2 21:05:05 2005
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.prerm
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.prerm
@@ -0,0 +1,13 @@
+#! /bin/sh
+
+set -e
+
+if test "remove" = "$1"; then
+ if which update-inetd >/dev/null 2>&1 ; then
+ update-inetd --remove '#?krb5_prop.*/usr/sbin/kpropd'
+ fi
+fi
+
+#DEBHELPER#
+
+exit 0
--- krb5-1.8.1+dfsg.orig/debian/krb5_newrealm
+++ krb5-1.8.1+dfsg/debian/krb5_newrealm
@@ -0,0 +1,41 @@
+#!/bin/sh -e
+
+cat </etc/krb5kdc/kadm5.acl
+# This file Is the access control list for krb5 administration.
+# When this file is edited run /etc/init.d/krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal
+# ending in /admin is given full administrative rights.
+# To enable this, uncomment the following line:
+# */admin *
+EOF
+ fi
+cat < Tue, 11 Oct 2011 06:52:39 -0700
+
+krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low
+
+ * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
+ pointer.
+ - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
+ - CVE-2011-0285
+ - MITKRB5-SA-2011-004
+
+ -- Kees Cook Mon, 18 Apr 2011 15:40:00 -0700
+
+krb5 (1.8.1+dfsg-5ubuntu0.6) maverick-security; urgency=low
+
+ * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
+ capability is used.
+ - src/kdc/do_as_req.c: clear fields on allocation; applied inline,
+ thanks to upstream
+ - CVE-2011-0284
+ - MITKRB5-SA-2011-003
+
+ -- Steve Beattie Mon, 14 Mar 2011 15:46:36 -0700
+
+krb5 (1.8.1+dfsg-5ubuntu0.4) maverick-security; urgency=low
+
+ * SECURITY UPDATE: kpropd denial of service via invalid network input
+ - src/slave/kpropd.c: don't return on kpropd child exit; applied
+ inline.
+ - CVE-2010-4022
+ - MITKRB5-SA-2011-001
+ * SECURITY UPDATE: kdc denial of service from unauthenticated remote
+ attackers
+ - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h,
+ src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c,
+ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c,
+ src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:
+ applied inline
+ - CVE-2011-0281
+ - CVE-2011-0282
+ - MITKRB5-SA-2011-002
+
+ -- Steve Beattie Wed, 09 Feb 2011 11:58:55 -0800
+
+krb5 (1.8.1+dfsg-5ubuntu0.2) maverick-security; urgency=low
+
+ * SECURITY UPDATE: message forgery and privilege escalation via
+ unacceptable checksums
+ - src/lib/crypto/krb/dk/derive.c, src/lib/crypto/krb/keyed_checksum_types.c,
+ src/lib/gssapi/krb5/util_crypt.c, src/lib/krb5/krb/mk_safe.c,
+ src/lib/krb5/krb/pac.c, src/lib/krb5/krb/preauth2.c,
+ src/plugins/preauth/pkinit/pkinit_srv.c: patched inline, thanks to
+ upstream.
+ - CVE-2010-1323
+ - CVE-2010-1324
+ - CVE-2010-4020
+ - MITKRB5-SA-2010-007
+
+ -- Marc Deslauriers Wed, 08 Dec 2010 09:11:44 -0500
+
+krb5 (1.8.1+dfsg-5ubuntu0.1) maverick-security; urgency=low
+
+ * SECURITY UPDATE: remote authenticated user denial of service.
+ - src/kdc/kdc_authdata.c: patched inline, thanks to upstream.
+ - CVE-2010-1322, MITKRB5-SA-2010-006
+
+ -- Kees Cook Mon, 04 Oct 2010 14:52:55 -0700
+
+krb5 (1.8.1+dfsg-5) unstable; urgency=low
+
+ * Ignore duplicate token sent in mechListMIC from Windows 2000 SPNEGO
+ (LP: #551901)
+ * krb5-admin-server starts after krb5-kdc, Closes: #583494
+
+ -- Sam Hartman Thu, 27 May 2010 20:49:13 -0400
+
+krb5 (1.8.1+dfsg-4) unstable; urgency=low
+
+ * fix prerm script (Closes: #577389), thanks Harald Dunkel
+
+
+ -- Sam Hartman Thu, 20 May 2010 12:33:43 -0400
+
+krb5 (1.8.1+dfsg-3) unstable; urgency=high
+
+ * CVE-2010-1321 GSS-API accept sec context null pointer deref, Closes:
+ #582261
+ * Force use of bash for build, Closes: #581473
+ * Start slapd before krb5 when krb5-kdc-ldap installed, Closes:
+ #582122
+
+
+ -- Sam Hartman Wed, 19 May 2010 16:37:36 -0400
+
+krb5 (1.8.1+dfsg-2) unstable; urgency=high
+
+ * Fix crash in renewal and validation, Thanks Joel Johnson for such a
+ prompt bug report, Closes: #577490
+
+ -- Sam Hartman Mon, 12 Apr 2010 13:08:35 -0400
+
+krb5 (1.8.1+dfsg-1) unstable; urgency=high
+
+ * New upstream release
+ * Fixes significant ABI incompatibility between Heimdal and MIT in the
+ init_creds_step API; backward incompatible change in the meaning of
+ the flags API. Since this was introduced in 1.8 and since no better
+ solution was found, it's felt that getting 1.8.1 out everywhere that
+ had 1.8 very promptly is the right approach. Otherwise software build
+ against 1.8 will be broken in the future.
+ * Testing of Kerberos 1.8 showed an incompatibility between Heimdal/MIT
+ Kerberos and Microsoft Kerberos; resolve this incompatibility. As a
+ result, mixing KDCs between 1.8 and 1.8.1 in the same realm may
+ produce undesirable results for constrained delegation. Again,
+ another reason to replace 1.8 with 1.8.1 as soon as possible.
+ * Acknowledge security team upload, thanks for picking up the slack and
+ sorry it was necessary
+
+ -- Sam Hartman Sun, 11 Apr 2010 10:12:59 -0400
+
+krb5 (1.8+dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0628: denial of service (assertion failure and daemon crash)
+ via an invalid packet that triggers incorrect preparation of an error
+ token. (Closes: 575740)
+ * Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703)
+
+ -- Giuseppe Iuculano Fri, 09 Apr 2010 19:11:50 +0200
+
+krb5 (1.8+dfsg-1) unstable; urgency=low
+
+ * New upstream version
+ * Include new upstream notice file in docs
+ * Update symbols files
+ * Include upstream ticket 6676: fix handling of cross-realm tickets
+ issued by W2K8R2
+ * Add ipv6 support to kprop, Michael Stapelberg, Closes: #549476
+ * New Brazilian Portuguese translations, Thanks Eder L. Marques,
+ Closes: #574149
+
+ -- Sam Hartman Wed, 17 Mar 2010 15:51:54 -0400
+
+krb5 (1.8+dfsg~alpha1-7) unstable; urgency=high
+
+ * MITKRB5-SA-2010-001: Avoid an assertion failure leading to a denial of
+ service in the KDC by doing better input validation. (CVE-2010-0283)
+ * Update standards version to 3.8.4 (no changes required).
+
+ -- Russ Allbery Tue, 16 Feb 2010 12:20:51 -0800
+
+krb5 (1.8+dfsg~alpha1-6) unstable; urgency=medium
+
+ * Import upstream fixes including:
+ - A non-conformance with RFC 4120 that causes enc_padata to be
+ included when the client may not support it
+ - Weak crypto acts as a filter and does not reject if DES is
+ included in krb5.conf, fixes Samba net ads join, Closes: #566977
+ * Medium urgency because of the samba bug fix. If the samba maintainers
+ request the release team to bump to high I'd support that.
+ * Update libkdb5 symbols for new upstream internal interface
+
+ -- Sam Hartman Fri, 12 Feb 2010 12:24:26 -0500
+
+krb5 (1.8+dfsg~alpha1-5) unstable; urgency=high
+
+ [ Sam Hartman ]
+ * New API to allow an application to enable weak crypto
+ * Rename libkadm5clnt and libkadm5srv to libkadm5clnt_mit and
+ libkadm5srv_mit in order to avoid conflicts with Heimdal packages.
+ Sorry for the second trip through new, but we needed to coordinate
+ with upstream on the ABI issues involved with this change.
+ * Medium urgency in order to get a fix for openafs-krb5 weak crypto into
+ testing sooner
+ * Include fix for pam-krb5 segfault with wrong password; bump urgency to
+ high.
+
+ [ Russ Allbery ]
+ * Change libkrb5-dbg to only depend on libkrb5-3, libk5crypto3, or
+ libkrb5support0. All of the other packages for which it provides
+ debugging symbols also depend on one of those packages and always
+ will, so listing the disjunction of every library package is
+ overkill. Remove from the Depends several obsolete library packages
+ no longer included.
+ * Drop obsolete Replaces for libkadm5srv-mit7 and libkadm5clnt-mit7.
+ * Wrap krb5-multidev dependencies and description and shorten the short
+ description.
+ * Reformat NEWS.Debian to avoid using a bulleted list per devref.
+
+ [ Sam Hartman ]
+ * Link libkadm5{clnt,srv}.so specially so that the links work without
+ libkrb5-dev installed
+
+ -- Sam Hartman Fri, 22 Jan 2010 23:35:09 -0500
+
+krb5 (1.8+dfsg~alpha1-4) unstable; urgency=high
+
+ * Add replaces to deal with moving files from krb5-multidev to
+ libkrb5-dev, Closes: #565217
+ * This is definitely the getting all the conflicts combinations right is
+ tricky series of releases. Sorry about the wasted cycles.
+
+ -- Sam Hartman Wed, 13 Jan 2010 19:00:37 -0500
+
+krb5 (1.8+dfsg~alpha1-3) unstable; urgency=high
+
+ * Move files to avoid overlap between heimdal-dev and krb5-multidev,
+ Closes: #565132
+
+ -- Sam Hartman Wed, 13 Jan 2010 04:18:32 -0500
+
+krb5 (1.8+dfsg~alpha1-2) unstable; urgency=high
+
+ * While Kerberos 1.8 is not vulnerable to CVE-2009-4212 (the vulnerable
+ code was removed during the 1.8 release process for code
+ simplification and code size reasons), this is urgency high to get a
+ version of Kerberos that fixes that integer underflow in the AES and
+ RC4 code into testing.
+ * For now, heimdal and MIT shared libraries for kadm5 will conflict;
+ discussions of how to fix this are ongoing upstream, Closes: #564666
+ * New translations; sorry about missing them in the last upload
+ - Vietnamese, Thanks Clytie Siddall, Closes: #548204
+ - Basque, Thanks Piarres Beobide, Closes: #534284
+ * Update standards version (no changes required)
+ * Pull upstream changes made since alpha1 into the package. In
+ particular this includes a fix to a bug where unkeyed checksums are
+ accepted by the FAST KDC backend. That bug was introduced between 1.7
+ and 1.8 alpha1 so is only present in prior Debian packages of 1.8. See
+ upstream tickets 6632 and 6633.
+
+ -- Sam Hartman Tue, 12 Jan 2010 19:26:09 -0500
+
+krb5 (1.8+dfsg~alpha1-1) unstable; urgency=low
+
+ * Include symlinks in libkrb5-dev too
+ * New upstream release
+ * Fix .so symlinks in krb5-multidev
+
+ -- Sam Hartman Fri, 08 Jan 2010 22:41:23 -0500
+
+krb5 (1.8+dfsg~aa+r23527-1) experimental; urgency=low
+
+ * MIT krb5 trunk prior to 1.8 branch
+ * Remove krb5-telnet, krb5-ftpd, krb5-clients, krb5-rsh-server, no
+ longer provided upstream. These are provided now in a separate source
+ distribution.
+ * Bring back functions needed by Samba, Closes: #531635
+ * I know that the symbols revisions are generating lintian warnings;
+ that will be cleaned up when upstream actually makes an alpha release
+ * Implement krb5-multidev similar to heimdal-multidev so that packages
+ can be built against both MIT Kerberos and Heimdal
+
+ -- Sam Hartman Sun, 03 Jan 2010 17:54:04 -0500
+
+krb5 (1.7+dfsg-4) unstable; urgency=high
+
+
+ * cve-2009-3295, MIT-KRB5-SA-2009-003: KDC crash when failing to find
+ the realm of a host., Thanks 2Jakob Haufe for the report to Debian
+
+ -- Sam Hartman Mon, 28 Dec 2009 10:42:32 -0500
+
+krb5 (1.7+dfsg-3) unstable; urgency=low
+
+ * Fix typo in control file
+ * Exclude usr/lib/krb5/plugins from dh_makeshlibs call to deal with
+ behavior change in dh_makeshlibs, Closes: #558719
+
+ -- Sam Hartman Sun, 29 Nov 2009 23:24:01 -0500
+
+krb5 (1.7+dfsg-2) unstable; urgency=low
+
+ * Only picked up part of the upstream fix to #557979; upstream fully
+ reverted to 1.6.
+
+ -- Sam Hartman Sun, 29 Nov 2009 19:34:44 -0500
+
+krb5 (1.7+dfsg-1) unstable; urgency=low
+
+ * New upstream version, Closes: #554225
+ * Several fixes applied after the 1.7 release:
+ - 6506: correctly handle keytab vs stash file
+ - 6508: kadmind ACL parsing could reference uninitialized memory
+ - 6509: kadmind can reference null pointer on ACL error
+ - 6511: uninitialized memory passed to krb5_free_error in change
+ password client path
+ - 6514: none replay cache memory leak
+ - 6515: profile library mutex performance improvements
+ - 6541: memory leak in PAC verify code
+ - 6542: Check for null characters in pkinit certs
+ - 6543: login vs user order in ftpd sometimes wrong
+ - 6551: Memory leak in spnego accept_sec_context error path
+ * libkrb5-dev depends on libkadm5clnt6 (LP: #472080)
+ * Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979, (LP:
+ #489418)
+
+ -- Sam Hartman Sun, 29 Nov 2009 17:29:26 -0500
+
+krb5 (1.7dfsg~beta3-2) UNRELEASED; urgency=low
+
+ * Update to policy 3.8.2 (no changes)
+
+ -- Sam Hartman Sat, 20 Jun 2009 06:32:22 -0400
+
+krb5 (1.7dfsg~beta3-1) unstable; urgency=low
+
+ * New upstream release
+ * Revert relaxation of Debian symbol versions introduced in
+ 1.7dfsg~beta1-3
+ * Fix kproplog's manpage (LP: #374819)
+
+ -- Sam Hartman Wed, 27 May 2009 21:15:41 -0400
+
+krb5 (1.7dfsg~beta2-4) unstable; urgency=low
+
+ * Upstream fixes to RT #6490, Closes: #528729
+ - Use MS usage 9 not 8 for tgs-rep encrypted in subkey
+ - Do not use keyed checksum with RC4; WS2003 expects it to be
+ encrypted in the subsession key, everyone else expects the session
+ key. Note that a keyed checksum for RC4 would work against WS2008.
+ * Patch from Marc Dequ?nes (Duck) for HURD portability, Closes:
+ #528828
+
+ -- Sam Hartman Wed, 20 May 2009 08:57:53 -0400
+
+krb5 (1.7dfsg~beta2-3) unstable; urgency=low
+
+ * Use correct enctype identifier in lucid security context export,
+ Closes: #528514
+
+ -- Sam Hartman Mon, 18 May 2009 14:59:46 -0400
+
+krb5 (1.7dfsg~beta2-2) unstable; urgency=low
+
+ * Apply upstream patch from ticket 6488 intended to fix
+ gss_krb5_export_lucid_sec_context and thus NFS; hopefully fixes
+ #528514
+ * Apply patch from ticket 6489 to fix UCS2 handling in RC4 string to
+ key and PAC routines
+
+ -- Sam Hartman Thu, 14 May 2009 16:21:48 -0400
+
+krb5 (1.7dfsg~beta2-1) unstable; urgency=low
+
+ * New Upstream release including FAST support for DES and 3DES.
+ * Remove non-free content accidentally reintroduced in beta1, Closes: #528555
+ * Add strict dependency from libgssapi-krb5-2 to libkrb5-3 as discussed
+ in #528514
+
+ -- Sam Hartman Wed, 13 May 2009 14:09:31 -0400
+
+krb5 (1.7dfsg~beta1-4) unstable; urgency=low
+
+ * When decrypting the TGS response fails with the subkey, try with the
+ session key to work around Heimdal bug, Closes: #527353
+
+ -- Sam Hartman Thu, 07 May 2009 16:16:34 -0400
+
+krb5 (1.7dfsg~beta1-3) unstable; urgency=low
+
+ * Relax symbol versions of symbols that exist in krb5 1.6.dfsg.2 to
+ 1.6.dfsg.2. No software currently in Debian uses the new
+ functionality, and this will ease the transition because it allows
+ krb5 to move independently of packages that are being rebuilt. This
+ change will be reverted before the end of May, 2009.
+
+ -- Sam Hartman Tue, 05 May 2009 09:01:17 -0400
+
+krb5 (1.7dfsg~beta1-2) unstable; urgency=low
+
+ * Upload to unstable with permission of release team; note that this
+ upload will make anything that depends on libkrb53 uninstallable in
+ unstable. The release team will make binary only NMUs to rebuild any
+ such packages and they will depend on the new libraries. Packages
+ built since 1.6.dfsg.4~beta1-9 entered unstable should not be affected.
+ * Upstream change: return PREAUTH_REQUIRED not PREAUTH_FAILED on unknown
+ preauth type in the KDC.
+ * Remove a bunch of patches applied ustream from debian/patches
+
+ -- Sam Hartman Mon, 04 May 2009 16:19:09 -0400
+
+krb5 (1.7dfsg~beta1-1) experimental; urgency=low
+
+ * New upstream release
+ - kadmin and related commands moved to /usr/bin, Closes: #477296
+ - Kadmin headers are Public: Closes: #191616
+ - KDC supports loopback address, Closes: #478425
+
+ -- Sam Hartman Wed, 22 Apr 2009 09:53:15 -0400
+
+krb5 (1.7dfsg~alpha1-1) experimental; urgency=low
+
+ * New upstream version
+
+ -- Sam Hartman Sun, 05 Apr 2009 20:46:14 -0400
+
+krb5 (1.6.dfsg.4~beta1-13) unstable; urgency=high
+
+ * MITKRB5-SA-2009-001: Fix read-beyond-end-of-buffer DOS in SPNEGO, an
+ SPNEGO null pointer dereference, and incorrect length validation in
+ an ASN.1 decoder. (CVE-2009-0844, CVE-2009-0845, CVE-2009-0847)
+ * MITKRB5-SA-2009-002: ASN.1 general time decoder can free uninitialized
+ pointer. (CVE-2009-0846)
+ * Add dependency on libkrb53 from libkrb5-dev. This should make it
+ significantly more difficult for buildds to get out of sync. I don't
+ think we can do better within the constraints of this transition,
+ Closes: #522469
+
+ -- Sam Hartman Tue, 07 Apr 2009 14:58:31 -0400
+
+krb5 (1.6.dfsg.4~beta1-12) unstable; urgency=low
+
+ * Translation updates:
+ - Romanian, thanks Eddy Petrișor. (Closes: #519660)
+ - Finnish, thanks Esko Arajärvi. (Closes: #519741)
+ - Russian, thanks Sergey Alyoshin. (Closes: #519744)
+ - Spanish, thanks Francisco Javier Cuadrado. (Closes: #519808)
+
+ -- Russ Allbery Fri, 27 Mar 2009 11:24:28 -0700
+
+krb5 (1.6.dfsg.4~beta1-11) unstable; urgency=low
+
+ * Upload from the partial-krb4 branch not the master branch so we don't
+ break unstable.
+ - Restore libkrb53 and libkadm55
+ * Resync the aes test files from upstream to fix a line ending problem
+ and significantly shrink the debian diff
+
+ -- Sam Hartman Fri, 13 Mar 2009 10:19:42 -0400
+
+krb5 (1.6.dfsg.4~beta1-10) unstable; urgency=low
+
+ * Add Homepage control field.
+ * Add ${misc:Depends} to dependencies for all packages.
+ * Expand the packages that satisfy the libkrb5-dbg dependency.
+ * Include a few more details about the differences between the various
+ library packages in their long descriptions and fix some whitespace
+ inconsistencies. Thanks, Gerfried Fuchs. (Closes: #519403)
+ * Remove empty usr/include/kerberosIV directory in libkrb5-dev.
+ * Use set -e instead of #!/bin/sh -e for all maintainer scripts.
+ * Use which without a path to check for update-inetd.
+ * Improve the leading comment in /etc/default/krb5-kdc.
+ * Remove unnecessary section override for krb5-pkinit.
+ * Update to debhelper compatibility level V7.
+ - Use dh_lintian to install Lintian overrides.
+ - Use dh_prep instead of dh_clean -k.
+ * Update standards version to 3.8.1 (no changes required).
+ * Fix superfluous space in the krb5-kdc debconf templates and unfuzzy
+ translations. Thanks, Helge Kreutzmann. (Closes: #518403)
+ * Translation updates:
+ - French, thanks Christian Perrier. (Closes: #518221)
+ - Japanese, thanks TANAKA Atushi. (Closes: #518345)
+ - Swedish, thanks Martin Bagge. (Closes: #518347)
+ - German, thanks Helge Kreutzmann. (Closes: #518402)
+ - Czech, thanks Miroslav Kure. (Closes: #518993)
+ - Portuguese, thanks Miguel Figueiredo. (Closes: #519000)
+ - Italian, thanks Luca Monducci. (Closes: #519178)
+ - Galician, thanks Marce Villarino. (Closes: #519481)
+
+ -- Russ Allbery Thu, 12 Mar 2009 18:00:31 -0700
+krb5 (1.6.dfsg.4~beta1-9) unstable; urgency=medium
+
+ * Fix typo in downgrade instructions in NEWS file.
+ * Fix override for libkadm55
+ * Upload to unstable.
+
+ -- Sam Hartman Sun, 01 Mar 2009 15:33:58 -0500
+
+krb5 (1.6.dfsg.4~beta1-8) experimental; urgency=low
+
+ * Re-introduce libkrb53 and libkadm55 based on discussion on
+ debian-devel; in this version, libkrb53 contains only libkrb4. Both
+ libkrb53 and libkadm55 depend on the split library packages. These
+ dependencies are unversioned; that means that before any symbols are
+ added the shlibs files need to be repointed away from libkrb53 and
+ libkadm55. Any version of the split library packages can satisfy the
+ symbols needed by the libraries previously shipped in libkrb53.
+ * Perform two builds; one without krb4 and one with krb4 for the only
+ warnings; they will go away when the shlibs files are repointed.
+ * Remove krb4 support from debconf and init scripts.
+ * Remove the krb4 migration guide from doc-base
+ * Fix up replaces in control file so that libraries that used to be in
+ libkadm55 claim to replace libkadm55
+ * Only use parallel builds on the krb5 build; it breaks krb4 enabled
+ builds.
+ * Used versioned replaces; this seems to make it harder to get a system
+ into a broken state if you remove the new packages, Closes: #517483
+
+ -- Sam Hartman Sat, 28 Feb 2009 00:42:51 -0500
+
+krb5 (1.6.dfsg.4~beta1-7) experimental; urgency=low
+
+ * Do not build krb4 support; this is being removed upstream with 1.7 and
+ it is strongly desirable to examine the debian implications.
+ * As a result, the libraries which were previously all in libkrb53 need
+ to change package names as we are dropping some libraries. So, split
+ out the libraries into lib- per policy. The old
+ format was consistent with policy when it was written 8 years ago, and
+ has lasted well. As a result, a significant number of new library
+ packages are introduced.
+ * Use dpkg-gensymbols support for .symbols files for better version tracking
+ * Update to policy 3.8.0
+ - Support parallel=
+
+ -- Sam Hartman Fri, 20 Feb 2009 16:57:43 -0500
+
+krb5 (1.6.dfsg.4~beta1-6) unstable; urgency=low
+
+ * In the krb5-install info pages, document the need to create an empty
+ database on new slaves before the first database propagation to work
+ around a bug in kdb5_util. This is a workaround for Bug#512670, which
+ won't be fixed in time for the lenny release.
+
+ -- Russ Allbery Sun, 01 Feb 2009 10:07:37 -0800
+
+krb5 (1.6.dfsg.4~beta1-5) unstable; urgency=low
+
+ * Correct the actions of krb5_newrealm in its man page. It doesn't
+ create a keytab for kadmind since kadmind no longer needs one.
+ Mention that it does create a stash file and that it starts the KDC
+ and kadmind daemons. Thanks, David Medberry. (Closes: #504126)
+ * Translation updates:
+ - Spanish, thanks Ignacio Mondino. (Closes: #504766)
+
+ -- Russ Allbery Mon, 29 Dec 2008 22:21:21 -0800
+
+krb5 (1.6.dfsg.4~beta1-4) unstable; urgency=low
+
+ [ Russ Allbery ]
+ * Translation updates:
+ - Swedish, thanks Martin Bagge. (Closes: #487669, #491774)
+ - Italian, thanks Luca Monducci. (Closes: #493962)
+
+ [ Sam Hartman ]
+ * Translation Updates:
+ - Dutch, Thanks Vincent Zweije, Closes: #495733
+
+ -- Sam Hartman Thu, 21 Aug 2008 10:41:41 -0400
+
+krb5 (1.6.dfsg.4~beta1-3) unstable; urgency=low
+
+ * Set length to 0 on no-salt ldap keys so they do not crash; uupstream
+ ticket 5545, Closes: #480523
+ * Swedish translations, thanks Martin Bagge, Closes: #487563
+
+ -- Sam Hartman Sun, 22 Jun 2008 23:00:37 -0400
+
+krb5 (1.6.dfsg.4~beta1-2) unstable; urgency=low
+
+ [ Russ Allbery ]
+ * Translation updates:
+ - Japanese, thanks TANAKA, Atushi.
+ - Russian, thanks Sergey Alyoshin. (Closes: #485473)
+ - Brazilian Portuguese, thanks Eder L. Marques. (Closes: #485613)
+ - Romanian, thanks Eddy Petrișor. (Closes: #484996)
+
+ [ Sam Hartman ]
+ * Upload 1.6.4 beta 1 to unstable. As best I can tell evaluating the
+ changes this is a strict improvement over 1.6.3 even though it is
+ still a beta version. There is not an ABI change ; backing out would
+ be relatively easy.
+ * Patch from Bryan Kadzban to look inside spnego union_creds when
+ looking for a specific mechanism cred. This allows spnego creds to be
+ used when copying out to a ccache after delegation, Closes: #480434
+ * Ksu now calls krb5_verify_init_creds rather than using its own custom
+ logic because that is correct and so it can take advantage of the
+ following change.
+ * krb5_verify_init_creds uses the default realm if it gets a referral
+ realm as input for server, Closes: #435427
+ * Add -D_FORTIFY_SOURCE=2 and -fstack-protector on ia32 and x86_64 at
+ the request of Moritz Muehlenhoff ; he was unsure that adding these
+ flags on other platforms would be a good idea. I'd be happy to expand
+ the list at the request of port maintainers, Closes: #484371
+ * Fix KDC purge code introduced in previous revision.
+
+ -- Sam Hartman Mon, 16 Jun 2008 09:29:00 -0400
+
+krb5 (1.6.dfsg.4~beta1-1) experimental; urgency=low
+
+ [ Russ Allbery ]
+ * Do not translate the Kerberos v4 modes. They are literal strings
+ passed to the Kerberos KDC as arguments to the -4 option. Comment
+ mentions of those strings in the debconf template so that
+ translators know this.
+ * Rather than prompting at installation time for whether the KDC
+ database should be deleted on purge, prompt in prerm when the package
+ is being removed for whether the database should be deleted.
+ * Translation updates:
+ - Galician, thanks Jacobo Tarrio. (Closes: #482324)
+ - French, thanks Christian Perrier. (Closes: #482326)
+ - Vietnamese, thanks Clytie Siddall. (Closes: #482362)
+ - Basque, thanks Piarres Beobide. (Closes: #482376)
+ - Czech, thanks Miroslav Kure. (Closes: #482428)
+ - German, thanks Helge Kreutzmann. (Closes: #482366)
+ - Spanish, thanks Diego D'Onofrio.
+ - Finnish, thanks Esko Arajärvi. (Closes: #482682)
+ - Portuguese, thanks Miguel Figueiredo. (Closes: #483049)
+
+ [ Sam Hartman ]
+ * Remove extra space in debian/rules so upstream configure scripts can
+ work.
+ * Upgrade to 1.6.4 beta 1.
+ * Upstream includes several fixes to bugs that were assigned CVE
+ numbers; upstream does not actually consider these security issues and
+ no advisory was issued, but they are included here for the benefit of
+ the security team in case anyone asks. Closes: #454974
+ - fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()
+ - fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()
+ - fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()
+ - fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()
+ - fix CVE-2007-5894: apparent uninit length in ftpd.c:reply()
+
+ -- Sam Hartman Sat, 31 May 2008 10:53:21 -0400
+
+krb5 (1.6.dfsg.3-2) unstable; urgency=low
+
+ * kdc.conf was previously in krb5-doc, not uninstalled. Properly
+ handle moving it to the krb5-kdc package. (Closes: #480452)
+ * Include libkdb-ldap1 in krb5-kdc-pkinit, install it into a private
+ directory (/usr/lib/krb5) rather than directly in /usr/lib, and use an
+ RPATH in kdb5_ldap_util and the plugin to find the library. Drop the
+ libkdb-ldap1 library package. This library isn't intended to be used
+ by any software outside of the KDC plugin and utility. Thanks,
+ Bastian Blank. (Closes: #479384)
+ * Load defaults for debconf configuration of krb5-admin-server and
+ krb5-kdc from the /etc/default files if they exist. Thanks, Bastian
+ Blank. (Closes: #479404)
+ * Preserve DAEMON_ARGS settings in /etc/default/krb5-admin-server and
+ /etc/default/krb5-kdc even if debconf configuration is enabled.
+ * Don't require that a stash file be created in /etc/init.d/krb5-kdc.
+ Stash files are optional. (Closes: #479457)
+ * Error out instead of silently existing if debconf's confmodule cannot
+ be loaded. Given that we depend on debconf, if this fails, something
+ serious went wrong and we shouldn't ignore it.
+ * Use /bin/which instead of command -v to check for update-inetd.
+ * Unconditionally remove kpropd's inetd.conf entry in the postrm of
+ krb5-kdc rather than special-casing remove and deconfigure.
+ * Add 256-bit AES and RC4 keys to the default kdc.conf, the first
+ because it's the strongest enctype currently supported and the second
+ for Windows compatibility. Improve the README.KDC enctype
+ documentation.
+ * Install kerberos.ldif and kerberos.schema in krb5-kdc-ldap as
+ documentation. Thanks, Bastian Blank. (Closes: #479239)
+
+ -- Russ Allbery Fri, 09 May 2008 20:27:16 -0700
+
+krb5 (1.6.dfsg.3-1) unstable; urgency=low
+
+ * Final upstream 1.6.3 release.
+ * Package the LDAP plugin for the KDC, which allows one to use an LDAP
+ server to store the KDC database. Install the krb5-kdc-ldap package
+ for the plugin. (Closes: #453113)
+ * If krb5-config/default_realm isn't set, use EXAMPLE.COM as the realm
+ so that the kdc.conf will at least be syntactically valid (but will
+ still require editing). (Closes: #474741)
+ * krb5-kdc explicitly depends on krb5-config since it relies on debconf
+ variables set by that package.
+ * Always stop krb524d on /etc/init.d/krb5-kdc stop even if the
+ configuration has been changed to no longer run it. Thanks, Bastian
+ Blank. (Closes: #477294)
+ * Install the kdc.conf man page. (Closes: #477307)
+ * krb5-kdc no longer depends on update-inetd and inet-superserver and
+ instead just suggests openbsd-inetd | inet-superserver and
+ conditionally adds the commented-out kpropd example if update-inetd is
+ available. krb5-admin-server doesn't need inet-superserver at all.
+ Thanks, Bastian Blank. (Closes: #477301)
+ * Change the doc-base sections to System/Security.
+ * Correctly mangle the version in the watch file.
+ * Remove conflicts with packages already not present in oldstable.
+ * Remove versioned build-dependencies satisfied by oldstable.
+ * Remove versioned Replaces for versions older than oldstable.
+
+ -- Russ Allbery Sun, 27 Apr 2008 20:39:36 -0700
+
+krb5 (1.6.dfsg.3~beta1-4) unstable; urgency=emergency
+
+ * MITKRB5-SA-2008-001: When Kerberos v4 support is enabled in the KDC,
+ malformed messages may result in NULL pointer use, double-frees, or
+ exposure of information. (CVE-2008-0062, CVE-2008-0063)
+ * MITKRB5-SA-2008-002: If the file descriptor limit is larger than
+ FD_SETSIZE and kadmind has more open connections than FD_SETSIZE, an
+ array overrun and memory corruption may result. (CVE-2008-0947)
+
+ -- Russ Allbery Fri, 07 Mar 2008 18:53:59 -0800
+
+krb5 (1.6.dfsg.3~beta1-3) unstable; urgency=low
+
+ * Apply cross-build patch from Neil Williams. (Closes: #465294)
+ * Document in comments that configuration management via debconf should
+ be disabled before making manual changes to /etc/default/krb5-kdc and
+ /etc/default/krb5-admin-server. (Closes: #443326)
+ * Support DAEMON_ARGS in /etc/default/krb5-admin-server for kadmind.
+ Thanks, Dwayne Litzenberger. (Closes: #443331)
+ * Don't stop the servers in runlevel S. This isn't a real runlevel and
+ cannot be switched to, so the links are extraneous.
+ * Use binary:Version instead of Source-Version in debian/control.
+ * Depend on openbsd-inetd | inet-superserver instead of on update-inetd,
+ since inetd implementations may provide their own update-inetd.
+ * Improve quoting and formatting in the postinsts for krb5-kdc and
+ krb5-admin-server. Error on failure to load debconf, since we do
+ depend on it. Support reconfigure.
+ * Fix file locations in the krb524 doc-base control file.
+ * Add the info documentation to all doc-base control files.
+ * Fix a variety of man page errors uncovered by man --warnings.
+ * Wrap Depends and Conflicts fields in debian/control.
+ * dpkg-dev now compresses duplicate relations, so no need for lintian
+ overrides.
+ * Add an override for the empty plugin directory in libkrb53.
+ * Update standards version to 3.7.3 (no changes required).
+ * Translation updates:
+ - Finnish, thanks Esko Arajärvi. (Closes: #451146)
+ - Dutch, thanks Vincent Zweije. (Closes: #460589)
+
+ -- Russ Allbery Mon, 18 Feb 2008 20:53:08 -0800
+
+krb5 (1.6.dfsg.3~beta1-2) unstable; urgency=low
+
+ * Move pkinit into a new package krb5-pkinit. We don't want pkinit to
+ always be installed because this pulls in an openssl dependency and
+ most people don't need it. However we want the plugin available when
+ needed, Closes: #444938
+ * I had hoped to wait for the upstream release, but that is being a bit slow.
+
+ -- Sam Hartman Thu, 18 Oct 2007 17:03:27 -0400
+
+krb5 (1.6.dfsg.3~beta1-1) unstable; urgency=low
+
+ * New Upstream release
+ - Fix krb5_set_default_tgs_enctypes, Closes: #413838
+
+
+ -- Sam Hartman Mon, 01 Oct 2007 21:21:59 -0400
+
+krb5 (1.6.dfsg.1-7) unstable; urgency=emergency
+
+ * mit-sa-2007-6:
+ - CVE 2007-3999 rpc library buffer overflow
+ - CVE 2007-uninitialized kadmin pointer
+
+ -- Sam Hartman Tue, 04 Sep 2007 15:06:51 -0400
+
+krb5 (1.6.dfsg.1-6) unstable; urgency=low
+
+ * Don't depend on libkeyutils-dev on non-Linux architectures. Thanks,
+ Petr Salinger. (Closes: #430215)
+ * Restore support for the RUN_KADMIND setting as written by debconf.
+ Thanks, Christoph Neerfeld. (Closes: #429535)
+ * Wrap the build-depends line now that dpkg in oldstable supports this.
+ * Update debconf templates and debian/control long package descriptions
+ as suggested by the debian-l10n-english team as part of the Smith
+ review project. Thanks to Christian Perrier for the coordination
+ work. (Closes: #428195)
+ * Debconf translation updates:
+ - Galician, thanks Jacobo Tarrio. (Closes: #429511)
+ - Portuguese, thanks Miguel Figueiredo. (Closes: #429592)
+ - Basque, thanks Piarres Beobide. (Closes: #429637)
+ - Japanese, thanks TANAKA, Atushi. (Closes: #429844)
+ - Vietnamese, thanks Clytie Siddall. (Closes: #429907)
+ - German, thanks Helge Kreutzmann. (Closes: #430561)
+ - Czech, thanks Miroslav Kure. (Closes: #431203)
+ - Russian, thanks Yuri Kozlov. (Closes: #431247)
+ - French, thanks Christian Perrier.
+
+ -- Russ Allbery Sun, 15 Jul 2007 20:58:07 -0700
+
+krb5 (1.6.dfsg.1-5) unstable; urgency=emergency
+
+ * MIT-SA-2007-4: The kadmin RPC library can free an uninitialized
+ pointer or write past the end of a stack buffer. This may lead to
+ execution of arbitrary code. (CVE-2007-2442, CVE-2007-2443)
+ * MIT-SA-2007-5: kadmind is vulnerable to a stack buffer overflow that
+ may lead to execution of arbitrary code. (CVE-2007-2798)
+
+ -- Russ Allbery Wed, 13 Jun 2007 13:07:44 -0700
+
+krb5 (1.6.dfsg.1-4) unstable; urgency=low
+
+ * Make --deps switch to krb5-config include dependent libraries; otherwise do not, Closes: #422985
+ * Include copyright statement for remaining IETF draft, Closes: #393380
+
+ -- Sam Hartman Sun, 13 May 2007 16:28:56 -0400
+
+krb5 (1.6.dfsg.1-3) unstable; urgency=low
+
+ * Upstream bug #5552: krb5_get_init_creds needs to not dereference
+ gic_opts if it is null. Instead, assume that it is default options,
+ Closes: #422687
+
+ -- Sam Hartman Tue, 8 May 2007 14:46:55 -0400
+
+krb5 (1.6.dfsg.1-2) unstable; urgency=low
+
+ * Fix shlibdeps to reflect 1.6.dfsg.1 instead of 1.6.1
+ * Upload 1.6 to unstable
+
+ -- Sam Hartman Thu, 3 May 2007 20:23:47 -0400
+
+krb5 (1.6.dfsg.1-1) experimental; urgency=low
+
+ * Oops, I failed to understand how the version numbers work. Since 1.6.1 is less than 1.6.dfsg, the version numbering is going to be a bit screwy for the 1.6 series. We will use 1.6.dfsg.1 for 1.6.1.
+ * Update to update-inetd dependency, Closes: #420748
+
+ -- Sam Hartman Sun, 29 Apr 2007 08:59:28 -0400
+
+krb5 (1.6.1.dfsg-1) experimental; urgency=low
+
+ * Depend on keyutils-lib-dev so we consistently get keyring cache support
+ * New Portuguese translation, thanks Miguel Figueiredo , Closes: #409318
+ * New Upstream release
+ - Update shlibs for new API
+ * Fix handling of null realm in krb5_rd_req_decoded; now we treat a null realm as a default realm there.
+
+ -- Sam Hartman Sat, 28 Apr 2007 16:21:03 -0400
+
+krb5 (1.6.dfsg-1) experimental; urgency=low
+
+ * New 1.6 release from upstream.
+ * Update copyright
+
+ -- Sam Hartman Thu, 1 Feb 2007 22:26:08 -0500
+
+krb5 (1.6.dfsg~alpha1-1) experimental; urgency=low
+
+ * New upstream release
+ * Remove IETF RFCs, Closes: #393380
+ * Update copyright file based on new copyrights upstearm
+
+ -- Sam Hartman Wed, 22 Nov 2006 10:28:13 -0500
+
+krb5 (1.4.4-8) unstable; urgency=emergency
+
+ * MIT-SA-2007-1: telnet allows login as an arbitrary user when
+ presented with a specially crafted username; CVE-2007-0956
+ * krb5_klog_syslog has a trivial buffer overflow that can be exploited
+ by network data; CVE-2007-0957. The upstream patch is very intrusive
+ because it fixes each call to syslog to have proper length checking as
+ well as the actual krb5_klog_syslog internals to use vsnprintf rather
+ than vsprintf. I have chosen to only include the change to
+ krb5_klog_syslog for sarge. This is sufficient to fix the problem but
+ is much smaller and less intrusive. (MIT-SA-2007-2)
+ * MIT-SA-2007-3: The GSS-API library can cause a double free if
+ applications treat certain errors decoding a message as errors that
+ require freeing the output buffer. At least the gssapi rpc library
+ does this, so kadmind is vulnerable. Fix the gssapi library because
+ the spec allows applications to treat errors this way. CVE-2007-1216
+ * New Japanese translation, thanks TANAKA Atushi, Closes: #414382
+
+ -- Sam Hartman Sun, 11 Mar 2007 19:08:52 -0400
+
+krb5 (1.4.4-7) unstable; urgency=low
+
+ * Translation updates:
+ - New Portuguese translation, thanks Rui Branco. (Closes: #409318)
+
+ -- Russ Allbery Wed, 21 Feb 2007 15:23:08 -0800
+
+
+krb5 (1.4.4-6) unstable; urgency=emergency
+
+ * MIT-SA-2006-2: kadmind and rpc library call through function pointer
+ to freed memory (CVE-2006-6143). Null out xp_auth unless it is
+ associated with an rpcsec_gss connection.
+
+ -- Sam Hartman Thu, 4 Jan 2007 16:07:02 -0500
+
+krb5 (1.4.4-5) unstable; urgency=low
+
+ * Translation updates:
+ - New Spanish translation, thanks Fernando Cerezal. (Closes: #402986)
+
+ -- Russ Allbery Sun, 17 Dec 2006 17:18:05 -0800
+
+krb5 (1.4.4-4) unstable; urgency=low
+
+ * Remove the check for pthread_mutexattr_setrobust_np in the thread
+ initialization code. This was only needed on Solaris 9 and has been
+ removed upstream, and was causing FTBFS with glibc 2.5. Thanks,
+ Martin Pitt. (Closes: #396166)
+ * Translation updates:
+ - New Romanian translation, thanks stan ioan-eugen. (Closes: #395347)
+
+ -- Russ Allbery Sun, 5 Nov 2006 21:32:17 -0800
+
+krb5 (1.4.4-3) unstable; urgency=low
+
+ * Don't require the presence of debconf during the postrm. Thanks to
+ Bill Allombert for the report. (Closes: #388784)
+ * Fix uses of hyphens instead of minus signs in the man pages.
+
+ -- Russ Allbery Fri, 22 Sep 2006 14:57:34 -0700
+
+krb5 (1.4.4-2) unstable; urgency=low
+
+ * Patch from Alejandro R. Sedeno to allow 32-bit and 64-bit krb4 ticket
+ files to be used on the same system. Similar to a patch included in
+ MIT Kerberos 1.5 but backported because of missing byte order macros.
+
+ -- Sam Hartman Wed, 20 Sep 2006 22:51:59 -0400
+
+krb5 (1.4.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Stop using --exec to start and stop services since then services will
+ not be stopped properly during an upgrade. (Closes: #385039)
+ * Rewrite the init scripts to include LSB information and to use the LSB
+ logging functions. krb5-kdc and krb5-admin-server now depend on
+ lsb-base (>= 3.0-6) for the LSB functions.
+
+ -- Russ Allbery Fri, 1 Sep 2006 20:45:59 -0700
+
+krb5 (1.4.4~beta1-1) unstable; urgency=low
+
+ * New upstream version including several memory leak fixes
+ * Install upstream changelog
+
+ -- Sam Hartman Wed, 16 Aug 2006 16:45:56 -0400
+
+krb5 (1.4.3-9) unstable; urgency=high
+
+ * Add error checking to setuid, setreuid to avoid local privilege
+ escalation ; fixes krb5-sa-2006-1, CVE-2006-3084, CVE-2006-3083
+ * Update standards version to 3.7.2 (no changes required).
+ * Translation updates.
+ - Russian, thanks Yuri Kozlov. (Closes: #380303)
+
+ -- Sam Hartman Sun, 6 Aug 2006 17:12:40 -0400
+
+krb5 (1.4.3-8) unstable; urgency=low
+
+ * Defer seeding of the random number generator in kadmind until after
+ forking and backgrounding, since otherwise blocking on /dev/random may
+ block system startup. (Closes: #364308)
+ * Update config.{guess,sub}. (Closes: #373727)
+ * Better fix for error handling of a zero-length keytab. Thanks,
+ Rainer Weikusat.
+
+ -- Russ Allbery Sun, 16 Jul 2006 08:59:20 -0700
+
+krb5 (1.4.3-7) unstable; urgency=low
+
+ * Fix double free caused by a zero-length keytab. Thanks, Steve
+ Langasek. (Closes: #344295)
+ * Fix segfault in krb5_kuserok if the local name doesn't correspond to a
+ local account. (Discovered in bug #354133.)
+ * Build a separate libkrb5-dbg package containing the detached debugging
+ information for libkrb53 and libkadm55.
+ * Update debhelper compatibility level to V5 since the dh_strip behavior
+ around debug packages changes in V5 and we should use the current
+ interface from the beginning.
+ * Translation updates.
+ - Dutch, thanks Vincent Zweije. (Closes: #360444)
+ - Galician, thanks Jacobo Tarrio. (Closes: #361809)
+
+ -- Russ Allbery Sat, 15 Apr 2006 16:22:01 -0700
+
+krb5 (1.4.3-6) unstable; urgency=low
+
+ * Assume krb5 in krb5_gss_canonicalize_name if the null mechanism is
+ passed in. Fixes a segfault in racoon from ipsec-tools. Thanks,
+ Daniel Kahn Gillmor. (Closes: #351877)
+ * v5passwdd is gone, so remove the debconf template, the prompts, and
+ the code to start and stop it from the init script. Thanks, Greg
+ Folkert.
+ * Fix incorrect option names in krb5.conf(5). Thanks, Martin v.
+ Loewis. (Closes: #347643)
+ * Translation updates.
+ - Danish, thanks Claus Hindsgaul. (Closes: #350041)
+
+ -- Russ Allbery Tue, 21 Feb 2006 23:25:34 -0800
+
+krb5 (1.4.3-5) unstable; urgency=medium
+
+ * Configure with --enable-shared --enable-static so that libkrb5-dev
+ gets static libraries.
+ * Fix double free in getting credentials, Closes: #344543
+
+ -- Sam Hartman Sun, 25 Dec 2005 21:59:47 -0500
+
+krb5 (1.4.3-4) unstable; urgency=high
+
+ * Fix problem when libpthreads is dynamically loaded into a program
+ causing mutexes to sometimes be used and sometimes not be used. If
+ the library starts out without threads support it will never start
+ using threads support; doing anything else causes hangs.
+
+ -- Sam Hartman Fri, 16 Dec 2005 18:16:53 -0500
+
+krb5 (1.4.3-3) unstable; urgency=low
+
+ * Additional internal pthread symbols have to be declared weak on Hurd.
+ Thanks, Michael Banck. (Closes: #341608)
+ * Build on GNU/kFreeBSD. Thanks, Petr Salinger. (Closes: #261712)
+ * Change the default KDC enctype to 3DES to match upstream (the
+ difference was probably a mismerge).
+ * Remove /etc/default/krb5-admin-server on purge. (Closes: #333161)
+ * Document the behavior of klogind and kshd if the user has no .k5login
+ file. Remove vestigial .rhosts references. (Closes: #250966)
+ * Document krb5-rsh-server authorization defaults in README.Debian.
+ * Enable kinit -a to match the man page. (Closes: #232431)
+ * Remove the patch to tightly bind libkrb4 to libdes425. This should no
+ longer be necessary with symbol versioning.
+ * Upstream has removed the file with questionable licensing, so the
+ upstream tarball is no longer repacked. Remove the get-orig-source
+ target in debian/rules and the notes in copyright and README.Debian.
+ * Add a watch file.
+ * Translation updates.
+ - German, thanks jens. (Closes: #330925)
+
+ -- Russ Allbery Sun, 4 Dec 2005 11:37:40 -0800
+
+krb5 (1.4.3-2) unstable; urgency=low
+
+ * Conflict with libauthen-krb5-perl (<< 1.4-5) because of krb5_init_ets.
+ * Update uploader address.
+ * Conflict with libapache-mod-auth-kerb because it accesses library
+ internals in a way that breaks.
+
+ -- Sam Hartman Wed, 30 Nov 2005 22:33:47 -0500
+
+krb5 (1.4.3-1) experimental; urgency=low
+
+ * New upstream release.
+ * Install ac_check_krb5 for use by aclocal.
+
+ -- Sam Hartman Sat, 19 Nov 2005 16:20:56 -0500
+
+krb5 (1.4.2-1) UNRELEASED; urgency=low
+
+ * New upstream version. (Closes: #293077)
+ - kadmind4, v5passwdd, and v5passwd are no longer included.
+ - Increase the libkrb53 shlibs version dependency. Programs linked
+ against this version will not work with an older libkrb53.
+ - Rebuild should fix link problems on powerpc. (Closes: #329709)
+ * Re-enable optimization on m68k to stop hiding the toolchain problem.
+ * Don't build crypto code -O3. It uncovers too many gcc bugs.
+ * Fix compilation on Hurd. Thanks, Michael Banck. (Closes: #324305)
+ * Always initialize the output token in gss_init_sec_context, even with
+ an unknown mechanism. (Closes: #311977)
+ * rcp should fall back to /usr/bin/netkit-rcp, not /usr/bin/rpc.
+ * Add the missing shared library depends for libkadm55.
+ * Use dh_install rather than dh_movefiles and enable --fail-missing to
+ be sure to pick up any new upstream files.
+ * Avoid test -a in maintainer scripts.
+ * Expand and reformat the documentation and sample kdc.conf file.
+ * Add a doc-base file for the krb425 migration guide.
+ * Ignore lintian warnings about the library package names. We'll fix
+ them the next time upstream changes SONAMEs.
+ * Conflict with packages that used internal symbols not part of the
+ public ABI
+ * Use "MIT Kerberos" rather than krb5 in the krb5-doc short description.
+ * Remove the saved patches that have been applied upstream or are no
+ longer applied to the package, update the remaining patches, and move
+ them into debian/patches.
+ * Break out the other patches of interest for ease submitting them
+ upstream.
+ * Translation updates.
+ - Vietnamese, thanks Clytie Siddall. (Closes: #319704)
+
+ -- Russ Allbery Thu, 22 Sep 2005 17:08:58 -0700
+
+krb5 (1.3.6-5) unstable; urgency=high
+
+ * Disable optimization on m68k to attempt to work around a gcc 4.0 bug.
+
+ -- Russ Allbery Sun, 14 Aug 2005 22:26:00 -0700
+
+krb5 (1.3.6-4) unstable; urgency=high
+
+ [ Russ Allbery ]
+ * Fix a mistake in variable names that caused the package to be built
+ without optimization.
+ * Allow whitespace before comments in krb5.conf. Thanks, Jeremie
+ Koenig. (Closes: #314609)
+ * GCC 4.0 compile fixes, thanks Daniel Schepler. (Closes: #315618)
+ * Avoid "say yes" in debconf templates. (Closes: #306883)
+ * Update Czech translation, thanks Miroslav Kure.
+ * Update French translation, thanks Christian Perrier. (Closes: #307748)
+ * Update Portuguese (Brazil) translation, thanks André Luís Lopes.
+ * New Vietnamese translation, thanks Clytie Siddall. (Closes: #312172)
+ * Update standards version to 3.6.2 (no changes required).
+ * DAK can now handle not repeating maintainers in uploaders.
+
+ [ Sam Hartman ]
+ * Fix double free in krb5_recvauth; critical because it is in the code
+ path for kpropd and may allow arbitrary code execution.
+ (CAN-2005-1689)
+ * krb5_unparse_name overflows allocated storage by one byte on 0 element
+ principal name. (CAN-2005-1175, VU#885830)
+ * Do not free unallocated storage in the KDC's TCP request handling
+ path. (CAN-2005-1174, VU#259798)
+
+ -- Sam Hartman Tue, 12 Jul 2005 15:45:14 -0400
+
+krb5 (1.3.6-3) unstable; urgency=low
+
+ * krb5-kdc: Install a commented-out line for kpropd with update-inetd.
+ Add dependency on netbase for update-inetd. (Closes: #293182)
+ * krb5-kdc: Ask with debconf whether the user wishes to delete the KDC
+ database on purge, modelled after how postgresql handles the same
+ situation. (Closes: #289358)
+ * Close leak in the arcfour crypto support. Thanks, fumihiko kakuma.
+ (Closes: #244595)
+ * krb5-config should never return -I/usr/include. (Closes: #165521)
+ * Write manual pages for fakeka, krb524init, kadmind4, and v5passwdd.
+ Backport from upstream the manual pages for krb5-config and krb524d.
+ (Closes: #78953, #96437)
+ * Fix paths in manual pages to match the Debian defaults. Fix service
+ in the inetd.conf example in the kpropd man page to work with Debian
+ /etc/services. (Closes: #157736)
+ * Fix references to kerberos(1) in the rlogin and kinit man pages and
+ include kerberos.1 in krb5-doc. (Closes: #154381, #154384)
+ * Add more detailed information about each package to the extended
+ descriptions. (Closes: #135517)
+ * krb5-doc: Include info pages. (Closes: #292512)
+ * krb5-doc: Fix two minor variable name problems in the texinfo docs.
+ * Let dh_installdebconf set the debconf dependency.
+ * Update standards version to 3.6.1.
+ - Support noopt in DEB_BUILD_OPTIONS.
+ - Let debhelper take care of calling ldconfig appropriately.
+ - Remove calls to dh_undocumented.
+ - Remove lintian overrides for links to the undocumented man page.
+ - Install kdc.conf template in /usr/share/krb5-kdc rather than
+ /usr/share/krb5 (policy 10.7.3 states the directory should be named
+ after the package).
+ - Symlink the kdc.conf template to /usr/share/doc/krb5-kdc/examples
+ per policy 10.7.3 since it's also a useful example.
+ * Update debhelper compatibility level to V4.
+ - Remove all *.conffiles control files. They're no longer needed.
+ * rules generally cleaned up. Commented out and unused debhelper programs
+ removed as the set being run wasn't comprehensive anyway. Invocation
+ order now matches the debhelper examples.
+ * Removed (s) from copyright to make lintian happier.
+ * Removed unnecessary lintian override for libkrb53.
+ * Add lintian overrides for the duplicate dependencies on krb5 libraries.
+
+ -- Russ Allbery Sat, 16 Apr 2005 14:12:08 -0700
+
+krb5 (1.3.6-2) unstable; urgency=high
+
+ * Package priority to standard
+ * Fix buffer overflow in slc_add_reply in telnet.c (CAN-2005-0469)
+ * Fix telnet.c env_opt_add buffer overflow (CAN-2005-0468)
+ * Note that both of these vulnerabilities are client-side
+ vulnerabilities that can be exploited only by a server.
+
+ -- Sam Hartman Sun, 3 Apr 2005 23:49:08 -0400
+
+krb5 (1.3.6-1) unstable; urgency=medium
+
+ * New upstream version
+ * Changing a password afwter the size of password history has been
+ reduced may double free or write past end of an arry; fix
+ (CAN-2004-1189 / CERT VU#948033)
+ * Conflict between krb5-kdc and kerberos4kth-kdc; also deals with
+ krb5-admin-server conflict indirectly, Closes: #274763
+
+ -- Sam Hartman Sun, 2 Jan 2005 15:55:25 -0500
+
+krb5 (1.3.5-1) unstable; urgency=low
+
+ * New pt_br debconf translation, Cluses: #278734
+ * New upstream version
+ * Part of the fix to #261712: allow ftpd to build on gnu/bsd
+
+ -- Sam Hartman Fri, 26 Nov 2004 18:44:02 -0500
+
+krb5 (1.3.4-4) unstable; urgency=high
+
+ * Fix what is hopefully the last remnant of the patch to gettextize the
+ debconf without making the code consistent, thanks Thimo Neubauer,
+ Closes: #271456
+ * Fix krb5_newrealm man page to better describe dependencies, thanks
+ Rachel Elizabeth Dillon , Closes: #269685
+
+ -- Sam Hartman Mon, 13 Sep 2004 11:36:38 -0400
+
+krb5 (1.3.4-3) unstable; urgency=high
+
+ * Initial Czech translations thanks to Miroslav Kure, Closes: #264366
+ * Updated French debconf translation, thanks Martin Quinson, Closes: #264941
+ * KDC and clients double-free on error conditions (CAN-2004-0642 VU#795632)
+ *krb5_rd_cred() double-frees on error conditions(CAN-2004-0643 , CERT
+ VU#866472 )
+ * ASN.1 decoder in MIT Kerberos 5 releases krb5-1.3.4 and
+ earlier allows unauthenticated remote attackers to induce
+ infinite loop, causing denial of service, including in KDC
+ code (CAN-2004-0644 , CERT VU#550464)
+ * Fix double free in krb524d handling of encrypted ticket contents
+ (CAN-2004-0772)
+
+ -- Sam Hartman Tue, 31 Aug 2004 13:04:51 -0400
+
+krb5 (1.3.4-2) unstable; urgency=low
+
+ * Fix doc-base files, Closes: #262916
+
+ -- Sam Hartman Wed, 4 Aug 2004 13:08:53 -0400
+
+krb5 (1.3.4-1) unstable; urgency=low
+
+ * New upstream version
+ * Update krb5-doc to include pointers to the right html documents,
+ Closes: #203321
+ * Patches to find res_search on amd64 and to include new Debian ports in
+ shared library building, Closes: #261712
+ * Install default file for krb5-admin-server, Closes: #262428
+ * Patch from Russ Allbery to only prompt for a password once in krb4
+ when null is passed in to krb_get_in_pw_tkt, Closes: #262192
+ * New pt_br translation, thanks Andre Luis Lopes, Closes: #254115
+ * New French translation, thanks Christian Perrier, closes: #253685
+
+ -- Sam Hartman Sat, 31 Jul 2004 12:12:44 -0400
+
+krb5 (1.3.3-2) unstable; urgency=high
+
+ * Fix buffer overflow in krb5_aname_to_localname; potential remote root
+ exploit in some fairly limited circumstances. You are not vulnerable
+ unless you have enabled aname_to_lname rules in krb5.conf (CAN-2004-0523)
+ * Fix kadmind template formatting, thanks Christian Perrier
+
+ -- Sam Hartman Sat, 5 Jun 2004 16:57:44 -0400
+
+krb5 (1.3.3-1) unstable; urgency=low
+
+ * New upstream version
+ * Gettextize my debconf templates, thanks Martin Quinson , Closes:
+ #236176
+ * Don't remove /etc/krb5.conf on libkrb53 purge
+
+ -- Sam Hartman Tue, 13 Apr 2004 20:04:37 -0400
+
+krb5 (1.3.2-2) unstable; urgency=low
+
+ * Don't check for /etc/krb5kdc/kadm5.keytab, Closes: #235966
+ * Fix dangling symlink, Closes: #203622
+
+ -- Sam Hartman Sun, 14 Mar 2004 20:46:27 -0500
+
+krb5 (1.3.2-1) unstable; urgency=low
+
+ * New Upstream Release, Closes: #223485
+ * Includes upstream patch to ignore unknown address families, Closes: #206851
+ * Include note that encrypted services are not enabled, Closes: #232115
+ * Up shlib deps because of new features in auth context
+
+ -- Sam Hartman Sun, 29 Feb 2004 09:36:27 -0500
+
+krb5 (1.3-3) unstable; urgency=low
+
+ * Don't clear the key schedule so krb4 callers can use it, Closes: #203566
+ * Use alternatives system for rcp, Closes: #218392
+
+ -- Sam Hartman Tue, 3 Feb 2004 14:07:12 -0500
+
+krb5 (1.3-2) unstable; urgency=low
+
+ * Include patch to MIT Bug #1681, an incompatible change to etype_info2.
+ This change will break clients between 1.3 beta1 and 1.3-1 talking to
+ 1.3-2 KDCs, but is necessary because of a protocol bug.
+
+ -- Sam Hartman Thu, 24 Jul 2003 13:32:33 -0400
+
+krb5 (1.3-1) unstable; urgency=medium
+
+ * New upstream version--finally 1.3 is released, Closes: #199573
+ * Don't depend on com_err in libcrypto, Closes: #201005
+ * Urgency is medium because the only code change is removing a single
+ call to com_err and this package not being in testing is blocking
+ other packages. The beta has been in unstable more than 10 days.
+ * Update shlibs again to avoid long-term references to a beta in the archive
+
+ -- Sam Hartman Sat, 19 Jul 2003 15:19:38 -0400
+
+krb5 (1.2.99-1.3.beta5-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Sam Hartman Sat, 5 Jul 2003 21:29:44 -0400
+
+krb5 (1.2.99-1.3.beta4-1) unstable; urgency=low
+
+ * Fix rpath on generated binaries and in krb5-config, Closes: #198124
+ * Fix build-depends to require comerr-dev with correct shlibs,
+ Closes: #197650
+ * New upstream version
+ * Don't generate /etc/krb5kdc/kadm5.keytab as 1.3 does not require it
+ except for kadmind4
+
+ -- Sam Hartman Fri, 20 Jun 2003 17:37:15 -0400
+
+krb5 (1.2.99-1.3.beta3-4) unstable; urgency=low
+
+ * Add replaces for libkadm55 on libkrb53
+
+ -- Sam Hartman Wed, 11 Jun 2003 16:41:16 -0400
+
+krb5 (1.2.99-1.3.beta3-3) unstable; urgency=low
+
+ * One more try at avoiding autoconf dependency
+
+ -- Sam Hartman Wed, 11 Jun 2003 03:04:56 -0400
+
+krb5 (1.2.99-1.3.beta3-2) unstable; urgency=low
+
+ * Touch some more files to defeat autoheader
+
+ -- Sam Hartman Tue, 10 Jun 2003 23:55:08 -0400
+
+krb5 (1.2.99-1.3.beta3-1) unstable; urgency=low
+
+ * Fix dh_makeshlibs call so dependencies are correct
+ * New upstream version
+ * Patch from Steve Langasek for versioned symbols; adapted to
+ better fit the build system and to work for all libraries
+ * This version builds with GCC 3.3, Closes: #195571
+ * Move the rest of the administration libraries into libkadm55 to reduce
+ space required by libkrb53.
+ * libkrb53 conflicts with current openafs-krb5 because of ABI changes in
+ krb524
+
+ -- Sam Hartman Tue, 10 Jun 2003 20:56:33 -0400
+
+krb5 (1.2.99-1.3.beta2-1) experimental; urgency=low
+
+ * New upstream version
+ * Include a patch from upstream CVS (post beta2) to fix renewable tickets.
+
+ -- Sam Hartman Sun, 1 Jun 2003 00:30:35 -0400
+
+krb5 (1.2.99-1.3.beta1-1) experimental; urgency=low
+
+ * New upstream pre-release
+ * Update copyright
+ * Add db_stop calls to krb5-kdc.postinst and krb5-admin-server.postinst
+ * Install a fakeka binary
+ * Install libkrb524.a even though upstream does not
+ * kdc defaults to no v4 support per upstream change.
+
+ -- Sam Hartman Thu, 15 May 2003 11:37:10 -0400
+
+krb5 (1.2.99-1.3.alpha3-1) experimental; urgency=low
+
+ * New upstream pre-release
+ - ftp no longer segfaults on wildcards, Closes: #175495
+ - Clock skew is returned on clock skew with preauth, Closes: #98855
+ - Preauthentication has been reworked to improve interoperability with
+ older implementations and to comply with Kerberos Clarifications,
+ Closes: #169014
+ - Typo in man page fixed, Closes: #127302
+ * Remove dangling symlink, Closes: #133244
+ * Depend on sufficiently new com_err and libss
+ * Build the crypto library -O9 as it seems to help performance a lot.
+ * Bump up shared library versions; all the public libraries have new
+ functions
+
+ -- Sam Hartman Mon, 12 May 2003 02:22:37 -0400
+
+krb5 (1.2.7-3) unstable; urgency=high
+
+ * Patch for CERT VU#623217 and VU#442569: Cryptographic weaknesses in
+ Kerberos 4
+ - Add -X option to krb5kdc and krb524d. By default cross-realm is
+ no longer supported for krb4 as it is a security hole.
+ - Add protection to isolate krb5 keys from krb4 especially for the
+ TGS key
+ - Remove support for the MIT extension to krb4 to use 3DES keys as it
+ is insecure.
+ * Patch to various DOS issues where the KDC assumes principal names have
+ certain components. Fixes CAN-2003-0072
+ * VU#516825: Additional errors in XDR that may lead to denial of
+ service.
+ * Fix template bug in v5passwd template, Closes: #172565
+
+ -- Sam Hartman Tue, 25 Mar 2003 08:03:00 -0500
+
+krb5 (1.2.7-2) unstable; urgency=low
+
+ * Remove declaration of errno from krb.h
+
+ -- Sam Hartman Mon, 6 Jan 2003 15:38:20 -0500
+
+krb5 (1.2.7-1) unstable; urgency=high
+
+ * New upstream version
+ * Still urgency high until the kadmin4 fix gets into testing
+ * Don't declare errno so glibc will be happy; applying upstream as well,
+ Closes :#168528
+ * Remove pidfile argument from start-stop-daemon call for restarting
+ krb5kdc so it actually works, Closes: #174881
+
+ -- Sam Hartman Sun, 5 Jan 2003 18:00:55 -0500
+
+krb5 (1.2.6-2) unstable; urgency=high
+
+ * Security fix for buffer overflow in kadmind4 (mitsa-2002-2)
+ * If bison is too good for yacc compatibility then we're to good for
+ bison, Closes: #165655
+ * Include readme.debian if we're going to reference it, Closes: #166399
+ * Fix readme.debian comments to be correct
+
+ -- Sam Hartman Sat, 26 Oct 2002 17:18:41 -0400
+
+krb5 (1.2.6-1) unstable; urgency=low
+
+ * New upstream version
+ * Important: upstream has introduced a new way of handling AFS tickets
+ within krb524d; long-term this may allow the use of ticket keys other
+ than DES with AFS, but short-term this will break AFS because OpenAFS
+ has not yet released servers that support the new mechanism. If you
+ run AFS servers and don't want them to break, please look at README.debian
+ * This includes a fix for 162794 as that is now in the upstream
+ * For now, libkrb5-dev is going to be priority extra. If anyone
+ complains I'll attempt to fight the comerr-dev dependency battle;
+ honestly I think comerr-dev is common enough and on enough systems
+ that it rates optional but the maintainer does not, Closes: #145165
+ * Fix restart to restart krb524d, Closes: #162477
+
+
+ -- Sam Hartman Sun, 6 Oct 2002 16:40:44 -0400
+
+krb5 (1.2.5-3) unstable; urgency=high
+
+ * Try to fix diversion handling for real this time, Closes: #155514
+
+ -- Sam Hartman Mon, 5 Aug 2002 13:40:53 -0400
+
+krb5 (1.2.5-2) unstable; urgency=high
+
+ * We are still installing a krb5.conf.template; don't as that is
+ kerberos-configs's job.
+ * The MIT KDC was not sending etype info padata; this couldcreate a
+ problem if you require preauth and have unusual salts; patch from
+ upstream CVS
+ * Add readme to krb5-user, Closes: #152670
+ * Fix typo in alternatives handling so man page symlinks are handled
+ correctely, Closes: #152707
+ * Include XDR encoding patch for krb5-sa-2002-01; same patch as the
+ woody security update
+
+ -- Sam Hartman Sat, 3 Aug 2002 17:51:50 -0400
+
+krb5 (1.2.5-1) unstable; urgency=low
+
+ * New upstream version; not really any patches that will actually
+ affect Debian at all, as we pulled them into 1.2.4 packages from
+ upstream CVS
+ * Stop shipping patches that upstream has accepted and released
+ * Update included upstream PGP signature
+ * Fix diversion handling; it was fairly broken in 1.2.4. All we divert
+ now is rcp
+ * Ftp should not be diverted, closes: #146171
+ * Fix overly small fixed length buffer in kuserok, closes: #145106
+
+ -- Sam Hartman Sun, 2 Jun 2002 19:22:39 -0400
+
+krb5 (1.2.4-5) unstable; urgency=low
+
+ * Pull up bugfix from 1.2.5 beta1 to src/lib/krb5/asn.1/asn1_get.c
+ * This should be the last thing we need from 1.2.5; Debian has all the
+ 1.2.5 changes besides the API reorg. I'm not checking an API reorg
+ this close to woody release.
+
+ -- Sam Hartman Fri, 12 Apr 2002 12:16:49 -0400
+
+krb5 (1.2.4-4) unstable; urgency=low
+
+ * Suggest rather than recommend krb5-user from libkrb53, closes: #140116
+ * Fix null pointer dereference in krb5 library; pull patch from 1.2.5 beta1
+
+ -- Sam Hartman Wed, 10 Apr 2002 14:19:49 -0400
+
+krb5 (1.2.4-3) unstable; urgency=medium
+
+ * Move from non-us to main
+
+ -- Sam Hartman Sat, 16 Mar 2002 15:04:44 -0500
+
+krb5 (1.2.4-2) unstable; urgency=low
+
+ * Don't respect umask when writing out srvtabs; you always want them
+ 0600 and if you don't you can chmod later, closes: #135988
+ * To work with Heimdal, accept encrypted creds in
+ gss_accept_sec_context, closes: #135962
+ * Fix kadmin ACL bug. Targets (a cool but undocumented ACL feature)
+ didn't work quite right. They do now.
+
+ -- Sam Hartman Sun, 3 Mar 2002 18:53:40 -0500
+
+krb5 (1.2.4-1) unstable; urgency=low
+
+ * Don't check address in krb5_rd_cred; upstream patch also applied to
+ their CVS, closes: #132226
+ * Patch from Ken Raeburn to improve over-the-wire errors from KDC,
+ included because I happened to be testing it and it seemed to work
+ * New upstream release
+
+ -- Sam Hartman Fri, 1 Mar 2002 00:44:26 -0500
+
+krb5 (1.2.3-2) unstable; urgency=low
+
+ * We want to be able to use krb4 and libssl's libcrypto in the same
+ program. To do this, we make libkrb4 bind libdes425 -Bsymbolic and we
+ allow krb_mk_priv and krb_rd_priv to take null schedule arguments.
+
+ -- Sam Hartman Tue, 15 Jan 2002 12:17:40 -0500
+
+krb5 (1.2.3-1) unstable; urgency=low
+
+ * New upstream version, closes: #110932
+ * Use alternatives for rsh, closes: #122710
+ * Major version of libkadm5 bumped; we no longer conflict with heimdal there
+
+ -- Sam hartman Thu, 10 Jan 2002 06:59:13 -0500
+
+krb5 (1.2.2-8) unstable; urgency=low
+
+ * Oops, call htons around port numbers in kprop patch
+ * Register with doc-base, closes: #100463
+ * Move krb5.conf and kdc.conf manpages into krb5-doc; krb5-doc now
+ conflicts with heimdal-docs, closes: #121141
+
+ -- Sam Hartman Sun, 25 Nov 2001 23:47:35 -0500
+
+krb5 (1.2.2-7) unstable; urgency=low
+
+ * Forward only tickets we believe the remote side knows the enctype
+ of, closes: #99320
+ * Start krb5-kdc and krb5-admin-server before RPC services, thanks Hein
+ Roehrig, closes: #88604
+ * Install krb5.conf and kdc.conf man pages in krb5-user. This is not
+ ideal but installing them in krb5-config won't work as they are
+ implementation dependent, closes: #109522
+ * Install kprop manpage, thanks Steve Langasek, closes: #120040
+ * Fix FHS paths with kprop; store files in /var/lib/krb5kdc, thanks
+ again Steve, closes: #120050
+ * Telnet help should open a connection to the host help not give you a
+ usage message, thanks Graeme Mathieson for a patch
+ which will be sent upstream, closes: #118730
+ * Fix kprop handling of service name. If we can't find what we are
+ looking for in /etc/services default to the obvious correct answer;
+ thanks Steve, will commit upstream, closes: #120010
+
+ -- Sam Hartman Sat, 24 Nov 2001 22:10:16 -0500
+
+krb5 (1.2.2-6) unstable; urgency=high
+
+ * Include telnetd security patch for ring buffer issue from upstream
+ * Conflict with the right Heimdal libs, closes: #103872
+
+ -- Sam Hartman Wed, 1 Aug 2001 15:19:43 -0400
+
+krb5 (1.2.2-5) unstable; urgency=low
+
+ * Use krb5-config; remove our own krb5.conf handling.. Note this is the
+ krb5-config package for /etc/krb5.conf, not the krb5-config library
+ helper command.
+ *
+ * Conflict with kerberos4kth-services, closes: #93303
+ * Update config.guess and config.sub, closes: #97585
+ * Have telnetd depend on krb5-rsh-server. I suspect this will make
+ people grumpy and we need a better fix. Really, Kerberized rlogin is
+ better than telnetd from a security standpoint, so I'm OK with it for
+ now. Closes: #96695
+
+ -- Sam Hartman Wed, 16 May 2001 17:44:47 -0400
+
+krb5 (1.2.2-4) unstable; urgency=low
+
+ * Fix shared libraries to build with gcc not ld to properly include
+ -lgcc symbols, closes: #94407
+
+ -- Sam Hartman Fri, 20 Apr 2001 02:47:21 -0400
+
+krb5 (1.2.2-3) unstable; urgency=high
+
+ * Fix vulnerability with glob call. CERT claims that Linux is not
+ vulnerable, but I believe the krb5 implementation is. The result of
+ glob was copied into a fixed-sized buffer. This fixes that
+ closes: #93689
+ * Provide ftp-server not ftpd, closes: #93531
+ * Do not link kadm5clnt against kdb5.
+
+ -- Sam Hartman Wed, 11 Apr 2001 19:50:17 -0400
+
+krb5 (1.2.2-2) unstable; urgency=low
+
+ * Work to provide an alternative for telnet and to be a telnet-client,
+ closes: 87914
+ * libkrb5-dev depends on comerr-dev, closes: #87489
+ * Make clean target remove configure-stamp
+
+ -- Sam Hartman Mon, 5 Mar 2001 08:25:17 -0500
+
+krb5 (1.2.2-1) unstable; urgency=low
+
+ * New Upstream version, Closes: #82546
+ * Depend on debconf, closes: #87490
+ * Fix debconf formatting issue, closes: #84447
+ * Create sample ACL file, closes: #84448
+ * Fix lintian warnings and override as appropriate
+ * Upgrade to policy 3.5 moving stuff out of examples.
+
+ -- Sam Hartman Fri, 2 Mar 2001 11:32:06 -0500
+
+krb5 (1.2.1-9) unstable; urgency=low
+
+ * Do not use TIOCGLTC anywhere
+ * Build without TCL, closes: #81977
+ * Fix krb5-admin-server restart, closes: #81070
+ * With the new dpkg-source, files get diffed in the wrong order for us
+ to prevent autoconf from getting run just by mangling things and
+ making sure we change every configure script. So, touch every
+ configure script in debian/rules.
+
+ -- Sam Hartman Sat, 13 Jan 2001 19:27:37 -0500
+
+krb5 (1.2.1-8) unstable; urgency=low
+
+ * Use separate build directory because the source tree supports it and
+ it works around failures in the upstream clean target, closes: #78954
+ * Make sure we modify all the configure scripts since we modify
+ aclocal.m4 so that time stamps don't cause autoconf to be run.
+ * Add bison and debhelper as build-depends, closes: #79643
+ * New maintainer address
+
+ -- Sam Hartman Sat, 23 Dec 2000 16:20:24 -0500
+
+krb5 (1.2.1-7) unstable; urgency=low
+
+ * Do not conflict with libss.a
+ * Upload to Debian(Closes: BUG#78499)
+
+ -- Sam Hartman Mon, 4 Dec 2000 04:15:50 -0500
+
+krb5 (1.2.1-6) unstable; urgency=low
+
+ * Fix kpasswd manpage.
+ * Split out libkadm5 to avoid Heimdal conflict
+
+ * Conflict with kerberos4kth.
+ * Remove runpaths from libs and executables.
+
+ -- Sam Hartman Wed, 29 Nov 2000 12:18:22 -0500
+
+krb5 (1.2.1-5) unstable; urgency=low
+
+ * If libkrb53 was preconfigured, then krb5.conf could overide explicit
+ user input.
+
+ -- Sam Hartman Sat, 25 Nov 2000 17:01:26 -0500
+
+krb5 (1.2.1-4) unstable; urgency=low
+
+ * Write init.d scripts for kdc and admin server.
+ * Ask what admin programs to run and what krb4 mode to use.
+ * Populate initial kdc.conf if needed.
+ * New script (krb5_newrealm) to set up a Kerberos realm
+ * Document KDC issues.
+ * Make libkrb53.config work again so libkrb53 installs
+
+ -- Sam Hartman Sat, 18 Nov 2000 17:22:16 -0500
+
+krb5 (1.2.1-3) unstable; urgency=low
+
+ * Add KDC packages
+ * Install login.krb5 Sadly, it is needed to make forwarded credentials
+ work. This is unfortunate; it is not a good login program.
+
+ -- Sam Hartman Wed, 8 Nov 2000 16:10:13 -0500
+
+krb5 (1.2.1-2) unstable; urgency=low
+
+ * Add copyright and README.debian
+ * Ship kadmin in krb5-user.
+ * Add services to inetd.conf
+ * Add support for generating krb5.conf
+
+ -- Sam Hartman Thu, 2 Nov 2000 17:29:59 -0500
+
+krb5 (1.2.1-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Sam Hartman Thu, 19 Oct 2000 16:05:06 -0400
+
+
--- krb5-1.8.1+dfsg.orig/debian/krb5-doc.doc-base.install
+++ krb5-1.8.1+dfsg/debian/krb5-doc.doc-base.install
@@ -0,0 +1,13 @@
+Document: krb5-install
+Title: Installing Kerberos Version 5
+Author: MIT
+Abstract: Installation guide for MIT Kerberos Version 5.
+Section: System/Security
+
+Format: HTML
+Index: /usr/share/doc/krb5-doc/krb5-install.html
+Files: /usr/share/doc/krb5-doc/krb5-install.html
+
+Format: Info
+Index: /usr/share/info/krb5-install.info.gz
+Files: /usr/share/info/krb5-install.info.gz
--- krb5-1.8.1+dfsg.orig/debian/NEWS
+++ krb5-1.8.1+dfsg/debian/NEWS
@@ -0,0 +1,48 @@
+krb5 (1.8+dfsg~alpha1-1) unstable; urgency=low
+
+ This version of MIT Kerberos disables DES and 56-bit RC4 by default.
+ These encryption types are generally regarded as weak; defeating them
+ is well within the expected resources of some attackers. However,
+ some applications, such as OpenAFS or Kerberized NFS, still rely on
+ DES. To re-enable DES support add allow_weak_crypto=true to the
+ libdefaults section of /etc/krb5.conf
+
+ -- Sam Hartman Fri, 08 Jan 2010 22:41:14 -0500
+
+krb5 (1.6.dfsg.4~beta1-7) unstable; urgency=low
+
+ * In response to MIT's 2006 announcement that Kerberos 4 is at end of
+ life and no longer under development, this version of the krb5 package
+ removes most support for krb4. In particular, krb4 headers are no
+ longer included; applications with krb4 support cannot be built using
+ libkrb5-dev. In addition, krb4 support has been removed from the KDC
+ and user utilities. If you do not use Kerberos 4 and do not have
+ krb4-config installed, you should notice no changes. However, if you
+ do use Kerberos 4, you must transition away from Kerberos 4 before
+ upgrading to this version.
+ * Downgrading from this version to a previous version can be
+ difficult because of library name changes. Please follow these
+ instructions:
+ - Get the libkrb53 and libkadm55 debs you want to downgrade to
+ -dpkg --force-depends --remove libkrb5-3 libkrb5support0 libdes425-3
+ libgssapi-krb5-2 libgssrpc4 libkadm5clnt5 libkadm5srv5 libkdb5-4
+ libk5crypto3
+ - At this point your system has broken Kerberos libraries
+ - dpkg -i libkrb53*deb libkadm55*deb (using the debs you got above)
+ - aptitude -f install to fix any other packages that may be broken
+
+
+ -- Sam Hartman Thu, 26 Feb 2009 21:12:41 -0500
+
+krb5 (1.6.1-1) unstable; urgency=low
+
+ * Note that in this version, the behavior for finding what realm a
+ server lives in has changed. In particular, if there is no
+ domain_realm entry in krb5.conf, a server will assume that its key
+ lives in the default realm set in krb5.conf. Previous versions would
+ strip the hostname from the domain of the server. So, if the server's
+ key is not in the default realm, add a domain_realm mapping. Clients
+ still use DNS as a heuristic in some cases.
+
+ -- Sam Hartman Wed, 25 Apr 2007 23:40:13 -0400
+
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.templates
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.templates
@@ -0,0 +1,33 @@
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# for an advice to debian-l10n-english@lists.debian.org
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+
+Template: krb5-kdc/debconf
+Type: boolean
+Default: true
+_Description: Create the Kerberos KDC configuration automatically?
+ The Kerberos Key Distribution Center (KDC) configuration files, in
+ /etc/krb5kdc, may be created automatically.
+ .
+ By default, an example template will be copied into this directory
+ with local parameters filled in.
+ .
+ Administrators who already have infrastructure to manage their
+ Kerberos configuration may wish to disable these automatic
+ configuration changes.
+
+Template: krb5-kdc/purge_data_too
+Type: boolean
+Default: false
+_Description: Should the KDC database be deleted?
+ By default, removing this package will not delete the KDC database in
+ /var/lib/krb5kdc/principal since this database cannot be recovered once
+ it is deleted.
+ .
+ Choose this option if you wish to delete the KDC database now, deleting
+ all of the user accounts and passwords in the KDC.
--- krb5-1.8.1+dfsg.orig/debian/control
+++ krb5-1.8.1+dfsg/debian/control
@@ -0,0 +1,331 @@
+Source: krb5
+Section: net
+Priority: standard
+Build-Depends: debhelper (>= 7), byacc | bison, comerr-dev, docbook-to-man,
+ libkeyutils-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libldap2-dev,
+ libncurses5-dev, libssl-dev, ss-dev, texinfo
+Standards-Version: 3.8.4
+Maintainer: Ubuntu Developers
+XSBC-Original-Maintainer: Sam Hartman
+Uploaders: Russ Allbery
+Homepage: http://web.mit.edu/kerberos/
+VCS-Git: git://git.debian.org/git/pkg-k5-afs/debian-krb5.git
+VCS-Browser: http://git.debian.org/?p=pkg-k5-afs/debian-krb5.git
+
+Package: krb5-user
+Architecture: any
+Priority: optional
+Depends: ${misc:Depends}, ${shlibs:Depends}, libkrb5-3 (= ${binary:Version}),
+ krb5-config
+Conflicts: heimdal-clients
+Description: Basic programs to authenticate using MIT Kerberos
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the basic programs to authenticate to MIT Kerberos,
+ change passwords, and talk to the admin server (to create and delete
+ principals, list principals, etc.).
+
+Package: krb5-kdc
+Architecture: any
+Priority: optional
+Depends: ${misc:Depends}, ${shlibs:Depends}, libkrb5-3 (= ${binary:Version}),
+ krb5-config, krb5-user, lsb-base (>= 3.0-6),
+Suggests: openbsd-inetd | inet-superserver, krb5-admin-server,
+ krb5-kdc-ldap (= ${binary:Version})
+Conflicts: krb5-doc (<= 1.6.dfsg.3-1)
+Replaces: krb5-doc (<= 1.6.dfsg.3-1)
+Description: MIT Kerberos key server (KDC)
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the Kerberos key server (KDC). The KDC manages all
+ authentication credentials for a Kerberos realm, holds the master keys
+ for the realm, and responds to authentication requests. This package
+ should be installed on both master and slave KDCs.
+
+Package: krb5-kdc-ldap
+Architecture: any
+Priority: extra
+Depends: ${misc:Depends}, ${shlibs:Depends}, krb5-kdc (= ${binary:Version})
+Description: MIT Kerberos key server (KDC) LDAP plugin
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the LDAP plugin for the Kerberos key server (KDC)
+ and supporting utilities. This plugin allows the KDC data to be stored
+ in an LDAP server rather than the default local database. It should be
+ installed on both master and slave KDCs that use LDAP as a storage
+ backend.
+
+Package: krb5-admin-server
+Architecture: any
+Priority: optional
+Depends: ${misc:Depends}, ${shlibs:Depends}, libkrb5-3 (= ${binary:Version}),
+ krb5-kdc, lsb-base (>= 3.0-6)
+Description: MIT Kerberos master server (kadmind)
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the Kerberos master server (kadmind), which handles
+ account creations and deletions, password changes, and other
+ administrative commands via the Kerberos admin protocol. It also
+ contains the command used by the master KDC to propagate its database to
+ slave KDCs. This package is generally only used on the master KDC for a
+ Kerberos realm.
+
+Package: krb5-multidev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends}, libkrb5-3 (= ${binary:Version}),
+ libk5crypto3 (= ${binary:Version}), libgssapi-krb5-2 (= ${binary:Version}),
+ libgssrpc4 (= ${binary:Version}),
+ libkadm5srv-mit7 (= ${binary:Version}),
+ libkadm5clnt-mit7 (= ${binary:Version}),
+ comerr-dev,
+Priority: optional
+Suggests: krb5-doc
+Description: Development files for MIT Kerberos without Heimdal conflict
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ Most users wishing to build applications against MIT Kerberos should
+ install libkrb5-dev. However, that package conflicts with heimdal-dev.
+ This package installs libraries and headers in /usr/include/mit-krb5 and
+ /usr/lib/mit-krb5 and can be installed along side heimdal-multidev, which
+ provides the same facilities for Heimdal.
+
+Package: libkrb5-dev
+Section: libdevel
+Architecture: any
+Depends: ${misc:Depends}, krb5-multidev (= ${binary:Version})
+Replaces: krb5-multidev (<< 1.8+dfsg~alpha1-3)
+Conflicts: heimdal-dev
+Priority: extra
+Suggests: krb5-doc
+Description: Headers and development libraries for MIT Kerberos
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the symlinks, headers, and development libraries
+ needed to compile and link programs that use the Kerberos libraries.
+
+Package: libkrb5-dbg
+Architecture: any
+Depends: ${misc:Depends}, libkrb5-3 (= ${binary:Version})
+ | libk5crypto3 (= ${binary:Version})
+ | libkrb5support0 (= ${binary:Version})
+Priority: extra
+Section: debug
+Description: Debugging files for MIT Kerberos
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the debugging information for the MIT Kerberos
+ libraries. Install this package if you need to trace problems inside the
+ MIT Kerberos libraries with a debugger.
+
+Package: krb5-pkinit
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libkrb5-3 (= ${binary:Version})
+Suggests: opensc
+Replaces: libkrb53 (<= 1.6.dfsg.3~beta1-1)
+Priority: extra
+Description: PKINIT plugin for MIT Kerberos
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains a plugin for the PKINIT protocol, which allows
+ Kerberos tickets to be obtained using public-key credentials such as
+ X.509 certificates or a smart card. This plugin can be used by the
+ client libraries and the KDC.
+
+Package: krb5-doc
+Architecture: all
+Priority: optional
+Conflicts: heimdal-docs
+Section: doc
+Depends: ${misc:Depends}
+Description: Documentation for MIT Kerberos
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the installation, administrator, and user reference
+ manuals for MIT Kerberos and the man pages for the MIT Kerberos
+ configuration files.
+
+Package: libkrb5-3
+Section: libs
+Replaces: libkrb53 (<<1.6.dfsg.4~beta1-7)
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends},
+ libkrb5support0 (= ${binary:Version})
+Suggests: krb5-doc, krb5-user
+Conflicts: ssh-krb5 (<< 3.8.1p1-10),
+ libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2),
+ libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2)
+Description: MIT Kerberos runtime libraries
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the runtime library for the main Kerberos v5 API
+ used by applications and Kerberos clients.
+
+Package: libgssapi-krb5-2
+Section: libs
+Replaces: libkrb53 (<<1.6.dfsg.4~beta1-7)
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}, libkrb5-3 (= ${binary:Version})
+Suggests: krb5-doc, krb5-user
+Description: MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the runtime library for the MIT Kerberos
+ implementation of GSS-API used by applications and Kerberos clients.
+
+Package: libgssrpc4
+Section: libs
+Replaces: libkadm55 (<<1.6.dfsg.4~beta1-7)
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: krb5-doc, krb5-user
+Description: MIT Kerberos runtime libraries - GSS enabled ONCRPC
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains an RPC library used by the Kerberos administrative
+ programs and potentially other applications.
+
+Package: libkadm5srv-mit7
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: krb5-doc, krb5-user
+Description: MIT Kerberos runtime libraries - KDC and Admin Server
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the runtime library used by Kerberos administrative
+ servers.
+
+Package: libkadm5clnt-mit7
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: krb5-doc, krb5-user
+Description: MIT Kerberos runtime libraries - Administration Clients
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the runtime library used by clients of the Kerberos
+ administration protocol.
+
+Package: libk5crypto3
+Section: libs
+Replaces: libkrb53 (<<1.6.dfsg.4~beta1-7)
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: krb5-doc, krb5-user
+Breaks: libkrb5-3 (<= 1.8~aa), libgssapi-krb5-2 (<= 1.8~aa)
+Description: MIT Kerberos runtime libraries - Crypto Library
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the runtime cryptography libraries used by
+ applications and Kerberos clients.
+
+Package: libkdb5-4
+Section: libs
+Replaces: libkadm55 (<<1.6.dfsg.4~beta1-7)
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: krb5-doc, krb5-user
+Conflicts: libkadm5srv6
+Description: MIT Kerberos runtime libraries - Kerberos database
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the internal Kerberos database libraries.
+
+Package: libkrb5support0
+Section: libs
+Replaces: libkrb53 (<<1.6.dfsg.4~beta1-7)
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: krb5-doc, krb5-user
+Description: MIT Kerberos runtime libraries - Support library
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service. That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains an internal runtime support library used by other
+ Kerberos libraries.
+
--- krb5-1.8.1+dfsg.orig/debian/libkdb5-4.install
+++ krb5-1.8.1+dfsg/debian/libkdb5-4.install
@@ -0,0 +1 @@
+usr/lib/libkdb5.so.4*
--- krb5-1.8.1+dfsg.orig/debian/krb5-doc.doc-base.user
+++ krb5-1.8.1+dfsg/debian/krb5-doc.doc-base.user
@@ -0,0 +1,13 @@
+Document: krb5-user
+Title: Kerberos Version 5 User's Guide
+Author: MIT
+Abstract: User's guide for MIT Kerberos Version 5.
+Section: System/Security
+
+Format: HTML
+Index: /usr/share/doc/krb5-doc/krb5-user.html
+Files: /usr/share/doc/krb5-doc/krb5-user.html
+
+Format: Info
+Index: /usr/share/info/krb5-user.info.gz
+Files: /usr/share/info/krb5-user.info.gz
--- krb5-1.8.1+dfsg.orig/debian/krb5-admin-server.postrm
+++ krb5-1.8.1+dfsg/debian/krb5-admin-server.postrm
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+purge)
+ rm -f /etc/default/krb5-admin-server
+ ;;
+esac
+
+#DEBHELPER#
--- krb5-1.8.1+dfsg.orig/debian/krb5-pkinit.install
+++ krb5-1.8.1+dfsg/debian/krb5-pkinit.install
@@ -0,0 +1,2 @@
+usr/lib/krb5/plugins/preauth/pkinit.so
+
--- krb5-1.8.1+dfsg.orig/debian/libkrb5support0.symbols
+++ krb5-1.8.1+dfsg/debian/libkrb5support0.symbols
@@ -0,0 +1,56 @@
+libkrb5support.so.0 libkrb5support0 #MINVER#
+ HIDDEN@HIDDEN 1.7dfsg~beta2
+ krb5int_buf_add@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_add_fmt@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_add_len@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_data@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_init_dynamic@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_init_fixed@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_len@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_buf_truncate@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_clear_error@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_close_plugin@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_close_plugin_dirs@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_free_buf@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_free_error@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_free_plugin_dir_data@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_free_plugin_dir_func@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_freeaddrinfo@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_gai_strerror@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_get_error@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_get_plugin_data@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_get_plugin_dir_data@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_get_plugin_dir_func@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_get_plugin_func@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_getaddrinfo@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_getnameinfo@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_getspecific@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_gmt_mktime@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_in6addr_any@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_key_delete@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_key_register@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_mutex_alloc@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_mutex_free@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_mutex_lock@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_mutex_unlock@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_open_plugin@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_open_plugin_dirs@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_pthread_loaded@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_set_error@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_set_error_fl@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_set_error_info_callout_fn@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_setspecific@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_strlcat@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_strlcpy@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_ucs2lecs_to_utf8s@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_ucs4_to_utf8@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_utf8_lentab@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_utf8_mintab@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_utf8_next@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_utf8_to_ucs4@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_utf8cs_to_ucs2les@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_utf8s_to_ucs2les@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_vset_error@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_vset_error_fl@krb5support_0_MIT 1.7dfsg~beta2
+ krb5int_zap@krb5support_0_MIT 1.8+dfsg~alpha1
+ krb5support_0_MIT@krb5support_0_MIT 1.7dfsg~beta2
--- krb5-1.8.1+dfsg.orig/debian/kdc.conf
+++ krb5-1.8.1+dfsg/debian/kdc.conf
@@ -0,0 +1,16 @@
+[kdcdefaults]
+ kdc_ports = 750,88
+
+[realms]
+ @MYREALM = {
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
+ kdc_ports = 750,88
+ max_life = 10h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ master_key_type = des3-hmac-sha1
+ supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
+ default_principal_flags = +preauth
+ }
--- krb5-1.8.1+dfsg.orig/debian/libk5crypto3.install
+++ krb5-1.8.1+dfsg/debian/libk5crypto3.install
@@ -0,0 +1 @@
+usr/lib/libk5crypto.so.3*
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.init
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.init
@@ -0,0 +1,118 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: krb5-kdc
+# Required-Start: $local_fs $remote_fs $network $syslog
+# Required-Stop: $local_fs $remote_fs $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: MIT Kerberos KDC
+# Description: Starts, stops, or restarts the MIT Kerberos KDC. This
+# daemon responds to ticket requests from Kerberos
+# clients.
+### END INIT INFO
+
+# Author: Sam Hartman
+# Author: Russ Allbery
+#
+# Based on the /etc/init.d/skeleton template as found in initscripts version
+# 2.86.ds1-15.
+
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+DESC="Kerberos KDC"
+NAME=krb5kdc
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS=""
+SCRIPTNAME=/etc/init.d/krb5-kdc
+
+# Exit if the package is not installed.
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration if it is present.
+[ -r /etc/default/krb5-kdc ] && . /etc/default/krb5-kdc
+
+# Get the setting of VERBOSE and other rcS variables.
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Define LSB log functions (requires lsb-base >= 3.0-6).
+. /lib/lsb/init-functions
+
+
+# Return
+# 0 if daemon has been started
+# 1 if daemon was already running
+# 2 if daemon could not be started
+do_start_kdc()
+{
+ start-stop-daemon --start --quiet --startas $DAEMON --name $NAME --test \
+ > /dev/null || return 1
+ start-stop-daemon --start --quiet --startas $DAEMON --name $NAME \
+ -- $DAEMON_ARGS || return 2
+}
+
+
+# Return
+# 0 if daemon has been stopped
+# 1 if daemon was already stopped
+# 2 if daemon could not be stopped
+# other if a failure occurred
+do_stop_kdc()
+{
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --name $NAME
+}
+
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start_kdc
+ case "$?" in
+ 0|1)
+ [ "$VERBOSE" != no ] && log_end_msg 0
+ ;;
+ 2)
+ [ "$VERBOSE" != no ] && log_end_msg 1
+ ;;
+ esac
+ ;;
+
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop_kdc
+ case "$?" in
+ 0|1)
+ [ "$VERBOSE" != no ] && log_progress_msg "krb524d"
+ ;;
+ 2)
+ [ "$VERBOSE" != no ] && log_end_msg 1
+ ;;
+ esac
+ ;;
+
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop_kdc
+ case "$?" in
+ 0|1)
+ do_start_kdc
+ case "$?" in
+ 0)
+ log_end_msg 0
+ ;;
+ 1|2)
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- krb5-1.8.1+dfsg.orig/debian/krb5-doc.install
+++ krb5-1.8.1+dfsg/debian/krb5-doc.install
@@ -0,0 +1,3 @@
+usr/share/man/man1/kerberos.1
+usr/share/man/man5/.k5login.5
+usr/share/man/man5/krb5.conf.5
--- krb5-1.8.1+dfsg.orig/debian/libk5crypto3.symbols
+++ krb5-1.8.1+dfsg/debian/libk5crypto3.symbols
@@ -0,0 +1,99 @@
+libk5crypto.so.3 libk5crypto3 #MINVER#
+ HIDDEN@HIDDEN 1.6.dfsg.2
+ is_coll_proof_cksum@k5crypto_3_MIT 1.6.dfsg.2
+ is_keyed_cksum@k5crypto_3_MIT 1.6.dfsg.2
+ k5crypto_3_MIT@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_block_size@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_checksum_length@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_crypto_length@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_crypto_length_iov@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_decrypt@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_decrypt_iov@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_encrypt@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_encrypt_iov@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_encrypt_length@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_enctype_compare@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_free_state@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_fx_cf2_simple@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_init_state@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_is_coll_proof_cksum@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_is_keyed_cksum@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_keyed_checksum_types@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_keylengths@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_make_checksum@k5crypto_3_MIT 1.8+dfsg
+ krb5_c_make_checksum_iov@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_make_random_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_padding_length@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_prf@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_prf_length@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_random_add_entropy@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_random_make_octets@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_random_os_entropy@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_random_seed@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_random_to_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_string_to_key@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_string_to_key_with_params@k5crypto_3_MIT 1.7+dfsg
+ krb5_c_valid_cksumtype@k5crypto_3_MIT 1.6.dfsg.28
+ krb5_c_valid_enctype@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_verify_checksum@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_c_verify_checksum_iov@k5crypto_3_MIT 1.7+dfsg
+ krb5_calculate_checksum@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_checksum_size@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_cksumtype_to_string@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_decrypt@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_eblock_enctype@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_encrypt@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_encrypt_data@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_encrypt_size@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_enctype_to_string@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_finish_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_finish_random_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_free_cksumtypes@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_init_random_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_k_create_key@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_decrypt@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_decrypt_iov@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_encrypt@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_encrypt_iov@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_free_key@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_key_enctype@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_key_keyblock@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_make_checksum@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_make_checksum_iov@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_prf@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_reference_key@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_verify_checksum@k5crypto_3_MIT 1.8+dfsg
+ krb5_k_verify_checksum_iov@k5crypto_3_MIT 1.8+dfsg
+ krb5_process_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_random_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_string_to_cksumtype@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_string_to_enctype@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_string_to_key@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_use_enctype@k5crypto_3_MIT 1.6.dfsg.2
+ krb5_verify_checksum@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_MD4Final@k5crypto_3_MIT 1.8+dfsg
+ krb5int_MD4Init@k5crypto_3_MIT 1.8+dfsg
+ krb5int_MD4Update@k5crypto_3_MIT 1.8+dfsg
+ krb5int_MD5Final@k5crypto_3_MIT 1.8+dfsg
+ krb5int_MD5Init@k5crypto_3_MIT 1.8+dfsg
+ krb5int_MD5Update@k5crypto_3_MIT 1.8+dfsg
+ krb5int_aes_decrypt@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_aes_encrypt@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_arcfour_gsscrypt@k5crypto_3_MIT 1.8+dfsg
+ krb5int_c_combine_keys@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_c_copy_keyblock@k5crypto_3_MIT 1.8+dfsg
+ krb5int_c_copy_keyblock_contents@k5crypto_3_MIT 1.8+dfsg
+ krb5int_c_free_keyblock@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_c_free_keyblock_contents@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_c_init_keyblock@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_c_mandatory_cksumtype@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_c_weak_enctype@k5crypto_3_MIT 1.8+dfsg
+ krb5int_enc_arcfour@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_enc_des3@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_hash_md5@k5crypto_3_MIT 1.6.dfsg.2
+ krb5int_hmac@k5crypto_3_MIT 1.8+dfsg
+ mit_crc32@k5crypto_3_MIT 1.6.dfsg.2
+ mit_des_fixup_key_parity@k5crypto_3_MIT 1.6.dfsg.2
+ mit_des_is_weak_key@k5crypto_3_MIT 1.6.dfsg.2
+ valid_cksumtype@k5crypto_3_MIT 1.6.dfsg.2
+ valid_enctype@k5crypto_3_MIT 1.6.dfsg.2
--- krb5-1.8.1+dfsg.orig/debian/krb5_newrealm.sgml
+++ krb5-1.8.1+dfsg/debian/krb5_newrealm.sgml
@@ -0,0 +1,32 @@
+
+
+
+ krb5_newrealm
+ 8
+
+
+ krb5_newrealm
+ Create a new Kerberos Realm
+
+
+
+
+
+ krb5_newrealm
+
+
+
+ Description This script attempts to create a
+ Kerberos realm. It assumes that none of the realm components
+ exists, except for the /etc/krb5.conf file. (Normally this file
+ is automatically generated at package installation, but if you
+ skipped the configuration step, you will need to manually generate
+ this file before running krb5_newrealm.)
+ It creates the database, initializes the stash file in
+ /etc/krb5kdc/stash containing the master key for
+ the database, starts the KDC and Kerberos admin server,
+ and creates a stub /etc/krb5kdc/kadm5.acl file.
+
+
+
+
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-3.docs
+++ krb5-1.8.1+dfsg/debian/libkrb5-3.docs
@@ -0,0 +1,2 @@
+README
+debian/README.Debian
--- krb5-1.8.1+dfsg.orig/debian/krb5-user.docs
+++ krb5-1.8.1+dfsg/debian/krb5-user.docs
@@ -0,0 +1 @@
+README
--- krb5-1.8.1+dfsg.orig/debian/krb5-admin-server.postinst
+++ krb5-1.8.1+dfsg/debian/krb5-admin-server.postinst
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+set -e
+
+if [ "configure" = "$1" ] || [ "reconfigure" = "$1" ] ; then
+ . /usr/share/debconf/confmodule
+ db_version 2.0
+
+ db_get krb5-kdc/debconf
+ DEBCONF="$RET"
+
+ if [ $DEBCONF = "true" ] ; then
+ if [ -f "/etc/default/krb5-admin-server" ] ; then
+ . /etc/default/krb5-admin-server
+ fi
+ cat <<'EOF' > /etc/default/krb5-admin-server
+# Automatically generated. If you change anything in this file other than the
+# values of RUN_KADMIND or DAEMON_ARGS, first run dpkg-reconfigure
+# krb5-admin-server and disable managing the kadmin configuration with
+# debconf. Otherwise, changes will be overwritten.
+
+EOF
+ db_get krb5-admin-server/kadmind
+ RUN_KADMIND="$RET"
+ echo "RUN_KADMIND=$RUN_KADMIND" >> /etc/default/krb5-admin-server
+ if [ -n "$DAEMON_ARGS" ] ; then
+ echo "DAEMON_ARGS=\"$DAEMON_ARGS\"" \
+ >> /etc/default/krb5-admin-server
+ fi
+ fi
+ db_stop
+fi
+
+#DEBHELPER#
+
+exit 0
--- krb5-1.8.1+dfsg.orig/debian/libkadm5srv-mit7.symbols
+++ krb5-1.8.1+dfsg/debian/libkadm5srv-mit7.symbols
@@ -0,0 +1,145 @@
+libkadm5srv_mit.so.7 libkadm5srv-mit7 #MINVER#
+ HIDDEN@HIDDEN 1.8+dfsg
+ _kadm5_check_handle@kadm5srv_mit_7_MIT 1.8+dfsg
+ _kadm5_chpass_principal_util@kadm5srv_mit_7_MIT 1.8+dfsg
+ adb_policy_close@kadm5srv_mit_7_MIT 1.8+dfsg
+ adb_policy_init@kadm5srv_mit_7_MIT 1.8+dfsg
+ destroy_dict@kadm5srv_mit_7_MIT 1.8+dfsg
+ find_word@kadm5srv_mit_7_MIT 1.8+dfsg
+ hist_princ@kadm5srv_mit_7_MIT 1.8+dfsg
+ init_dict@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_chpass_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_chpass_principal_3@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_chpass_principal_util@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_create_policy@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_create_policy_internal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_create_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_create_principal_3@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_decrypt_key@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_delete_policy@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_delete_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_destroy@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_flush@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_free_config_params@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_free_key_data@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_free_name_list@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_free_policy_ent@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_free_principal_ent@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_config_params@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_policies@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_policy@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_principal_keys@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_principals@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_get_privs@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init_anonymous@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init_iprop@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init_krb5_context@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init_with_creds@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init_with_password@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_init_with_skey@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_lock@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_modify_policy@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_modify_policy_internal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_modify_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_randkey_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_randkey_principal_3@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_rename_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_set_use_password_server@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_setkey_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_setkey_principal_3@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_setv4key_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5_unlock@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5int_acl_check@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5int_acl_check_krb@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5int_acl_finish@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5int_acl_impose_restrictions@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5int_acl_init@kadm5srv_mit_7_MIT 1.8+dfsg
+ kadm5srv_mit_7_MIT@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_delete_entry@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_free_entry@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_get_entry@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_init_hist@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_init_master@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_iter_entry@kadm5srv_mit_7_MIT 1.8+dfsg
+ kdb_put_entry@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_finish@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_boolean@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_deltat@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_int32@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_string@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_get_string_all@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_getvals@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_aprof_init@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_copy_key_data_contents@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_flags_to_string@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_free_key_data_contents@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_free_realm_params@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_input_flag_to_string@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_keysalt_is_present@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_keysalt_iterate@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_klog_close@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_klog_init@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_klog_reopen@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_klog_syslog@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_match_config_pattern@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_read_realm_params@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_string_to_flags@kadm5srv_mit_7_MIT 1.8+dfsg
+ krb5_string_to_keysalts@kadm5srv_mit_7_MIT 1.8+dfsg
+ master_db@kadm5srv_mit_7_MIT 1.8+dfsg
+ master_keyblock@kadm5srv_mit_7_MIT 1.8+dfsg
+ master_keylist@kadm5srv_mit_7_MIT 1.8+dfsg
+ master_princ@kadm5srv_mit_7_MIT 1.8+dfsg
+ osa_free_princ_ent@kadm5srv_mit_7_MIT 1.8+dfsg
+ passwd_check@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_chpass3_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_chpass_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_chrand3_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_chrand_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_chrand_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_cpol_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_cprinc3_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_cprinc_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_dpol_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_dprinc_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_generic_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_getprivs_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gpol_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gpol_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gpols_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gpols_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gprinc_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gprinc_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gprincs_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_gprincs_ret@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_kadm5_policy_ent_rec@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_kadm5_principal_ent_rec@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_kadm5_ret_t@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_deltat@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_enctype@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_flags@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_int16@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_key_data@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_key_data_nocontents@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_key_salt_tuple@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_keyblock@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_kvno@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_octet@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_principal@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_salttype@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_timestamp@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_tl_data@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_ui_2@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_krb5_ui_4@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_mpol_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_mprinc_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_nullstring@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_nulltype@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_osa_princ_ent_rec@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_osa_pw_hist_ent@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_rprinc_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_setkey3_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_setkey_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_setv4key_arg@kadm5srv_mit_7_MIT 1.8+dfsg
+ xdr_ui_4@kadm5srv_mit_7_MIT 1.8+dfsg
--- krb5-1.8.1+dfsg.orig/debian/krb5-user.install
+++ krb5-1.8.1+dfsg/debian/krb5-user.install
@@ -0,0 +1,18 @@
+usr/bin/kdestroy
+usr/share/man/man1/kdestroy.1
+usr/bin/kinit
+usr/share/man/man1/kinit.1
+usr/bin/klist
+usr/share/man/man1/klist.1
+usr/bin/kpasswd
+usr/share/man/man1/kpasswd.1
+usr/bin/ksu
+usr/share/man/man1/ksu.1
+usr/bin/kvno
+usr/share/man/man1/kvno.1
+usr/bin/k5srvutil
+usr/share/man/man1/k5srvutil.1
+usr/bin/kadmin
+usr/share/man/man1/kadmin.1
+usr/bin/ktutil
+usr/share/man/man1/ktutil.1
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc-ldap.docs
+++ krb5-1.8.1+dfsg/debian/krb5-kdc-ldap.docs
@@ -0,0 +1,2 @@
+src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
--- krb5-1.8.1+dfsg.orig/debian/krb5-admin-server.init
+++ krb5-1.8.1+dfsg/debian/krb5-admin-server.init
@@ -0,0 +1,121 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: krb5-admin-server
+# Required-Start: $local_fs $remote_fs $network $syslog
+# Required-Stop: $local_fs $remote_fs $network $syslog
+# Should-Start: krb5-kdc
+# Should-Stop: krb5-kdc
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: MIT Kerberos KDC administrative daemon
+# Description: Starts, stops, or restarts the MIT Kerberos KDC
+# administrative daemon (kadmind). This daemon answers
+# requests from kadmin clients and allows administrators
+# to create, delete, and modify principals in the KDC
+# database.
+### END INIT INFO
+
+# Author: Sam Hartman
+# Author: Russ Allbery
+#
+# Based on the /etc/init.d/skeleton template as found in initscripts version
+# 2.86.ds1-15.
+
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+DESC="Kerberos administrative servers"
+NAME=kadmind
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS=""
+SCRIPTNAME=/etc/init.d/krb5-admin-server
+DEFAULT=/etc/default/krb5-admin-server
+
+# Exit if the package is not installed.
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration if it is present.
+[ -r "$DEFAULT" ] && . "$DEFAULT"
+
+# Get the setting of VERBOSE and other rcS variables.
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Define LSB log functions (requires lsb-base >= 3.0-6).
+. /lib/lsb/init-functions
+
+# Return
+# 0 if daemon has been started
+# 1 if daemon was already running
+# 2 if daemon could not be started
+do_start()
+{
+ start-stop-daemon --start --quiet --startas $DAEMON --name $NAME --test \
+ > /dev/null || return 1
+ start-stop-daemon --start --quiet --startas $DAEMON --name $NAME \
+ -- $DAEMON_ARGS || return 2
+}
+
+# Return
+# 0 if daemon has been stopped
+# 1 if daemon was already stopped
+# 2 if daemon could not be stopped
+# other if a failure occurred
+do_stop()
+{
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --name $NAME
+}
+
+
+case "$1" in
+ start)
+ if [ "$RUN_KADMIND" = false ] ; then
+ if [ "$VERBOSE" != no ] ; then
+ log_action_msg "Not starting $DESC per configuration"
+ fi
+ exit 0
+ fi
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+
+ restart|force-reload)
+ if [ "$RUN_KADMIND" = false ] ; then
+ if [ "$VERBOSE" != no ] ; then
+ log_action_msg "Not restarting $DESC per configuration"
+ fi
+ exit 0
+ fi
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ *) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ *)
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- krb5-1.8.1+dfsg.orig/debian/watch
+++ krb5-1.8.1+dfsg/debian/watch
@@ -0,0 +1,5 @@
+# debian/watch -- Rules for uscan to find new upstream versions.
+
+version=3
+opts=dversionmangle=s/\+dfsg// \
+ http://web.mit.edu/kerberos/dist/ krb5/[\d.]+/krb5-([\d.]+)-signed.tar$
--- krb5-1.8.1+dfsg.orig/debian/compat
+++ krb5-1.8.1+dfsg/debian/compat
@@ -0,0 +1 @@
+7
--- krb5-1.8.1+dfsg.orig/debian/libkdb5-4.symbols
+++ krb5-1.8.1+dfsg/debian/libkdb5-4.symbols
@@ -0,0 +1,91 @@
+libkdb5.so.4 libkdb5-4 #MINVER#
+ HIDDEN@HIDDEN 1.6.dfsg.2
+ kdb5_4_MIT@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_alloc@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_create@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_create_policy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_delete_policy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_delete_principal@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_destroy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_fetch_mkey@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_fetch_mkey_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_fini@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_free@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_free_mkey_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_free_policy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_free_principal@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_get_age@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_get_context@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_get_key_data_kvno@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_get_mkey@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_get_mkey_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_get_policy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_get_principal@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_get_principal_ext@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_inited@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_invoke@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_iter_policy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_iterate@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_lock@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_open@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_promote@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_put_policy@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_put_principal@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_set_context@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_set_mkey@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_set_mkey_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_setup_lib_handle@kdb5_4_MIT 1.7dfsg~beta1
+ krb5_db_setup_mkey_name@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_store_master_key@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_store_master_key_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_db_unlock@kdb5_4_MIT 1.6.dfsg.2
+ krb5_db_verify_master_key@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_apw@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_ark@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_cpw@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_create_key_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_crk@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_fetch_act_key_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_find_act_mkey@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_find_enctype@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_find_mkey@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_free_actkvno_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_free_key_data_contents@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_free_key_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_free_mkey_aux_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_get_mkvno@kdb5_4_MIT 1.8+dfsg
+ krb5_dbe_lookup_actkvno@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_lookup_last_pwd_change@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_lookup_mkey_aux@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_lookup_mkvno@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_lookup_mod_princ_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_lookup_tl_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_search_enctype@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_update_actkvno@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_update_last_pwd_change@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_update_mkey_aux@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_update_mkvno@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_dbe_update_mod_princ_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbe_update_tl_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbekd_decrypt_key_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_dbekd_def_decrypt_key_data@kdb5_4_MIT 1.8+dfsg~alpha1
+ krb5_dbekd_def_encrypt_key_data@kdb5_4_MIT 1.8+dfsg~alpha1
+ krb5_dbekd_encrypt_key_data@kdb5_4_MIT 1.6.dfsg.2
+ krb5_def_store_mkey@kdb5_4_MIT 1.6.dfsg.2
+ krb5_def_store_mkey_list@kdb5_4_MIT 1.7dfsg~alpha1
+ krb5_kt_kdb_ops@kdb5_4_MIT 1.6.dfsg.2
+ krb5_ktkdb_close@kdb5_4_MIT 1.6.dfsg.2
+ krb5_ktkdb_get_entry@kdb5_4_MIT 1.6.dfsg.2
+ krb5_ktkdb_resolve@kdb5_4_MIT 1.6.dfsg.2
+ krb5_ktkdb_set_context@kdb5_4_MIT 1.6.dfsg.2
+ krb5_mkey_pwd_prompt1@kdb5_4_MIT 1.6.dfsg.2
+ krb5_mkey_pwd_prompt2@kdb5_4_MIT 1.6.dfsg.2
+ ulog_free_entries@kdb5_4_MIT 1.7dfsg~alpha1
+ ulog_get_entries@kdb5_4_MIT 1.7dfsg~alpha1
+ ulog_map@kdb5_4_MIT 1.7dfsg~alpha1
+ ulog_replay@kdb5_4_MIT 1.7dfsg~alpha1
+ ulog_set_role@kdb5_4_MIT 1.7dfsg~alpha1
+ xdr_kdb_fullresync_result_t@kdb5_4_MIT 1.7dfsg~alpha1
+ xdr_kdb_incr_result_t@kdb5_4_MIT 1.7dfsg~alpha1
+ xdr_kdb_incr_update_t@kdb5_4_MIT 1.7dfsg~alpha1
+ xdr_kdb_last_t@kdb5_4_MIT 1.7dfsg~alpha1
--- krb5-1.8.1+dfsg.orig/debian/krb5-multidev.install
+++ krb5-1.8.1+dfsg/debian/krb5-multidev.install
@@ -0,0 +1,2 @@
+usr/lib/lib*.so usr/lib/mit-krb5
+usr/include/* usr/include/mit-krb5
--- krb5-1.8.1+dfsg.orig/debian/libgssapi-krb5-2.symbols
+++ krb5-1.8.1+dfsg/debian/libgssapi-krb5-2.symbols
@@ -0,0 +1,108 @@
+libgssapi_krb5.so.2 libgssapi-krb5-2 #MINVER#
+ GSS_C_INQ_SSPI_SESSION_KEY@gssapi_krb5_2_MIT 1.7+dfsg
+ GSS_C_NT_ANONYMOUS@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_C_NT_EXPORT_NAME@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_C_NT_HOSTBASED_SERVICE@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_C_NT_HOSTBASED_SERVICE_X@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_C_NT_MACHINE_UID_NAME@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_C_NT_STRING_UID_NAME@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_C_NT_USER_NAME@gssapi_krb5_2_MIT 1.6.dfsg.2
+ GSS_KRB5_NT_PRINCIPAL_NAME@gssapi_krb5_2_MIT 1.6.dfsg.2
+ HIDDEN@HIDDEN 1.6.dfsg.2
+ gss_accept_sec_context@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_acquire_cred@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_acquire_cred_impersonate_name@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_add_buffer_set_member@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_add_cred@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_add_cred_impersonate_name@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_add_oid_set_member@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_canonicalize_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_compare_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_complete_auth_token@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_context_time@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_create_empty_buffer_set@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_create_empty_oid_set@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_delete_name_attribute@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_delete_sec_context@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_display_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_display_name_ext@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_display_status@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_duplicate_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_export_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_export_name_composite@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_export_sec_context@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_get_mic@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_get_name_attribute@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_import_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_import_sec_context@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_indicate_mechs@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_init_sec_context@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_inquire_context@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_inquire_cred@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_inquire_cred_by_mech@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_inquire_cred_by_oid@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_inquire_mechs_for_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_inquire_name@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_inquire_names_for_mech@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_inquire_sec_context_by_oid@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_krb5_ccache_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5_copy_ccache@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5_export_lucid_sec_context@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5_free_lucid_sec_context@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5_get_tkt_flags@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5_set_allowable_enctypes@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5_set_cred_rcache@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_krb5int_make_seal_token_v3@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_krb5int_unseal_token_v3@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_map_name_to_any@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_mech_krb5@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_mech_krb5_old@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_mech_set_krb5@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_mech_set_krb5_both@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_mech_set_krb5_old@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_exported_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_krb5_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_krb5_principal@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_machine_uid_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_service_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_service_name_v2@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_string_uid_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_nt_user_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_oid_to_str@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_process_context_token@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_pseudo_random@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_release_any_name_mapping@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_release_buffer@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_release_buffer_set@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_release_cred@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_release_iov_buffer@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_release_name@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_release_oid@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_release_oid_set@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_seal@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_set_name_attribute@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_set_neg_mechs@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_set_sec_context_option@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_sign@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_store_cred@gssapi_krb5_2_MIT 1.8+dfsg
+ gss_str_to_oid@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_test_oid_set_member@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_unseal@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_unwrap@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_unwrap_aead@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_unwrap_iov@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_verify@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_verify_mic@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_wrap@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gss_wrap_aead@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_wrap_iov@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_wrap_iov_length@gssapi_krb5_2_MIT 1.7+dfsg
+ gss_wrap_size_limit@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gssapi_krb5_2_MIT@gssapi_krb5_2_MIT 1.6.dfsg.2
+ gsskrb5_extract_authtime_from_sec_context@gssapi_krb5_2_MIT 1.7+dfsg
+ gsskrb5_extract_authz_data_from_sec_context@gssapi_krb5_2_MIT 1.7+dfsg
+ gssspi_mech_invoke@gssapi_krb5_2_MIT 1.7+dfsg
+ gssspi_set_cred_option@gssapi_krb5_2_MIT 1.7+dfsg
+ krb5_gss_dbg_client_expcreds@gssapi_krb5_2_MIT 1.6.dfsg.2
+ krb5_gss_register_acceptor_identity@gssapi_krb5_2_MIT 1.6.dfsg.2
+ krb5_gss_use_kdc_context@gssapi_krb5_2_MIT 1.6.dfsg.2
--- krb5-1.8.1+dfsg.orig/debian/krb5-doc.docs
+++ krb5-1.8.1+dfsg/debian/krb5-doc.docs
@@ -0,0 +1,9 @@
+debian/README.KDC
+README
+NOTICE
+doc/admin-guide.ps
+doc/krb5-admin.*
+doc/install-guide.ps
+doc/krb5-install.*
+doc/user-guide.ps.*
+doc/krb5-user.*
--- krb5-1.8.1+dfsg.orig/debian/libkrb5-3.dirs
+++ krb5-1.8.1+dfsg/debian/libkrb5-3.dirs
@@ -0,0 +1 @@
+usr/lib/krb5/plugins/krb5
--- krb5-1.8.1+dfsg.orig/debian/krb5-kdc.docs
+++ krb5-1.8.1+dfsg/debian/krb5-kdc.docs
@@ -0,0 +1,2 @@
+debian/README.KDC
+debian/README.Debian
--- krb5-1.8.1+dfsg.orig/debian/krb5-doc.doc-base.admin
+++ krb5-1.8.1+dfsg/debian/krb5-doc.doc-base.admin
@@ -0,0 +1,13 @@
+Document: krb5-admin
+Title: Kerberos Version 5 Administrator's Guide
+Author: MIT
+Abstract: Administration guide for MIT Kerberos Version 5.
+Section: System/Security
+
+Format: HTML
+Index: /usr/share/doc/krb5-doc/krb5-admin.html
+Files: /usr/share/doc/krb5-doc/krb5-admin.html
+
+Format: Info
+Index: /usr/share/info/krb5-admin.info.gz
+Files: /usr/share/info/krb5-admin.info.gz
--- krb5-1.8.1+dfsg.orig/debian/prepsource
+++ krb5-1.8.1+dfsg/debian/prepsource
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+if [ $# -lt 2 ]; then
+echo Usage: $0 tarfile merge_tag upstream_tag
+exit 2
+fi
+tarfile=$1
+merge_tag=$2
+upstream_tag=$3
+dir=$( basename $(tar tzf $tarfile |head -1 ) )
+tar xzf $tarfile
+rm -rf $dir/doc/krb5-protocol
+
+git add -f $dir
+tree=$( git write-tree --prefix=${dir}/ )
+commit=$( echo "Merge in $merge_tag to upstream by unpacking $tarfile." | \
+ git commit-tree $tree -p upstream -p $( git rev-list -n1 $merge_tag ) )
+
+git branch -f upstream $commit
+git tag $upstream_tag $commit
+git rm -q -r -f $dir
+
--- krb5-1.8.1+dfsg.orig/debian/libgssapi-krb5-2.install
+++ krb5-1.8.1+dfsg/debian/libgssapi-krb5-2.install
@@ -0,0 +1 @@
+usr/lib/libgssapi_krb5.so.2*
--- krb5-1.8.1+dfsg.orig/debian/libkadm5clnt-mit7.install
+++ krb5-1.8.1+dfsg/debian/libkadm5clnt-mit7.install
@@ -0,0 +1 @@
+usr/lib/libkadm5clnt_mit.so.7*
--- krb5-1.8.1+dfsg.orig/debian/po/vi.po
+++ krb5-1.8.1+dfsg/debian/po/vi.po
@@ -0,0 +1,151 @@
+# Vietnamese Translation for krb5.
+# Copyright © 2009 Free Software Foundation, Inc.
+# Clytie Siddall , 2005-2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.6.dfsg.4~beta1-10\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2009-09-24 22:54+0930\n"
+"Last-Translator: Clytie Siddall \n"
+"Language-Team: Vietnamese \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: LocFactoryEditor 1.8\n"
+
+#: ../krb5-admin-server.templates:2001
+#. Type: note
+#. Description
+msgid "Setting up a Kerberos Realm"
+msgstr "Thiết lập một Địa hạt Kerberos"
+
+#: ../krb5-admin-server.templates:2001
+#. Type: note
+#. Description
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Gói này chứa các công cụ quản trị cần thiết để chạy trình phục vụ chủ "
+"Kerberos."
+
+#: ../krb5-admin-server.templates:2001
+#. Type: note
+#. Description
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Tuy nhiên, việc cài đặt gói này không phải tự động thiết lập một địa hạt "
+"(realm) Kerberos. Có thể làm đó về sau, bằng cách chạy câu lệnh « "
+"krb5_newrealm »."
+
+#: ../krb5-admin-server.templates:2001
+#. Type: note
+#. Description
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Xem thêm tập tin Đọc Đi « /usr/share/doc/krb5-kdc/README.KDC » và sổ tay quản "
+"trị (administration guide) nằm trong gói tài liệu « krb5-doc »."
+
+#: ../krb5-admin-server.templates:3001
+#. Type: boolean
+#. Description
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Chạy trình nền quản trị phiên bản 5 Kerberos (kadmind) không?"
+
+#: ../krb5-admin-server.templates:3001
+#. Type: boolean
+#. Description
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind phục vụ yêu cầu để thêm/sửa đổi/gỡ bỏ điều tiền gốc trong cơ sở dữ "
+"liệu Kerberos."
+
+#: ../krb5-admin-server.templates:3001
+#. Type: boolean
+#. Description
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Nó bị chương trình kpasswd cần thiết để thay đổi mật khẩu. Đối với thiết "
+"lập tiêu chuẩn, trình nền này nên chạy trên KDC chủ."
+
+#: ../krb5-kdc.templates:2001
+#. Type: boolean
+#. Description
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Tự động tạo cấu hình KDC Kerberos không?"
+
+#: ../krb5-kdc.templates:2001
+#. Type: boolean
+#. Description
+#| msgid ""
+#| "The Kerberos Domain Controller (KDC) configuration files, in /etc/"
+#| "krb5kdc, may be created automatically."
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Những tập tin cấu hình Trung tâm Phân phối Khoá Kerberos (KDC), trong thư mục « /etc/krb5kdc », cũng có thể được tự động tạo."
+
+#: ../krb5-kdc.templates:2001
+#. Type: boolean
+#. Description
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Mặc định là một mẫu thí dụ sẽ được sao chép vào thư mục này với các tham số "
+"cục bộ được điền sẵn."
+
+#: ../krb5-kdc.templates:2001
+#. Type: boolean
+#. Description
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Quản trị đã có nền tảng để quản lý cấu hình Kerberos thì có thể muốn tắt các "
+"thay đổi cấu hình tự động này."
+
+#: ../krb5-kdc.templates:3001
+#. Type: boolean
+#. Description
+msgid "Should the KDC database be deleted?"
+msgstr "Có nên xoá cơ sở dữ liệu KDC không?"
+
+# By default, purging this package will not delete the KDC database in /var/
+# lib/krb5kdc/principal since this database cannot be recovered once it is
+# deleted. If you wish to delete your KDC database when this package is
+# purged, knowing that purging this package will then mean deleting all of
+# the user accounts and passwords in the KDC, enable this option.
+#: ../krb5-kdc.templates:3001
+#. Type: boolean
+#. Description
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Mặc định là việc gỡ bỏ gói này sẽ không xoá cơ sở dữ liệu KDC trong « /var/"
+"lib/krb5kdc/principal », vì một khi xoá cơ sở dữ liệu này, không thể phục "
+"hồi lại."
+
+#: ../krb5-kdc.templates:3001
+#. Type: boolean
+#. Description
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Hãy bật tùy chọn này nếu bạn muốn xoá cơ sở dữ liệu KDC ngay bây giờ, thì "
+"cũng xoá mọi tài khoản và mật khẩu của người dùng trong KDC."
--- krb5-1.8.1+dfsg.orig/debian/po/nl.po
+++ krb5-1.8.1+dfsg/debian/po/nl.po
@@ -0,0 +1,202 @@
+# Dutch krb5 po-debconf translation,
+# Copyright (C) 2008 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the krb5 package.
+# Vincent Zweije , 2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.6.dfsg.4~beta1-3\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2008-08-19 08:40+0000\n"
+"Last-Translator: Vincent Zweije \n"
+"Language-Team: Debian-Dutch \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Aanmaken van een Kerberos autoriteitsgebied (realm)"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Dit pakket bevat de administratieve hulpmiddelen die nodig zijn om de "
+"Kerberos hoofd-server te draaien."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"De installatie van dit pakket maakt echter niet automatisch een Kerberos "
+"autoriteitsgebied (realm) aan. Dit kan later worden gedaan door het "
+"programma \"krb5_newrealm\" uit te voeren."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Lees alstublieft ook het bestand /usr/share/doc/krb5-kdc/README.KDC en de "
+"administratiehandleiding in pakket krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "De Kerberos-V5 administratie-achtergronddienst (kadmind) starten?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind handelt aanvragen af om principals in de Kerberos database toe te "
+"voegen, te wijzigen of te verwijderen."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Het is vereist voor het programma kpasswd, dat wordt gebruikt voor het "
+"wijzigen van wachtwoorden. Gewoonlijk werkt deze achtergronddienst op de "
+"hoofd-KDC."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Kerberos KDC instellingen aanmaken met debconf?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+#, fuzzy
+#| msgid ""
+#| "The Kerberos Domain Controller (KDC) configuration files, in /etc/"
+#| "krb5kdc, may be created automatically."
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"De Kerberos Domain Controller (KDC) instellingsbestanden, in /etc/krb5kdc, "
+"kunnen automatisch worden aangemaakt."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Standaard zal een sjabloon naar deze map worden gekopieerd, waarin de locale "
+"parameters al zijn ingevuld."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Beheerders die reeds infrastructuur hebben om hun Kerberos instellingen te "
+"beheren kunnen deze automatische instellingswijzigingen uitschakelen."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Dient de KDC database te worden verwijderd?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Standaard zal het wissen (purge) van dit pakket de KDC database in /var/lib/"
+"krb5kdc/principal niet verwijderen, aangezien deze database niet kan worden "
+"hersteld als deze is verwijderd."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Accepteer deze optie indien u de KDC database nu wilt verwijderen, waarbij "
+"alle gebruikers en wachtwoorden verloren gaan."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Te gebruiken Kerberos-V4-compatibiliteitsmodus:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Standaard worden Kerberos-V4-aanvragen toegestaan van principals die geen "
+#~ "pre-authenticatie vereisen (\"zonder preauthentiatie\"). Dit staat toe "
+#~ "dat Kerberos-V4-diensten bestaan, terwijl tegelijkertijd de meeste "
+#~ "gebruikers Kerberos-V5-clients moeten gebruiken voor hun initiële "
+#~ "tickets. Deze Kerberos-V5-tickets kunnen dan in Kerberos-V4-tickets "
+#~ "worden omgezet."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Als alternatief kan de modus op \"volledig\" worden gezet, zodat Kerberos-"
+#~ "V4-clients initiële tickets kunnen verkrijgen, zelfs als pre-"
+#~ "authenticatie normaal gesproken vereist zou zijn. Voorts kan de modus op "
+#~ "\"uitgeschakeld\" worden gezet, hetgeen protocol-versiefouten teruggeeft "
+#~ "aan alle Kerberos-V4-clients. Tenslotte kan de modus op \"geen\" worden "
+#~ "gezet, waardoor de de KDC in het geheel niets op Kerberos-V4-aanvragen "
+#~ "zal teruggeven."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "Een achtergronddienst starten voor het converteren van Kerberos-V5- naar "
+#~ "Kerberos-V4-tickets?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "De achtergronddienst krb524d zet Kerberos-V5-tickets om in Kerberos-V4-"
+#~ "tickets, voor programma's zoals krb524init, die Kerberos-V4-tickets "
+#~ "aanvragen voor compatibiliteit met oude applicaties."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Het wordt aanbevolen om die achtergronddienst in te schakelen als "
+#~ "Kerberos-V4 is aangezet, in het bijzonder wanneer Kerberos-V4-"
+#~ "compatibiliteit op \"zonder preauthentiatie\" staat."
--- krb5-1.8.1+dfsg.orig/debian/po/pt_BR.po
+++ krb5-1.8.1+dfsg/debian/po/pt_BR.po
@@ -0,0 +1,231 @@
+# krb5 Brazilian Portuguese translation
+# Copyright (C) 2008 THE krb5'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the krb5 package.
+# Eder L. Marques (frolic) , 2008.
+#
+msgid ""
+msgstr "pt_BR utf-8\n"
+"Project-Id-Version: krb5\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2008-05-21 11:38-0700\n"
+"PO-Revision-Date: 2008-06-09 10:31-0300\n"
+"Last-Translator: Eder L. Marques (frolic) \n"
+"Language-Team: l10n Portuguese \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Configurando um Realm Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Este pacote contém ferramentas administrativas necessárias para executar o "
+"servidor mestre Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Contudo, instalar este pacote não configura automaticamente um realm "
+"Kerberos. Isto pode ser feito depois executando o comando \"krb5_newrealm\"."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Por favor, leia também o arquivo /usr/share/doc/krb5-kdc/README.KDC e o guia "
+"de administração encontrado no pacote krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+#| msgid "Run the Kerberos5 administration daemon (kadmind)?"
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Executar o daemon de administração do Kerberos V5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"O Kadmind serve pedidos de adicionar/modificar/remover principals na base de "
+"dados do Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Ele é necessário para o programa kpasswd, usado para alterar senhas. Com "
+"configurações padrão, este daemon deve executar no mestre KDC."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+#| msgid "Create Kerberos KDC Configuration with debconf?"
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Criar a configuração do Kerberos KDC automaticamente?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Domain Controller (KDC) configuration files, in /etc/krb5kdc, "
+"may be created automatically."
+msgstr ""
+"Os arquivos de configuração do Controlador de Domínio Kerberos (KDC, em "
+"inglês), em /etc/krb5kdc, podem ser criados automaticamente."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Por padrão, um modelo de exemplo será copiado para este diretório com os "
+"parâmetros locais preenchidos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Administradores que já possuem infraestrutura para administrar suas "
+"configurações Kerberos podem desejar desabilitar estas mudanças de "
+"configuração automática."
+
+#. Type: select
+#. Description
+#: ../krb5-kdc.templates:3001
+#| msgid "Kerberos4 compatibility mode to use:"
+msgid "Kerberos V4 compatibility mode to use:"
+msgstr "Modo de compatibilidade Kerberos V4 a ser utilizado:"
+
+#. Type: select
+#. Description
+#. "nopreauth" is a literal string and should be left in English
+#: ../krb5-kdc.templates:3001
+#| msgid ""
+#| "By default, Kerberos4 requests are allowed from principals that do not "
+#| "require preauthentication. This allows Kerberos4 services to exist while "
+#| "requiring most users to use Kerberos5 clients to get their initial "
+#| "tickets. These tickets can then be converted to Kerberos4 tickets. "
+#| "Alternatively, the mode can be set to full, allowing Kerberos4 to get "
+#| "initial tickets even when preauthentication would normally be required, "
+#| "or to disable, which will disable all Kerberos4 support."
+msgid ""
+"By default, Kerberos V4 requests are allowed from principals that do not "
+"require preauthentication (\"nopreauth\"). This allows Kerberos V4 services "
+"to exist while requiring most users to use Kerberos V5 clients to get their "
+"initial tickets. These tickets can then be converted to Kerberos V4 tickets."
+msgstr ""
+"Por padrão, requisições Kerberos V4 são permitidas de principals que não "
+"necessitem de pré-autenticação (\"nopreauth\"). Isso permite que serviços "
+"Kerberos V4 existam enquanto requer que a maioria dos usuários "
+"usem clientes Kerberos V5 para obter seus tickets iniciais. Esses tickets "
+"podem então ser convertidos para tickets Kerberos V4."
+
+#. Type: select
+#. Description
+#. "full", "disable", and "none" are literal strings and should be left in
+#. English
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Alternatively, the mode can be set to \"full\", allowing Kerberos V4 clients "
+"to get initial tickets even when preauthentication would normally be "
+"required; to \"disable\", returning protocol version errors to all Kerberos "
+"V4 clients; or to \"none\", which tells the KDC to not respond to Kerberos "
+"V4 requests at all."
+msgstr ""
+"Alternativamente, o modo pode ser configurado para \"full\", permitindo "
+"clientes Kerberos V4 obter tickets iniciais mesmo quando a pré-autenticação "
+"é normalmente necessária; para \"disable\", retornando erros de versão de "
+"protocolo para todos os clientes Kerberos V4, ou para \"none\", que informa "
+"o KDC para não responder a requisições Kerberos V4 de nenhuma forma."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:4001
+msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+msgstr ""
+"Executar um daemon de conversão de tickets Kerberos V5 para Kerberos V4?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:4001
+msgid ""
+"The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets for "
+"programs, such as krb524init, that obtain Kerberos V4 tickets for "
+"compatibility with old applications."
+msgstr ""
+"O daemon krb524d converte tickets Kerberos V5 em tickets Kerberos V4 para "
+"programas, como o krb524init, que obtêm tickets Kerberos V4 para "
+"compatibilidade com aplicações antigas."
+
+#. Type: boolean
+#. Description
+#. "nopreauth" is a literal string and should be left in English
+#: ../krb5-kdc.templates:4001
+msgid ""
+"It is recommended to enable that daemon if Kerberos V4 is enabled, "
+"especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+msgstr ""
+"É recomendado habilitar este daemon se o Kerberos V4 é habilitado, "
+"especialmente quando a compatibilidade do Kerberos V4 é configurada para "
+"\"nopreauth\"."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:5001
+msgid "Should the KDC database be deleted?"
+msgstr "O banco de dados do KDC deve ser removido?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:5001
+#| msgid ""
+#| "By default, purging this package will not delete the KDC database in /var/"
+#| "lib/krb5kdc/principal since this database cannot be recovered once it is "
+#| "deleted. If you wish to delete your KDC database when this package is "
+#| "purged, knowing that purging this package will then mean deleting all of "
+#| "the user accounts and passwords in the KDC, enable this option."
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Por padrão, remover este pacote não irá remover o banco de dados do KDC em "
+"/var/lib/krb5kdc/principal visto que este banco de dados não pode ser "
+"recuperado uma vez removido."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:5001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Escolha esta opção se você deseja remover o banco de dados do KDC agora, "
+"removendo todas as contas de usuários e senhas no KDC."
--- krb5-1.8.1+dfsg.orig/debian/po/es.po
+++ krb5-1.8.1+dfsg/debian/po/es.po
@@ -0,0 +1,223 @@
+# krb5 po-debconf translation to Spanish
+# Copyright (C) 2006, 2008, 2009 Software in the Public Interest
+# This file is distributed under the same license as the krb5 package.
+#
+# Changes:
+# - Initial translation
+# Fernando Cerezal López , 2006
+#
+# - Updates
+# Diego Lucio D'Onofrio , 2008
+# Ignacio Mondino , 2008
+# Francisco Javier Cuadrado , 2009
+#
+# Traductores, si no conocen el formato PO, merece la pena leer la
+# documentación de gettext, especialmente las secciones dedicadas a este
+# formato, por ejemplo ejecutando:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Equipo de traducción al español, por favor lean antes de traducir
+# los siguientes documentos:
+#
+# - El proyecto de traducción de Debian al español
+# http://www.debian.org/intl/spanish/
+# especialmente las notas y normas de traducción en
+# http://www.debian.org/intl/spanish/notas
+#
+# - La guía de traducción de po's de debconf:
+# /usr/share/doc/po-debconf/README-trans
+# o http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.6.dfsg.4~beta1-10\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: 2009-03-09 18:12+0100\n"
+"Last-Translator: Francisco Javier Cuadrado \n"
+"Language-Team: Debian l10n Spanish \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Configuración de un reino de Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Este paquete contiene las herramientas administrativas necesarias para "
+"ejecutar el servidor maestro Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Sin embargo, el instalar este paquete no configura automáticamente un reino "
+"de Kerberos. Esto se puede hacer más tarde ejecutando la orden "
+"«krb5_newrealm»."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Por favor, lea también el fichero «/usr/share/doc/krb5-kdc/README.KDC» y la "
+"guía de administración que se encuentra en el paquete krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "¿Desea ejecutar el demonio de administración de Kerberos V5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind sirve peticiones para agregar/modificar/quitar principales de la "
+"base de datos de Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"El programa kpasswd necesita esto para poder cambiar las contraseñas. Con la "
+"configuración estándar, este demonio debe ejecutarse en el KDC maestro."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "¿Desea crear la configuración del KDC de Kerberos automáticamente?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Los archivos de configuración, ubicados en «/etc/krb5kdc», del centro de "
+"distribución de claves de Kerberos (KDC) se podrán crear automáticamente."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Por omisión, una plantilla de ejemplo se copiará en este directorio con los "
+"parámetros locales completados."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Los administradores que ya posean la infraestructura para manejar su "
+"configuración de Kerberos podrían querer deshabilitar estos cambios de "
+"configuración automáticos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "¿Desea eliminar la base de datos de KDC?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Por omisión, eliminar este paquete no borrará la base de datos KDC en «/var/"
+"lib/krb5kdc/principal», ya que esta base de datos no se puede recuperar una "
+"vez eliminada."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Seleccione esta opción si desea eliminar la base de datos de KDC ahora, "
+"eliminando todas las cuentas de usuarios y contraseñas en KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Modo de compatibilidad con Kerberos V4 a utilizar:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Por omisión, se permiten las peticiones Kerberos V4 desde los principales "
+#~ "que no necesiten preautenticación («nopreauth»). Esto permite que los "
+#~ "servicios de Kerberos V4 existan mientras se solicita a la mayoría de los "
+#~ "usuarios que utilicen clientes Kerberos V5 para obtener sus «tickets» "
+#~ "iniciales. Estos «tickets» se pueden convertir entonces a «tickets» de "
+#~ "Kerberos V4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Alternativamente, el modo puede ser establecido como «full», permitiendo a "
+#~ "losclientes de Kerberos V4 conseguir «tickets» iniciales aún cuando "
+#~ "normalmente se requiera preautenticación; como «disable», devolviendo "
+#~ "errores de versión de protocolo a todos los clientes de Kerberos V4; o "
+#~ "como «none», lo cual ordenará a KDC no responder nada las peticiones de "
+#~ "Kerberos V4 de ninguna forma."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "¿Desea ejecutar el demonio de conversión de «tickets» de Kerberos V5 a "
+#~ "Kerberos V4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "El demonio krb524d convierte los «tickets» de Kerberos V5 a «tickets» de "
+#~ "Kerberos V4 para que programas tales como krb524init obtengan «tickets» "
+#~ "Kerberos V4 compatibles con aplicaciones antiguas."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Es recomendable habilitar este demonio si Kerberos V4 está habilitado, "
+#~ "especialmente cuando la compatibilidad de Kerberos V4 está establecida "
+#~ "como «nopreauth»."
--- krb5-1.8.1+dfsg.orig/debian/po/fr.po
+++ krb5-1.8.1+dfsg/debian/po/fr.po
@@ -0,0 +1,203 @@
+# Translation of krb5 debconf templates to French
+# Copyright (C) 2005-2009 Debian French l10n team
+# This file is distributed under the same license as the krb5 package.
+#
+# Translators:
+# Christian Perrier , 2005, 2008, 2009.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2008-03-04 06:11+0200\n"
+"Last-Translator: Christian Perrier \n"
+"Language-Team: French \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Configuration d'un royaume (« Realm ») Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Ce paquet contient les outils d'administration utiles pour un serveur maître "
+"Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Cependant, la simple installation de ce paquet ne suffit pas pour mettre en "
+"service automatiquement un royaume Kerberos. Pour créer le royaume, veuillez "
+"utiliser la commande « krb5_newrealm »."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Vous pouvez aussi consulter le fichier /usr/share/doc/krb5-kdc/README.KDC et "
+"le guide d'administration fourni dans le paquet krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Faut-il lancer le démon d'administration de Kerberos v5 (kadmind) ?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind répond aux requêtes d'ajout, modification et suppression des "
+"enregistrements dans la base de données de Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Il est également indispensable que le programme kpasswd puisse changer les "
+"mots de passe. Habituellement, ce démon doit être opérationnel sur le "
+"centre de distribution de clés Kerberos (KDC)."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr ""
+"Faut-il créer la configuration du centre de distribution de clés Kerberos "
+"automatiquement ?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Les fichiers de configuration du centre de distribution de clés Kerberos (KDC : Key Distribution Center), "
+"situés dans /etc/krb5kdc, peuvent être créés automatiquement."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Par défaut, des fichiers d'exemples comportant des paramètres locaux seront "
+"placés dans ce répertoire."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Les administrateurs qui utilisent déjà une infrastructure de gestion de la "
+"configuration de Kerberos souhaiteront probablement désactiver toute "
+"modification automatique de la configuration."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Faut-il supprimer la base de données KDC ?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Par défaut, la suppression complète de ce paquet ne supprimera pas la base "
+"de données KDC dans /var/lib/krb5kdc/principal car cette base de données ne "
+"peut pas être récupérée une fois supprimée."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Choisissez cette option si vous souhaitez supprimer la base de données KDC "
+"maintenant, ce qui supprimera tous les comptes des utilisateurs ainsi que "
+"les mots de passe, sur le ecntre de distribution de clés Kerberos (KDC)."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Mode de compatibilité avec Kerberos v4 à utiliser :"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Par défaut, les requêtes Kerberos v4 sont autorisées pour les "
+#~ "enregistrements (« principals ») qui n'ont pas besoin de pré-"
+#~ "authentification (« nopreauth »). Cela permet que les services Kerberos v4 "
+#~ "fonctionnent mais la majorité des utilisateurs devront utiliser des "
+#~ "clients Kerberos v5 pour obtenir leurs tickets initiaux. Ces tickets "
+#~ "pourront ensuite être convertis en tickets Kerberos v4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Ce mode peut également être configuré comme complet (« full »), ce qui "
+#~ "permet aux clients Kerberos v4 d'obtenir leurs tickets initiaux même "
+#~ "lorsque la pré-authentification est requise. Un autre réglage possible "
+#~ "est de le désactiver (« disable ») ce qui renvoie une erreur de version de "
+#~ "protocole à tous les clients Kerberos v4, ou de désactiver totalement les "
+#~ "réponses aux requêtes Kerberos v4 (« none »)."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "Faut-il lancer un démon de conversion des tickets Kerberos v5 en Kerberos "
+#~ "v4 ?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "Krb524d est un démon qui permet de convertir les tickets Kerberos v5 en "
+#~ "tickets Kerberos v4 pour les programmes tels que krb524init, qui "
+#~ "obtiennent des tickets Kerberos v4 pour préserver la compatibilité avec "
+#~ "d'anciennes applications."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Ce démon est indispensable lorsque Kerberos4 est activé, notamment si le "
+#~ "mode de compatibilié est « pas de pré-authentification » (nopreauth)."
--- krb5-1.8.1+dfsg.orig/debian/po/sv.po
+++ krb5-1.8.1+dfsg/debian/po/sv.po
@@ -0,0 +1,209 @@
+# translation of krb5_1.6.dfsg.3-2_sv.po to swedish
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Martin Bagge , 2008.
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5_1.6.dfsg.3-2_sv\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: 2009-03-05 15:55+0100\n"
+"Last-Translator: Martin Bagge \n"
+"Language-Team: swedish \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"X-Poedit-Language: swedish\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Ställer in ett Kerberos realm "
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Detta paket innehåller administrationsverktygen för att köra en huvudserver "
+"av Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Att bara installera paketet ger dock inte automatiskt en fix och färdig "
+"Kerberos realm. Detta kan göras vid ett senare tillfälle genom att köra "
+"\"krb5_newrealm\"."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Läs också /usr/share/doc/krb5-kdc/README.KDC och administrationsguiden i "
+"paketet 'krb5-doc'."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Vill du köra administrationstjänsten för Kerberos V5(kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind tar emot förfrågningar om att lägga till/ändra/ta bort innehåll i "
+"Kerberosdatabasen."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"kpasswd (används för att byta lösenord) behöver den. I standardutförandet så "
+"ska den köras på huvud-KDC."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Vill du skapa Kerberos KDC-konfigurationen automatiskt?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Konfigurationsfiler för Kerberos Key Distribution Center (KDC) kan skapas "
+"automatiskt i /etc/krb5kdc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Standardutförandet är att kopiera lokala inställningar till en exempelfil "
+"kompieras som läggs i denna katalog."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Administratörer som redan har infrastruktur för att ta hand om Kerberos "
+"konfigurationsfiler kan stänga av denna automatiska körning."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Vill du radera KDC-databasen?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"I standardläget så tas bara paketfilerna bort och KDC-databasen i /var/lib/"
+"krb5kdc/principal lämnas kvar då den inte kan återskapas om den tas bort."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Välj detta alternativ om du vill ta bortKDC-databasen när paketet är "
+"borttaget. Alla användare och lösenord i KDC kommer då att tas bort."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Kompabilitetsläge för Kerberos v4-anslutningar:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Standardutförandet är att tillåta Kerberos v4-klienter som inte kräver "
+#~ "förautentisiering (\"nopreauth\"). Då kan en Kerberos v4-tjänster finnas "
+#~ "kvar men man kräver att de flesta användarna har en Kerberos v5-klient "
+#~ "som hämtar deras första biljett (eng: ticket), dessa kan sedan "
+#~ "konverteras till Kerberos v4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Du kan ange läget som \"full\"och därmed tillåta Kerberos v4-klienter att "
+#~ "skaffa sina biljetter även om förautentisiering skulle varit i bruk. "
+#~ "Eller vidare så kan läget ställas till \"avaktivera\", då sänds "
+#~ "felmeddelanden till Kerbers v4-klienterna, eller slutligen \"ingen\" som "
+#~ "anger att KDC inte ska svara alls på förfrågningar från Kerberos v4-"
+#~ "klienter."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "Vill du köra en tjänst som konverterar mellan Kerberos v5 och Kerberos v4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "Tjänsten krb524 konverterar Kerberos v5-biljetter till Kerberos v4-"
+#~ "biljetter för äldre program som inte kan läsa Kerberos v5-biljetter."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Du bör aktivera tjänsten om Kerberos v4 är aktiverat, särskilt om "
+#~ "Kerberos v4-kompabilitet är satt till \"utan förautentisiering\"."
+
+#~ msgid "disable"
+#~ msgstr "avaktivera"
+
+#~ msgid "full"
+#~ msgstr "full"
+
+#, fuzzy
+#~ msgid "nopreauth"
+#~ msgstr "utan förautentisiering (eng: nopreauth)"
+
+#~ msgid "none"
+#~ msgstr "ingen"
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "Vill du göra dig av med både datafiler och paketfiler?"
--- krb5-1.8.1+dfsg.orig/debian/po/ja.po
+++ krb5-1.8.1+dfsg/debian/po/ja.po
@@ -0,0 +1,144 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR , YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.4.4-7\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2009-03-05 23:36+0900\n"
+"Last-Translator: TANAKA, Atushi \n"
+"Language-Team: Japanese \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Kerberos レルムの設定"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"このパッケージは Kerberos のマスターサーバーを稼働させるのに必要な管理用の"
+"道具を含みます。"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"ただし、このパッケージをインストールするだけで自動的にKerberos のレルムが設定"
+"されるわけではありません。\"krb5_newrealm\" コマンドを実行することで、これを"
+"あとで行なえます。"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"/usr/share/doc/krb5-kdc/README.KDC と krb5-doc パッケージにある管理案内も読ん"
+"でください。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Kerberos5 管理デーモン (kadmind) を起動しますか?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"kadmind は Kerberos データベースのプリンシパルの追加/変更/消去の要求に応じま"
+"す。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"これは、パスワードの変更で使われる、kpasswd プログラムで必要とされます。普通"
+"の設定では、このデーモンはマスター KDC で稼働させるべきです。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Kerberos KDC の設定を自動的に作成しますか?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Kerberos Key Distribution Center (KDC) の /etc/krb5kdc にある設定ファイルは"
+"自動的に作成させることができます。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"デフォルトでは、テンプレートがこのディレクトリにコピーされ、ローカルな"
+"パラメーターの値が与えられます。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Kerberos の設定を管理するインフラが既にある場合、自動的に設定を変更させない"
+"ことを望むかもしれません。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "KDC データベースを消去すべきですか?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"デフォルトでは、このパッケージを削除しても /var/lib/krb5kdc/principal の KDC "
+"データベースは消去されません。というのも、このデータベースは一旦削除されると"
+"復活不能だからです。"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"もし、KDC データベースをすぐ消去し、KDC の全てのユーザのアカウントとパスワー"
+"ドを削除したい場合はこのオプションを選んでください。"
+
--- krb5-1.8.1+dfsg.orig/debian/po/templates.pot
+++ krb5-1.8.1+dfsg/debian/po/templates.pot
@@ -0,0 +1,122 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR , YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME \n"
+"Language-Team: LANGUAGE \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
--- krb5-1.8.1+dfsg.orig/debian/po/ru.po
+++ krb5-1.8.1+dfsg/debian/po/ru.po
@@ -0,0 +1,213 @@
+# Translation of krb5 to Russian
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+#
+# Yuri Kozlov , 2006, 2007.
+# Alyoshin Sergey , 2007, 2008, 2009.
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5_1.6.dfsg.4~beta1-10\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: 2009-03-09 00:11:57+0300\n"
+"Last-Translator: Alyoshin Sergey \n"
+"Language-Team: Russian \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
+"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Настройка области Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Этот пакет содержит управляющие инструменты, требующиеся для работы мастер-"
+"сервера Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Однако при установке пакета не выполняется автоматическая настройка области "
+"Kerberos. Это может быть сделано позже с помощью команды \"krb5_newrealm\"."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Пожалуйста, прочтите также файл /usr/share/doc/krb5-kdc/README.KDC и "
+"руководство администратора из пакета krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Запускать службу администрирования Kerberos V5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind обслуживает запросы на добавление, изменение и/или удаление "
+"принципалов в базе данных Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Он требуется программе kpasswd, используемой для изменения паролей. При "
+"стандартной установке эта служба должна работать на главном KDC."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Создать конфигурацию Kerberos KDC автоматически?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Конфигурационные файлы центра распределения ключей Kerberos (KDC) в "
+"каталоге /etc/krb5kdc могут быть созданы автоматически."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"По умолчанию в этот каталог будет скопирован образец шаблона с заполненными "
+"локальными параметрами."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Администраторы, у которых уже есть инфраструктура, обслуживаемая их "
+"конфигурацией Kerberos, возможно, не захотят выполнять автоматическое "
+"изменение конфигурации."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Удалить базу данных KDC?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"По умолчанию, удаление данного пакета не приводит к удалению базы данных KDC "
+"в /var/lib/krb5kdc/principal, так как эта база данных не может быть "
+"восстановлена после удаления."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Выберите этот параметр, если хотите удалить базу данных KDC сейчас, при этом "
+"будут удалены все пользовательские учётные записи и пароли в KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Используемый режим совместимости с Kerberos V4:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "По умолчанию, запросы Kerberos V4 разрешены от принципалов, для которых "
+#~ "не требуется предварительная аутентификация (\"nopreauth\", \"без "
+#~ "предварительной аутентификации\"). Это позволяет существовать сервисам "
+#~ "Kerberos V4, но требует от большинства пользователей использования "
+#~ "клиента Kerberos V5 для получения начальных мандатов. Затем эти мандаты "
+#~ "могут быть преобразованы в мандаты Kerberos V4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Кроме того, могут быть установлены режимы: \"full\" (\"полный\"), который "
+#~ "позволяет клиентам Kerberos V4 получить начальные мандаты, даже если "
+#~ "обычно требуется предварительная аутентификация; \"disable\" (\"отключён"
+#~ "\"), при котором всем клиентам Kerberos V4 возвращаются ошибки версии "
+#~ "протокола; \"none\" (\"никакой\"), при котором KDC вообще не отвечает на "
+#~ "запросы Kerberos V4."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr "Запустить демон преобразования мандатов Kerberos V5 в Kerberos V4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "Демон krb524d преобразует мандаты Kerberos V5 в мандаты Kerberos V4 для "
+#~ "таких программ как krb524init, которая получает мандаты Kerberos V4 для "
+#~ "совместимости со старыми приложениями."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Рекомендуется включить этот демон, если работает Kerberos V4, особенно "
+#~ "если режим совместимости Kerberos V4 установлен в \"nopreauth\" (\"без "
+#~ "предварительной аутентификации\")."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "Вычищать данные при удалении файлов пакета?"
+
+#~ msgid "disable"
+#~ msgstr "отключён"
+
+#~ msgid "full"
+#~ msgstr "полный"
+
+#~ msgid "nopreauth"
+#~ msgstr "без предварительной аутентификации"
+
+#~ msgid "none"
+#~ msgstr "никакой"
--- krb5-1.8.1+dfsg.orig/debian/po/eu.po
+++ krb5-1.8.1+dfsg/debian/po/eu.po
@@ -0,0 +1,190 @@
+# translation of krb5-eu.po to Euskara
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Piarres Beobide , 2007, 2008.
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5-eu\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2008-05-22 15:38+0200\n"
+"Last-Translator: Piarres Beobide \n"
+"Language-Team: Euskara \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Kerberos eremu bat ezartzen"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Pakete honek Kerberos zerbitzari nagusia abiarazteko lanabes "
+"administratiboak ditu."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Hala ere, pakete hau instalatzeak ez du Kerberos eremu bat automatikoki "
+"konfiguratzen. Hori beranduago egin daiteke \"krb5_newrealm\" komandoa "
+"erabiliaz."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Mesedez irakurri ere /usr/share/doc/krb5-kdc/README.KDC fitxategia eta krb5-"
+"doc paketean aurki daitekeen administrazio gidaliburua."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Kerberos 5 administrazio deabrua (kadmind) abiarazi?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind-ek Kerberos datu-baseko gehitze/eraldatze/ezabatze eskaera nagusiak "
+"zerbitzatzen ditu."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Hau pasahitzak aldatzeko erabiltzen den kpasswd programaren eskakizun bat "
+"da. Konfigurazio estandarrarekin, deabru hau KDC nagusian abiarazi behar da."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Kerberos KDC konfigurazioa automatikoki sortu?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Kerberos gako banaketa zentru (KDC) konfigurazio fitxategiak, automatikoki "
+"sortuko dira /etc/krb5kdc direktorioan."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Lehenespen bezala, parametro lokalak beterik dituen adibide txantiloi bat "
+"kopiatuko da direktorio horretan."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Kerberos konfigurazioa kudeatzeko azpiegitura duten kudeatzaileek "
+"konfigurazio aldaketa automatiko hauek ezgaitu nahi ditzakete."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "KDC datu-basea ezabatu egin behar al da?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Lehenespen bezala, pakete hu garbitzean ez da /var/lib/krb5kdc/principal-eko "
+"KDC datu-basea ezabatuko ezin bait da berreskuratu ezabatzen bada."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Aukera hau hautatu paketea garbitzean KDC datu-basea ezabatzea nahi baduzu, "
+"horrela KDC-an dauden erabiltzaile kontu eta pasahitz guztiak ezabatuko dira."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Erabiliko den Kerberos 4 bateragarritasun modua:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Lehenespen bezala, Kerberos 4 eskaerak onartzen dira aurreautentifikazioa "
+#~ "(\"nopreauth\") eskatzen ez duten nagusietatik onartzen dira. Honek "
+#~ "Kerberos 4 zerbitzuak egoteko aukera ematen du erabiltzaile gehienei "
+#~ "Kerberos 5 bezeroak eskatzen zaienean hasierako tiketak eskuratzeko. "
+#~ "Tiket horiek Kerberos 4 tiketak bihurtu daitezke."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Bestela, modua \"full\" bezala ezarri daiteke Kerberos 4 bezeroei hasiera "
+#~ "tiketak eskuratzen uzteko nahiz arruntean aurreautentifikazioa eskatuko "
+#~ "zen; \"disable\" Kerberos 4 bezeroei protokolo errore bat itzultzeko; edo "
+#~ "\"none\" bezala ezarri KDC-al Kerberos 4 eskaerei ez erantzuteko."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr "Kerberos 5-etik Kerberos 4-ra tiketak bihurtzeko deabrua abiarazi?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "krb524d deabruak Kerberos 5 tiketak Kerberos 4-ra bihurtzen ditu "
+#~ "krb524init bezala aplikazioa zaharrekin bateragarritasuna mantentzeko "
+#~ "kerberos 4 tiketak eskuratzen dituzten programentzat."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Gomendagarria da deabrua gaitzea Kerberos 4 instalaturik badago bereiziki "
+#~ "\"nopreauth\" bateragarritasun modua ezarririk badago."
--- krb5-1.8.1+dfsg.orig/debian/po/ro.po
+++ krb5-1.8.1+dfsg/debian/po/ro.po
@@ -0,0 +1,272 @@
+# translation of ro.po to Romanian
+# Romanian translation of krb5.
+# Copyright (C) 2006 THE krb5'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the krb5 package.
+#
+# Stan Ioan-Eugen , 2006.
+# Eddy Petrișor , 2008, 2009.
+msgid ""
+msgstr ""
+"Project-Id-Version: ro\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: 2009-03-12 01:34+0200\n"
+"Last-Translator: Eddy Petrișor \n"
+"Language-Team: Romanian \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
+"20)) ? 1 : 2;\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Se configurează un Domeniu Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Acest pachet conține uneltele administrative necesare pentru a rula serverul "
+"principal Kerberos."
+
+# XRO: realm e „tărâm” sau „domeniu”?
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Totuși, prin instalarea acestui pachet nu se configurează automat un domeniu "
+"Kerberos. Aceasta se poate face mai târziu rulând comanda „krb5_newrealm”."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Citiți, de asemenea, fișierul /usr/share/doc/krb5-kdc/README.KDC și ghidul "
+"de administrare din pachetul krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Se rulează demonul de administrare Kerberos V5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind servește cereri de adăugare/modificare/ștergere de directori în "
+"baza de date Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Este necesar programului kpasswd, program folosit pentru schimbarea "
+"parolelor. În configurațiile standard, acest serviciu ar trebui să ruleze pe "
+"KDC-ul principal."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Se crează automat configurația Kerberos KDC?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Fișierele de configurare ale centrului de distribuție de chei Kerberos "
+"(KDC), din /etc/krb5kdc, pot fi create automat."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"În mod implicit, un șablon-exemplu cu parametrii locali completați în el, va "
+"fi copiat în acest director."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Administratorii care dețin deja o infrastructură de management a "
+"configurației Kerberos, probabil că vor prefera să dezactiveze schimbările "
+"automate ale configurației."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Se șterge baza de date KDC?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"În mod implicit, dacă se șterge acest pachet, nu se șterge și baza de date "
+"KDC din /var/lib/krb5kdc/principal deoarece, odată ștearsă, nu poate fi "
+"recuperată."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Alegeți această opțiune, dacă doriți să ștergeți baza de date KDC acum, "
+"ștergând astfel toate conturile utilizatorilor și toate parolele din KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Modul de compatibilitate Kerberos V4 folosit:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Implicit, cererile Kerberos4 sunt permise de la directori care nu "
+#~ "necesită preautentificare („nopreauth”). Acest lucru permite existența "
+#~ "serviciilor Kerberos4 în timp ce utilizatorii trebuie să folosească "
+#~ "clienți Kerberos5 pentru a obține tichete inițiale. Aceste tichete pot fi "
+#~ "convertite în tichete pentru Kerberos V4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Există și posibilitatea ca modul selectat să fie unul din următoarele: "
+#~ "„full”, astfel permițând clienților Kerberos V4 să obțină tichetele "
+#~ "inițiale chiar și atunci când, în mod normal, ar fi necesară "
+#~ "preautentificarea; „disable” face ca toți clienții Kerberos V4 să "
+#~ "primească erori de versiune de protocol; „none” va instrui KDC-ul să nu "
+#~ "răspundă deloc clienților Kerberos V4."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "Se rulează un serviciu de conversie a tichetelor Kerberos V5 în tichete "
+#~ "Kerberos V4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "Serviciul krb524d convertește tichete Kerberos V5 în tichete Kerberos V4 "
+#~ "pentru programe precum krb524init, acestea obținând tichete Kerberos V4 "
+#~ "pentru compatibilitate cu aplicațiile vechi."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Se recomandă activarea acestui serviciu, în condițiile în care Kerberos "
+#~ "V4 este activ, mai ales când modul de compatibilitate cu Kerberos V4 este "
+#~ "configurat ca fiind „nopreauth”."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "Să se șteargă atât datele cât și fișierele pachetului?"
+
+#~ msgid ""
+#~ "This package contains the administrative tools necessary to run on the "
+#~ "Kerberos master server. However, installing this package does not "
+#~ "automatically set up a Kerberos realm. Doing so requires entering "
+#~ "passwords and as such is not well-suited for package installation. To "
+#~ "create the realm, run the krb5_newrealm command. You may also wish to "
+#~ "read /usr/share/doc/krb5-kdc/README.KDC and the administration guide "
+#~ "found in the krb5-doc package."
+#~ msgstr ""
+#~ "Acest pachet conține uneltele de administrare necesare rulării pe un "
+#~ "server master Kerberos. Totuși, instalând acest pachet nu se "
+#~ "configurează automat un domeniu Kerberos. Un asemenea lucru necesită "
+#~ "introducerea de parole operație care nu este potrivită la instalarea "
+#~ "pachetului. Pentru a crea domeniul, executați comanda krb5_newrealm. "
+#~ "Veți dori probabil să citiți și /usr/share/doc/krb5-kdc/README.KDC și "
+#~ "ghidul de administrare din pachetul krb5-doc."
+
+#~ msgid ""
+#~ "Don't forget to set up DNS information so your clients can find your KDC "
+#~ "and admin servers. Doing so is documented in the administration guide."
+#~ msgstr ""
+#~ "Nu uitați să configurați informațiile pentru DNS astfel încât clienții să "
+#~ "poată gasi serverele și KDC-ul dumneavoastră. Acest lucru este "
+#~ "documentat în ghidul de administrare."
+
+#~ msgid ""
+#~ "Kadmind serves requests to add/modify/remove principals in the Kerberos "
+#~ "database. It also must be running for the kpasswd program to be used to "
+#~ "change passwords. Normally, this daemon runs on the master KDC."
+#~ msgstr ""
+#~ "Kadmind rezolvă cereri de adăugare/modificare/îndepărtare a directorilor "
+#~ "din baza de date Kerberos. Acesta trebuie să ruleze și pentru ca "
+#~ "programul kpasswd să poată fi folosit pentru a schimba parolele. În mod "
+#~ "normal, acest demon ruleaza pe serverul master KDC."
+
+#~ msgid ""
+#~ "Many sites will wish to have this script automatically create Kerberos "
+#~ "KDC configuration files in /etc/krb5kdc. By default an example template "
+#~ "will be copied into this directory with local parameters filled in. Some "
+#~ "sites who already have infrastructure to manage their own Kerberos "
+#~ "configuration will wish to disable any automatic configuration changes."
+#~ msgstr ""
+#~ "Multe situri vor dori ca acest script să creeze automat fișierele de "
+#~ "configurare Kerberos KDC în /etc/krb5kdc. Implicit un șablon va fi "
+#~ "copiat în acest director, cu parametrii locali completați. Unele situri "
+#~ "care au deja o infrastructură pentru a administra configurațiile Kerberos "
+#~ "vor dori să dezactiveze orice modificare automată a configurației."
+
+#~ msgid "disable, full, nopreauth, none"
+#~ msgstr "dezactivat, complet, fără preautentificare, nici unul"
+
+#~ msgid "Run a krb524d?"
+#~ msgstr "Se rulează krb524d?"
+
+#~ msgid ""
+#~ "Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 "
+#~ "tickets for the krb524init program. If you have Kerberos4 enabled at "
+#~ "all, then you probably want to run this program. Especially when "
+#~ "Kerberos4 compatibility is set to nopreauth, krb524d is important if you "
+#~ "have any Kerberos4 services."
+#~ msgstr ""
+#~ "Krb524d este un demon care convertește tichetele Kerberos5 în tichete "
+#~ "Kerberos4 pentru programul krb524init. Dacă aveți activat Kerberos4 "
+#~ "atunci probabil că veți dori să rulați acest program. Krb524 este "
+#~ "important dacă aveți servicii Kerberos4, în special dacă modulu de "
+#~ "compatibilitate Kerberos4 este fără preautentificare."
--- krb5-1.8.1+dfsg.orig/debian/po/POTFILES.in
+++ krb5-1.8.1+dfsg/debian/po/POTFILES.in
@@ -0,0 +1,2 @@
+[type: gettext/rfc822deb] krb5-admin-server.templates
+[type: gettext/rfc822deb] krb5-kdc.templates
--- krb5-1.8.1+dfsg.orig/debian/po/da.po
+++ krb5-1.8.1+dfsg/debian/po/da.po
@@ -0,0 +1,229 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans#
+# Developers do not need to manually edit POT or PO files.
+#
+# Claus Hindsgaul , 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2006-01-26 21:55+0100\n"
+"Last-Translator: Claus Hindsgaul \n"
+"Language-Team: Danish \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.1\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Stter et Kerberos-rige op"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+#, fuzzy
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Skal Kerberos5-administrationsdmonen (kadmind) kres?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+#, fuzzy
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Opret Kerberos KDC-opstning med debconf?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+#, fuzzy
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Som udgangspunkt vil KDC-databasen i /var/lib/krb5kdc/principal ikke blive "
+"slettet, nr pakken afinstalleres, da denne database ikke kan genskabes, nr "
+"den er slettet. Hvis du nsker at slette din KDC-database, nr denne pakke "
+"afinstalleres, vel vidende at det betyder at alle dine brugerkonti og "
+"adgangskoder i KDC'en dermed bliver slettet ved afinstallation, skal du "
+"aktivere denne indstilling."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+
+#, fuzzy
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Kerberos4-kompatibilitetstilstand, der skal benyttes:"
+
+#, fuzzy
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Som udgangspunkt tillades Kerberos4-foresprgsler fra elementer, der ikke "
+#~ "krver pr-autentifikation. Det vil gre det muligt at bevare Kerberos4-"
+#~ "services, mens de fleste brugere tvinges til at bruge Kerberos5-klienter "
+#~ "til at opn deres frste billetter. Disse billetter kan derefter omsttes "
+#~ "til Kerberos4-billeter. Alternativt kan man vlge fuld tilstand, som "
+#~ "tillader Kerberos4 at f de frste billetter, selvom prautentifikation "
+#~ "normalt ville have vret pkrvet, eller vlge at deaktivere, hvilket vil "
+#~ "deaktivere al understttelse af Kerberos4."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "Skal data slettes, nr pakkens afinstalleres?"
+
+#~ msgid ""
+#~ "This package contains the administrative tools necessary to run on the "
+#~ "Kerberos master server. However, installing this package does not "
+#~ "automatically set up a Kerberos realm. Doing so requires entering "
+#~ "passwords and as such is not well-suited for package installation. To "
+#~ "create the realm, run the krb5_newrealm command. You may also wish to "
+#~ "read /usr/share/doc/krb5-kdc/README.KDC and the administration guide "
+#~ "found in the krb5-doc package."
+#~ msgstr ""
+#~ "Denne pakke indeholder de ndvendige administrationsvrktjer til krsel "
+#~ "p Kerberos-hovedserveren. Installationen af denne pakke stter dog ikke "
+#~ "automatisk et Kerberos-rige ('realm') op. Det krver indtastning af "
+#~ "adgangskoder, hvilket ikke egner sig til pakkeinstallationen. For at "
+#~ "oprette riget, skal du udfre kommandoen krb5_newrealm. Du kan ogs lse /"
+#~ "usr/share/doc/krb5-kdc/README.KDC og administrationsguiden i pakken krb5-"
+#~ "doc."
+
+#~ msgid ""
+#~ "Don't forget to set up DNS information so your clients can find your KDC "
+#~ "and admin servers. Doing so is documented in the administration guide."
+#~ msgstr ""
+#~ "Glem ikke at stte DNS-oplysningerne op, s dine klienter kan finde dine "
+#~ "KDC- og admin-servere. Fremgangsmden er dokumenteret i "
+#~ "administrationsguiden."
+
+#~ msgid ""
+#~ "Kadmind serves requests to add/modify/remove principals in the Kerberos "
+#~ "database. It also must be running for the kpasswd program to be used to "
+#~ "change passwords. Normally, this daemon runs on the master KDC."
+#~ msgstr ""
+#~ "Kadmind hndterer foresprgsler om at tilfje/ndre/fjerne elementer i "
+#~ "Kerberos-databasen. Den skal kre for at kpasswd-programmet kan benyttes "
+#~ "til at ndre adgangskoder. Normalt krer denne dmon p hoved-KDC'en."
+
+#~ msgid ""
+#~ "Many sites will wish to have this script automatically create Kerberos "
+#~ "KDC configuration files in /etc/krb5kdc. By default an example template "
+#~ "will be copied into this directory with local parameters filled in. Some "
+#~ "sites who already have infrastructure to manage their own Kerberos "
+#~ "configuration will wish to disable any automatic configuration changes."
+#~ msgstr ""
+#~ "Mange vil vlge at lade dette script oprette Kerberos KDC-opstningsfiler "
+#~ "i /etc/krb5kdc automatisk. Som udgangspunkt vil en eksempel-skabelon "
+#~ "blive kopieret til denne mappe med lokale paremetre udfyldt p forhnd. "
+#~ "Dem, der allerede har infrastruktur til at hndtere deres egen Kerberos-"
+#~ "opstning, kan vlge at deaktivere alle automatiske nderinger i "
+#~ "opstningen."
+
+#~ msgid "disable, full, nopreauth, none"
+#~ msgstr "deaktivr, fuld, ejpraut, ingen"
+
+#~ msgid "Run a krb524d?"
+#~ msgstr "Kr en krb524d?"
+
+#~ msgid ""
+#~ "Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 "
+#~ "tickets for the krb524init program. If you have Kerberos4 enabled at "
+#~ "all, then you probably want to run this program. Especially when "
+#~ "Kerberos4 compatibility is set to nopreauth, krb524d is important if you "
+#~ "have any Kerberos4 services."
+#~ msgstr ""
+#~ "Krb524d er en dmon, der omstter Kerberos5-billetter til Kerberos4-"
+#~ "billetter til programmet krb524init. Hvis du overhovedet har aktiveret "
+#~ "Kerberos4, skal du sikkert kre dette program. krb524d er isr vigtig, "
+#~ "hvis Kerberos4-kompatibiliteten er sat til ejpraut, og du har Kerberos4-"
+#~ "services krende."
--- krb5-1.8.1+dfsg.orig/debian/po/pt.po
+++ krb5-1.8.1+dfsg/debian/po/pt.po
@@ -0,0 +1,278 @@
+# Portuguese translation for krb5's debconf messages
+# Copyright (C) 2007 Miguel Figueiredo
+# This file is distributed under the same license as the krb5 package.
+# Miguel Figueiredo , 2007-2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.4.4-6\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: 2009-03-09 19:50+0000\n"
+"Last-Translator: Miguel Figueiredo \n"
+"Language-Team: Portuguese \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Configurar um Reino Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Este pacote contém as ferramentas administrativas necessárias para correr o "
+"servidor mestre Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"No entanto, instalar este pacote não configura automaticamente um reino "
+"Kerberos. Isto pode ser feito posteriormente ao correr o comando "
+"\"krb5_newrealm\"."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Por favor leia o ficheiro /usr/share/doc/krb5-kdc/README.KDC e o guia de "
+"administração que se encontra no pacote krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Correr o daemon de administração (kadmind) do Kerberos V5?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"O Kadmind serve pedidos para acrescentar/modificar/remover conteúdos na base "
+"de dados do Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Isto é necessário para o programa kpasswd, utilizado para alterar palavras-"
+"passe. Com as configurações standard, este daemon deve correr no KDC mestre."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Criar automaticamente a configuração do KDC Kerberos?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Os ficheiros de configuração do Kerberos Key Distribution Center (KDC), em /"
+"etc/krb5kdc, podem ser criados automaticamente."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Por pré-definição, será copiado um exemplo de modelo para este directório "
+"com os parâmetros locais preenchidos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Os administradores que já tenham uma infraestrutura para gerir a sua "
+"configuração do Kerberos podem desejar desabilitar estas mudanças de "
+"configuração automática."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Deve a base de dados KDC ser apagada?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Por pré-definição, remover este pacote não irá apagar a base de dados do KDC "
+"em /var/lib/krb5kdc/principal já que a base de dados não pode ser recuperada "
+"depois de apagada."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Escolha esta opção se deseja apagar agora a base de dados KDC, apagando "
+"todas as contas e palavras-passe de utilizadores no KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Modo de compatibilidade Kerberos V4 a utilizar:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Por pré-definição, os pedidos Kerberos V4 são permitidos a partir de "
+#~ "conteúdos que não necessitem de pré-autenticação (\"nopreauth\"). Isto "
+#~ "permite que existam serviços Kerberos V4 enquanto que requer que a "
+#~ "maioria dos utilizadores utilizem clientes Kerberos V5 para obter os seus "
+#~ "tickets iniciais. Estes tickets podem então ser convertidos para tickets "
+#~ "Kerberos V4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Alternativamente, o modo pode ser definido para \"full\", permitindo a "
+#~ "clientes Kerberos V4 obter os tickets iniciais mesmo quando a pré-"
+#~ "autenticação seria normalmente necessária; para \"disable\", retornando "
+#~ "erros de versão de protocolo para todos os clientes Kerberos V4; ou para "
+#~ "\"none\", que diz ao KDC para não responder a nenhum pedido Kerberos V4."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "Correr um daemon de conversão de tickets de Kerberos V5 para Kerberos V4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "O daemon krb524d converte tickets Kerberos V5 para tickets Kerberos V4 "
+#~ "para programas, tais como o krb524init, que obtém tickets Kerberos V4 "
+#~ "para compatibilidade com aplicativos antigos."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "É recomendado habilitar este daemon se o Kerberos V4 estiver habilitado, "
+#~ "especialmente quando a compatibilidade Kerberos V4 estiver definida para "
+#~ "\"nopreauth\"."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "Devem os dados ser purgados assim como os ficheiros do pacote?"
+
+#~ msgid "disable"
+#~ msgstr "desabilitar"
+
+#~ msgid "full"
+#~ msgstr "total"
+
+#~ msgid "nopreauth"
+#~ msgstr "nopreauth"
+
+#~ msgid "none"
+#~ msgstr "nenhum"
+
+#~ msgid ""
+#~ "This package contains the administrative tools necessary to run on the "
+#~ "Kerberos master server. However, installing this package does not "
+#~ "automatically set up a Kerberos realm. Doing so requires entering "
+#~ "passwords and as such is not well-suited for package installation. To "
+#~ "create the realm, run the krb5_newrealm command. You may also wish to "
+#~ "read /usr/share/doc/krb5-kdc/README.KDC and the administration guide "
+#~ "found in the krb5-doc package."
+#~ msgstr ""
+#~ "Este pacote contém ferramentas administrativas necessárias para correr no "
+#~ "servidor master de Kerberos. No entanto, instalar este pacote não "
+#~ "configura automaticamente um reino Kerberos. Fazê-lo necessita que sejam "
+#~ "introduzidas palavras-chaves e tal não é indicado para a instalação de "
+#~ "pacotes. Para criar o reino, corra o comando krb5_newrealm. Também "
+#~ "poderá querer ler /usr/share/doc/krb5-kdc/README.KDC e o guia de "
+#~ "administração que se encontra no pacote krb5-doc."
+
+#~ msgid ""
+#~ "Don't forget to set up DNS information so your clients can find your KDC "
+#~ "and admin servers. Doing so is documented in the administration guide."
+#~ msgstr ""
+#~ "Não se esqueça de configurar a informação de DNS para que os seus "
+#~ "clientes possam encontrar os servidores de administração e de KDC. Como "
+#~ "o fazer está documentado no guia de administração."
+
+#~ msgid ""
+#~ "Kadmind serves requests to add/modify/remove principals in the Kerberos "
+#~ "database. It also must be running for the kpasswd program to be used to "
+#~ "change passwords. Normally, this daemon runs on the master KDC."
+#~ msgstr ""
+#~ "O kadmind serve pedidos para acrescentar/modificar/remover principais na "
+#~ "base de dados Kerberos. Terá que estar a correr para que o programa "
+#~ "kpasswd possa ser usado para alterar palavras-chave. Normalmente este "
+#~ "daemon corre no KDC master."
+
+#~ msgid ""
+#~ "Many sites will wish to have this script automatically create Kerberos "
+#~ "KDC configuration files in /etc/krb5kdc. By default an example template "
+#~ "will be copied into this directory with local parameters filled in. Some "
+#~ "sites who already have infrastructure to manage their own Kerberos "
+#~ "configuration will wish to disable any automatic configuration changes."
+#~ msgstr ""
+#~ "Muitos sites irão querer ter este script a criar automaticamente os "
+#~ "ficheiros de configuração Kerberos KDC em /etc/krb5kdc. Por omissão, "
+#~ "será copiado um modelo de exemplo para este directório com os parâmetros "
+#~ "locais preenchidos. Alguns sites que já têm infra-estrutura para gerir a "
+#~ "sua própria configuração Kerberos irão querer desabilitar as alterações "
+#~ "automáticas de configuração."
+
+#~ msgid "disable, full, nopreauth, none"
+#~ msgstr "disable, full, nopreauth, none"
+
+#~ msgid "Run a krb524d?"
+#~ msgstr "Correr um krb524d?"
+
+#~ msgid ""
+#~ "Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 "
+#~ "tickets for the krb524init program. If you have Kerberos4 enabled at "
+#~ "all, then you probably want to run this program. Especially when "
+#~ "Kerberos4 compatibility is set to nopreauth, krb524d is important if you "
+#~ "have any Kerberos4 services."
+#~ msgstr ""
+#~ "Krb524d é um daemon que converte tickets Kerberos5 para tickets Kerberos4 "
+#~ "para o programa krb524init. Se tem o Kerberos4 habilitado, então "
+#~ "provavelmente quererá correr este programa. Especialmente quando a "
+#~ "compatibilidade Kerberos4 está definida para nopreauth, krb524d é "
+#~ "importante se tem quaisquer serviços Kerberos4."
--- krb5-1.8.1+dfsg.orig/debian/po/it.po
+++ krb5-1.8.1+dfsg/debian/po/it.po
@@ -0,0 +1,145 @@
+# Italian (it) translation of debconf templates for krb5
+# Copyright (C) 2008 Software in the Public Interest
+# This file is distributed under the same license as the krb5 package.
+# Luca Monducci , 2008-2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.6.dfsg.3 italian debconf templates\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2009-03-10 21:41+0100\n"
+"Last-Translator: Luca Monducci \n"
+"Language-Team: Italian \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Impostazione di un Realm Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Questo pacchetto contiene gli strumenti d'amministrazione necessari per "
+"l'esecuzione del server principale Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Comunque l'installazione di questo pacchetto non comporta la configurazione "
+"automatica di un realm Kerberos, che può essere fatta in seguito usando il "
+"comando \"krb5_newrealm\"."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Leggere anche il file /usr/share/doc/krb5-kdc/README.KDC e la guida per "
+"l'amministrazione, entrambi contenuti nel pacchetto krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Attivare il demone di amministrazione Kerberos V5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmin evade le richieste di inserimento/modifica/rimozione dei principal "
+"nel database Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Questo servizio è necessario per il programma kpasswd, usato per cambiare le "
+"password. Con la configurazione standard, questo demone viene eseguito sul "
+"KDC principale."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Creare automaticamente la configurazione del KDC Kerberos?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"I file di configurazione del KDC (Key Distribution Center) Kerberos, in /etc"
+"/krb5kdc, possono essere creati automaticamente."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Un modello d'esempio verrà copiato all'interno di quella directory con la "
+"parte relativa ai parametri locali già compilata."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Gli amministratori che hanno già un'infrastruttura per la gestione della "
+"configurazione di Kerberos potrebbero voler disabilitare le modifiche "
+"automatiche della configurazione."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Eliminare il database del KDC?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Normalmente la rimozione di questo pacchetto non elimina il database del KDC "
+"in /var/lib/krb5kdc/principal poiché questo database non può essere "
+"ripristinato una volta cancellato."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Scegliere questa opzione se si desidera eliminare adesso il database del "
+"KDC, perdendo tutti gli account e le password degli utenti nel KDC."
--- krb5-1.8.1+dfsg.orig/debian/po/cs.po
+++ krb5-1.8.1+dfsg/debian/po/cs.po
@@ -0,0 +1,233 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-03-12 15:40-0700\n"
+"PO-Revision-Date: 2009-03-07 20:26+0100\n"
+"Last-Translator: Miroslav Kure \n"
+"Language-Team: Czech \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Nastavení Kerberovy říše"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Tento balík obsahuje nezbytné administrativní nástroje pro běh hlavního "
+"kerberovského serveru."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Pouhou instalací tohoto balíku se však Kerberova říše nenastaví. Pro "
+"vytvoření říše spusťte po instalaci příkaz „krb5_newrealm“."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Také je vhodné si přečíst soubor /usr/share/doc/krb5-kdc/README.KDC a "
+"příručku administrátora v balíku krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Spustit administrační daemon Kerbera v5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind obsluhuje požadavky na přidání/změnu/smazání záznamů v databázi "
+"Kerbera."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Také je vyžadován programem kpasswd, který se používá pro změnu hesel. Tento "
+"daemon obvykle běží na hlavním KDC."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Vytvořit nastavení KDC automaticky?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Konfigurační soubory KDC (Kerberos Key Domain Controller) v /etc/krb5kdc "
+"mohou být vytvořeny automaticky."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Standardně se do tohoto adresáře nakopíruje ukázková šablona s "
+"předvyplněnými lokálními údaji."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Administrátoři, kteří již disponují infrastrukturou pro správu konfigurace "
+"Kerbera, budou nejspíš chtít tyto automatické změny v konfiguraci zakázat."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Má se smazat KDC databáze?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Ve výchozím nastavení se při odstranění balíku ze systému nesmaže KDC "
+"databáze ve /var/lib/krb5kdc/principal, protože ji po smazání nelze obnovit."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Chcete-li nyní smazat KDC databázi, tuto volbu povolte. Smazáním databáze se "
+"odstraní všechny uživatelské účty a všechna hesla v KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Režim zpětné kompatibility s Kerberem v4:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Ve výchozím nastavení jsou povoleny požadavky z Kerbera v4, které "
+#~ "nevyžadují předautentizaci („nopreauth“). To umožňuje, aby existovaly "
+#~ "služby Kerbera v4, ovšem vyžaduje, aby většina klientů používala pro "
+#~ "získání prvotního lístku klienta Kerbera v5. Tyto lístky pak mohou být "
+#~ "přeměněny na lístky Kerbera v4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Volitelně můžete zapnout plnou podporu („full“), což umožní klientům "
+#~ "Kerbera v4 získat prvotní lístky i když by normálně byla vyžadována "
+#~ "předautentizace. Možnost zakázat („disable“) bude všem klientům Kerbera "
+#~ "v4 vracet chyby o nepodporované verzi, režim žádný („none“) znamená, že "
+#~ "Kerberos nebude na tyto požadavky odpovídat vůbec."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr "Spustit daemon pro konverzi lístků Kerbera v5 na lístky Kerbera v4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "Daemon krb524d převádí lístky z Kerbera5 na lístky Kerbera4 pro programy "
+#~ "typu krb524init, které vyžadují lístky Kerbera v4 pro zajištění "
+#~ "kompatibility se staršími aplikacemi."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Jestliže používáte aplikace pro Kerbera v4, doporučuje se povolit i "
+#~ "tohoto daemona, obzvláště pokud je kompatibilita s Kerberem v4 nastavena "
+#~ "na „nopreauth“."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "Mají se při úplném odstranění balíku smazat i data?"
+
+#~ msgid "disable"
+#~ msgstr "zakázat"
+
+#~ msgid "full"
+#~ msgstr "plný"
+
+#~ msgid "nopreauth"
+#~ msgstr "nopreauth"
+
+#~ msgid "none"
+#~ msgstr "žádný"
+
+#~ msgid ""
+#~ "Don't forget to set up DNS information so your clients can find your KDC "
+#~ "and admin servers. Doing so is documented in the administration guide."
+#~ msgstr ""
+#~ "Nezapomeňte nastavit DNS, aby klienti mohli najít váš KDC a "
+#~ "administrátorské servery. Vše je popsáno v příručce administrátora."
+
+#~ msgid ""
+#~ "Many sites will wish to have this script automatically create Kerberos "
+#~ "KDC configuration files in /etc/krb5kdc. By default an example template "
+#~ "will be copied into this directory with local parameters filled in. Some "
+#~ "sites who already have infrastructure to manage their own Kerberos "
+#~ "configuration will wish to disable any automatic configuration changes."
+#~ msgstr ""
+#~ "Mnoho správců bude chtít, aby za ně debconf provedl počáteční nastavení "
+#~ "kerberova KDC v /etc/krb5kdc. Standardně se do tohoto adresáře zkopíruje "
+#~ "šablona s předvyplněnými parametry. Některé servery, které již mají svou "
+#~ "vlastní infrastrukturu pro správu Kerbera, asi tuto automatickou "
+#~ "konfiguraci nepovolí, aby se jim nepřepsalo nastavení."
--- krb5-1.8.1+dfsg.orig/debian/po/fi.po
+++ krb5-1.8.1+dfsg/debian/po/fi.po
@@ -0,0 +1,140 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5_1.6.dfsg.3~beta1-2\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2009-03-14 20:56+0200\n"
+"Last-Translator: Esko Arajärvi \n"
+"Language-Team: Finnish \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Finnish\n"
+"X-Poedit-Country: FINLAND\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Kerberos-toimialueen asetus"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Tämä paketti sisältää Kerberos-isäntäpalvelimen pidossa tarvittavat "
+"ylläpitotyökalut."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Paketin asentaminen ei kuitenkaan automaattisesti aseta Kerberos-"
+"toimialuetta. Tämä voidaan tehdä myöhemmin ajamalla komento ”krb5_newrealm”."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Lue myös /usr/share/doc/krb5-kdc/README.KDC ja paketista krb5-doc löytyvä "
+"ylläpito-opas."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Ajetaanko Kerberos V5 -ylläpitotaustaohjelmaa (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind palvelee pyyntöjä lisätä, muuttaa tai poistaa käyttäjiä Kerberos-"
+"tietokannasta."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Salasanojen vaihtoon käytetty ohjelma kpasswd vaatii tämän. Normaaleissa "
+"asennuksissa taustaohjelmaa tulisi ajaa isäntä-KDC:llä."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Luodaanko Kerberos KDC -asetukset automaattisesti?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Kerberos-avainten jakokeskuksen (Kerberos Key Distribution Center, KDC) "
+"hakemistossa /etc/krb5kdc olevat asetustiedostot voidaan luoda "
+"automaattisesti."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Oletuksena mallitiedosto kopioidaan tähän hakemistoon ja siihen lisätään "
+"paikalliset parametrit."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Ylläpitäjät, joilla on jo järjestelmä Kerberos-asetustensa hallitsemiseen, "
+"saattavat haluta poistaa käytöstä tämän asetusten automaattisen muokkaamisen."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Tulisiko KDC-tietokanta poistaa?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Tämän paketin siivoaminen ei oletuksena poista hakemistossa /var/lib/krb5kdc/"
+"principal olevaa KDC-tietokantaa, koska tätä tietokantaa ei voida palauttaa "
+"kun se kerran on poistettu."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Valitse tämä vaihtoehto, jos KDC-tietokanta halutaan poistaa nyt. Tällöin "
+"poistetaan kaikki KDC:n käyttäjätunnukset ja salasanat."
--- krb5-1.8.1+dfsg.orig/debian/po/de.po
+++ krb5-1.8.1+dfsg/debian/po/de.po
@@ -0,0 +1,285 @@
+# Translation of krb5 debconf templates to German
+# Copyright (C):
+# Jens Nachtigall , 2005.
+# Helge Kreutzmann , 2007-2009.
+# This file is distributed under the same license as the krb5 package.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5 1.6.dfsg.4~beta1-10\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2009-03-05 22:45+0100\n"
+"Last-Translator: Helge Kreutzmann \n"
+"Language-Team: de \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-15\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Einrichten des Kerberos-Realm"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Dieses Paket enthlt die administrativen Werkzeuge, die zum Betrieb des "
+"Kerberos-Master-Servers bentigt werden."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Allerdings fhrt die Installation dieses Pakets nicht automatisch zur "
+"Einrichtung einer Kerberos-Realm. Dies kann spter mit dem Befehl "
+"krb5_newrealm erfolgen."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Bitte lesen Sie auch die Datei /usr/share/doc/krb5-kdc/README.KDC und den "
+"administrativen Leitfaden im krb5-doc-Paket."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Soll der Kerberos V5-Administrations-Daemon (kadmind) laufen?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind bedient Anfragen, um Prinzipale in der Kerberos-Datenbank "
+"hinzuzufgen/zu verndern/zu entfernen."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Es wird vom Kpasswd-Programm bentigt, dass zum ndern von Passwrtern "
+"verwendet wird. Im Normalfall sollte der Daemon auf dem Master-KDC laufen."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Die Kerberos-KDC-Konfiguration automatisch erstellen?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Die Konfigurationsdateien des Kerberos Key Distribution Center (KDC) in /etc/"
+"krb5kdc knnen automatisch erstellt werden."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Standardmig wird eine Beispielvorlage in dieses Verzeichnis kopiert, in "
+"der lokale Parameter eingetragen sind."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Administratoren, die bereits ber eine Infrastruktur zur Verwaltung ihrer "
+"Kerberos-Konfiguration verfgen, mchten diese automatischen "
+"Konfigurationsnderungen eventuell deaktivieren."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Soll die KDC-Datenbank gelscht werden?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Standardmig wird whrend des Entfernens des Paketes die KDC-Datenbank in /"
+"var/lib/krb5kdc/principal nicht entfernt, da diese Datenbank nicht "
+"wiederhergestellt werden kann, nachdem sie gelscht wurde."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Whlen Sie diese Option, falls Sie mchten, dass die KDC-Datenbank jetzt "
+"gelscht werden soll. Dies lscht alle Benutzerkonten und Passwrter in dem "
+"KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Zu benutzender Kerberos V4-Kompatibilitts-Modus:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Standardmig werden Kerberos V4-Anfragen von Prinzipalen erlaubt, die "
+#~ "keine vorherige Authentifizierung bentigen (nopreauth). Das ermglicht "
+#~ "Kerberos V4-Dienste zu betreiben, whrend gleichzeitig die meisten "
+#~ "Benutzer Kerberos V5-Clients verwenden mssen, um ihr anfngliches Ticket "
+#~ "zu bekommen. Diese Tickets knnen in Kerberos V4-Tickets umgewandelt "
+#~ "werden. "
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "Alternativ kann der Modus auch auf full gesetzt werden, wodurch Kerberos "
+#~ "V4-Clients anfngliche Tickets ohne vorherige Authentifizierung erhalten "
+#~ "knnen, selbst wenn prauth normalerweise ntig wre. Eine weitere "
+#~ "Mglichkeit ist disable, wobei dann Protokollversionsfehler an alle "
+#~ "Kerberos V4-Clients gesandt werden und none, der den KDC anweist, auf "
+#~ "Kerberos V4-Anfragen berhaupt nicht zu reagieren."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr "Einen Kerberos V5-auf-V4 Ticket-Konvertier-Daemon betreiben?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "Der Krb524d-Daemon konvertiert V5-Tickets in V4-Tickest fr Programme wie "
+#~ "Krb524init, die Kerberos V4-Tickets zur Kompatibilitt fr ltere "
+#~ "Anwendungen besorgen."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Es wird empfohlen, diesen Daemon zu aktivieren, falls Kerberos V4 "
+#~ "aktiviert ist, insbesondere wenn Kerberos V4-Kompatibilitt auf "
+#~ "nopreauth gesetzt ist."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr ""
+#~ "Sollen die Daten genauso wie die Paket-Dateien vollstndig entfernt "
+#~ "werden?"
+
+#~ msgid "disable"
+#~ msgstr "deaktivieren"
+
+#~ msgid "full"
+#~ msgstr "komplett"
+
+#~ msgid "nopreauth"
+#~ msgstr "nopreauth"
+
+#~ msgid "none"
+#~ msgstr "keinen"
+
+#~ msgid ""
+#~ "This package contains the administrative tools necessary to run on the "
+#~ "Kerberos master server. However, installing this package does not "
+#~ "automatically set up a Kerberos realm. Doing so requires entering "
+#~ "passwords and as such is not well-suited for package installation. To "
+#~ "create the realm, run the krb5_newrealm command. You may also wish to "
+#~ "read /usr/share/doc/krb5-kdc/README.KDC and the administration guide "
+#~ "found in the krb5-doc package."
+#~ msgstr ""
+#~ "Dieses Paket enthlt die administrativen Werkzeuge, die fr den Kerberos-"
+#~ "Masterserver bentigt werden. Die Installation dieses Pakets bedeutet "
+#~ "jedoch nicht, dass der Kerberos-Realm automatisch eingerichtet wird. Dazu "
+#~ "wre die Eingabe von Passwrtern notwendig und deshalb ist dies nicht "
+#~ "sonderlich fr die Paket-Installation geeignet. Um den Realm zu "
+#~ "erstellen, fhren Sie bitte den Befehl krb5_newrealm aus. Lesen Sie "
+#~ "eventuell auch /usr/share/doc/krb5-kdc/README.KDC oder den "
+#~ "Administrations-Leitfaden, welcher im Paket krb5-doc zu finden ist."
+
+#~ msgid ""
+#~ "Don't forget to set up DNS information so your clients can find your KDC "
+#~ "and admin servers. Doing so is documented in the administration guide."
+#~ msgstr ""
+#~ "Vergessen Sie nicht DNS einzurichten, damit Ihre Clients auch Ihre KDC- "
+#~ "und Admin-Server finden. Wie Sie dazu vorgehen mssen, steht im "
+#~ "Administrations-Leitfaden."
+
+#~ msgid ""
+#~ "Kadmind serves requests to add/modify/remove principals in the Kerberos "
+#~ "database. It also must be running for the kpasswd program to be used to "
+#~ "change passwords. Normally, this daemon runs on the master KDC."
+#~ msgstr ""
+#~ "Kadmind beantwortet Anfragen um Principals in die Kerberos-Datenbank "
+#~ "einzufgen, zu verndern oder aus der Datenbank zu entfernen. Kadmind "
+#~ "muss laufen, damit das Programm kpasswd in der Lage ist, Passwrter zu "
+#~ "verndern. Normalerweise luft dieser Daemon auf dem Master-KDC."
+
+#~ msgid ""
+#~ "Many sites will wish to have this script automatically create Kerberos "
+#~ "KDC configuration files in /etc/krb5kdc. By default an example template "
+#~ "will be copied into this directory with local parameters filled in. Some "
+#~ "sites who already have infrastructure to manage their own Kerberos "
+#~ "configuration will wish to disable any automatic configuration changes."
+#~ msgstr ""
+#~ "Viele Sites werden es bevorzugen, wenn dieses Skript automatisch die "
+#~ "Kerberos-KDC-Konfigurationsdateien in /etc/krb5kdc erstellt. "
+#~ "Standardmig wird eine Beispiel-Vorlage in dieses Verzeichnis kopiert "
+#~ "und mit lokalen Parametern ausgefllt. Einige Sites, welche bereits die "
+#~ "Infrastruktur besitzen um Ihre eigene Kerberos-Konfiguration zu "
+#~ "verwalten, werden es bevorzugen, jede automatische Vernderung der "
+#~ "Konfiguration zu deaktivieren."
+
+#~ msgid "disable, full, nopreauth, none"
+#~ msgstr "deaktivieren, total, ohne vorherige Authenfizierung, keiner"
+
+#~ msgid "Run a krb524d?"
+#~ msgstr "Soll krb524d laufen?"
+
+#~ msgid ""
+#~ "Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 "
+#~ "tickets for the krb524init program. If you have Kerberos4 enabled at "
+#~ "all, then you probably want to run this program. Especially when "
+#~ "Kerberos4 compatibility is set to nopreauth, krb524d is important if you "
+#~ "have any Kerberos4 services."
+#~ msgstr ""
+#~ "Krb524d ist ein Daemon, der Kerberos5-Tickets fr das Programm krb524init "
+#~ "in Kerberos4-Tickets umwandelt. Haben Sie Kerberos4 aktiviert, dann "
+#~ "sollten Sie wahrscheinlich diesen Dienst laufen lassen. Insbesondere wenn "
+#~ "der Kerberos4-Kompatibilitts-Modus auf ohne vorherige Authentifizierung "
+#~ "gesetzt ist, ist krb524d wichtig, wenn Sie irgendwelche Kerberos4-Dienste "
+#~ "haben."
--- krb5-1.8.1+dfsg.orig/debian/po/gl.po
+++ krb5-1.8.1+dfsg/debian/po/gl.po
@@ -0,0 +1,281 @@
+# Galician translation of krb5's debconf templates.
+# This file is distributed under the same license as the krb5 package.
+#
+# Jacobo Tarrio , 2006, 2007.
+# marce villarino , 2009.
+msgid ""
+msgstr ""
+"Project-Id-Version: krb5\n"
+"Report-Msgid-Bugs-To: krb5@packages.debian.org\n"
+"POT-Creation-Date: 2009-02-21 13:55-0500\n"
+"PO-Revision-Date: 2009-03-12 17:14-0700\n"
+"Last-Translator: marce villarino \n"
+"Language-Team: Galician \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 0.2\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid "Setting up a Kerberos Realm"
+msgstr "Configuración dun reino Kerberos"
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"This package contains the administrative tools required to run the Kerberos "
+"master server."
+msgstr ""
+"Este paquete contén as ferramentas administrativas precisas para que "
+"funcione o servidor mestre de Kerberos."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"However, installing this package does not automatically set up a Kerberos "
+"realm. This can be done later by running the \"krb5_newrealm\" command."
+msgstr ""
+"Porén, ao instalar este paquete non se configura automaticamente un "
+"reino Kerberos. Isto pódese facer despois executando a orde «krb5_newrealm"
+"»."
+
+#. Type: note
+#. Description
+#: ../krb5-admin-server.templates:2001
+msgid ""
+"Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the "
+"administration guide found in the krb5-doc package."
+msgstr ""
+"Consulte tamén o ficheiro /usr/share/doc/krb5-kdc/README.KDC e a guía do "
+"administrador que hai no paquete krb5-doc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid "Run the Kerberos V5 administration daemon (kadmind)?"
+msgstr "Desexa executar o servizo de administración de Kerberos V5 (kadmind)?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"Kadmind serves requests to add/modify/remove principals in the Kerberos "
+"database."
+msgstr ""
+"Kadmind serve peticións para engadir/modificar/eliminar principais na base "
+"de datos Kerberos."
+
+#. Type: boolean
+#. Description
+#: ../krb5-admin-server.templates:3001
+msgid ""
+"It is required by the kpasswd program, used to change passwords. With "
+"standard setups, this daemon should run on the master KDC."
+msgstr ""
+"Precisa del o programa kpasswd, que se emprega para cambiar os contrasinais. "
+"Coas configuracións estándar, este servizo debería estar a funcionar no KDC "
+"mestre."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid "Create the Kerberos KDC configuration automatically?"
+msgstr "Desexa crear automaticamente a configuración do KDC de Kerberos?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"The Kerberos Key Distribution Center (KDC) configuration files, in /etc/"
+"krb5kdc, may be created automatically."
+msgstr ""
+"Pódense crear automaticamente os ficheiros de configuración do Centro de "
+"Distribución de Chaves de Kerberos (KDC) en /etc/krb5kdc."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"By default, an example template will be copied into this directory with "
+"local parameters filled in."
+msgstr ""
+"Por omisión hase copiar un modelo de exemplo neste directorio preenchendo os "
+"parámetros locais."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:2001
+msgid ""
+"Administrators who already have infrastructure to manage their Kerberos "
+"configuration may wish to disable these automatic configuration changes."
+msgstr ""
+"Os administradores que xa teñan unha infraestrutura para xestionar a "
+"configuración de Kerberos poden ter que desactivar estas modificacións de "
+"configuración automáticas."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid "Should the KDC database be deleted?"
+msgstr "Desexa eliminar a base de datos do KDC?"
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"By default, removing this package will not delete the KDC database in /var/"
+"lib/krb5kdc/principal since this database cannot be recovered once it is "
+"deleted."
+msgstr ""
+"Por omisión, ao eliminar este paquete non se ha borrar a base de datos do "
+"KDC de /var/lib/krb5kdc/principal, xa que esta base de datos non se pode "
+"recuperar despois de borrala."
+
+#. Type: boolean
+#. Description
+#: ../krb5-kdc.templates:3001
+msgid ""
+"Choose this option if you wish to delete the KDC database now, deleting all "
+"of the user accounts and passwords in the KDC."
+msgstr ""
+"Escolla esta opción se quere borrar a base de datos do KDC agora, eliminando "
+"todas as contas de usuario e contrasinais do KDC."
+
+#~ msgid "Kerberos V4 compatibility mode to use:"
+#~ msgstr "Modo de compatibilidade con Kerberos V4 a empregar:"
+
+#~ msgid ""
+#~ "By default, Kerberos V4 requests are allowed from principals that do not "
+#~ "require preauthentication (\"nopreauth\"). This allows Kerberos V4 "
+#~ "services to exist while requiring most users to use Kerberos V5 clients "
+#~ "to get their initial tickets. These tickets can then be converted to "
+#~ "Kerberos V4 tickets."
+#~ msgstr ""
+#~ "Por defecto admítense as peticións Kerberos V4 desde os principais que "
+#~ "non precisan de preautenticación (\"nopreauth\"). Isto permite que os "
+#~ "servizos Kerberos V4 sigan a existir mentres se require que a maioría dos "
+#~ "usuarios empreguen clientes Kerberos V5 para obter os seus tiquets "
+#~ "iniciais. Eses tiquets logo pódense converter en tiquets Kerberos V4."
+
+#~ msgid ""
+#~ "Alternatively, the mode can be set to \"full\", allowing Kerberos V4 "
+#~ "clients to get initial tickets even when preauthentication would normally "
+#~ "be required; to \"disable\", returning protocol version errors to all "
+#~ "Kerberos V4 clients; or to \"none\", which tells the KDC to not respond "
+#~ "to Kerberos V4 requests at all."
+#~ msgstr ""
+#~ "De xeito alternativo, pode cambiarse ao modo \"full\" (completo), o que "
+#~ "permite que os clientes Kerberos V4 obteñan tiquets iniciais incluso "
+#~ "cando se precisaría normalmente de preautenticación; ao modo \"disable"
+#~ "\" (desactivado), o que fai que se devolvan erros de versión do protocolo "
+#~ "aos clientes Kerberos V4, ou a \"none\" (ningún), o que indica ao KDC que "
+#~ "non resposte en absoluto ás peticións Kerberos V4."
+
+#~ msgid "Run a Kerberos V5 to Kerberos V4 ticket conversion daemon?"
+#~ msgstr ""
+#~ "¿Executar un servizo de conversións de tiquets Kerberos V5 a Kerberos V4?"
+
+#~ msgid ""
+#~ "The krb524d daemon converts Kerberos V5 tickets into Kerberos V4 tickets "
+#~ "for programs, such as krb524init, that obtain Kerberos V4 tickets for "
+#~ "compatibility with old applications."
+#~ msgstr ""
+#~ "O servizo krb524d convirte os tiquets Kerberos V5 a tiquets Kerberos V4 "
+#~ "para os programas, tales coma krb524init, que obteñen tiquets Kerberos V4 "
+#~ "por compatibilidade coas aplicacións antigas."
+
+#~ msgid ""
+#~ "It is recommended to enable that daemon if Kerberos V4 is enabled, "
+#~ "especially when Kerberos V4 compatibility is set to \"nopreauth\"."
+#~ msgstr ""
+#~ "Recoméndase activar este servizo se se activa Kerberos V4, especialmente "
+#~ "se se establece a compatibilidade Kerberos V4 a \"nopreauth\"."
+
+#~ msgid "Should the data be purged as well as the package files?"
+#~ msgstr "¿Deben purgarse os datos cos ficheiros dos paquetes?"
+
+#~ msgid "disable"
+#~ msgstr "desactivado"
+
+#~ msgid "full"
+#~ msgstr "completo"
+
+#~ msgid "nopreauth"
+#~ msgstr "nopreauth"
+
+#~ msgid "none"
+#~ msgstr "ningún"
+
+#~ msgid ""
+#~ "This package contains the administrative tools necessary to run on the "
+#~ "Kerberos master server. However, installing this package does not "
+#~ "automatically set up a Kerberos realm. Doing so requires entering "
+#~ "passwords and as such is not well-suited for package installation. To "
+#~ "create the realm, run the krb5_newrealm command. You may also wish to "
+#~ "read /usr/share/doc/krb5-kdc/README.KDC and the administration guide "
+#~ "found in the krb5-doc package."
+#~ msgstr ""
+#~ "Este paquete contén as ferramentas administrativas necesarias para "
+#~ "executar no servidor mestre de Kerberos. Nembargantes, a instalación "
+#~ "deste paquete non configura automaticamente un reino Kerberos. Para "
+#~ "facelo hai que introducir contrasinais, e por iso non se axusta ben á "
+#~ "instalación do paquete. Para crear o reini execute o programa "
+#~ "krb5_newrealm. Tamén é importante que lea o ficheiro /usr/sare/doc/krb5-"
+#~ "kdc/README.KDC e a guía administrativa que se atopa no paquete krb5-doc."
+
+#~ msgid ""
+#~ "Don't forget to set up DNS information so your clients can find your KDC "
+#~ "and admin servers. Doing so is documented in the administration guide."
+#~ msgstr ""
+#~ "Non esqueza configurar a información do DNS para que os clientes poidan "
+#~ "atopar o KDC e o servidor administrativo. O xeito de o facer documéntase "
+#~ "na guía de administración."
+
+#~ msgid ""
+#~ "Kadmind serves requests to add/modify/remove principals in the Kerberos "
+#~ "database. It also must be running for the kpasswd program to be used to "
+#~ "change passwords. Normally, this daemon runs on the master KDC."
+#~ msgstr ""
+#~ "Kadmind serve peticións para engadir/modificar/eliminar principais na "
+#~ "base de datos Kerberos. Tamén ten que estar a funcionar para que o "
+#~ "programa kpasswd o empregue para cambiar contrasinais. Normalmente este "
+#~ "servizo funciona no KDC mestre."
+
+#~ msgid ""
+#~ "Many sites will wish to have this script automatically create Kerberos "
+#~ "KDC configuration files in /etc/krb5kdc. By default an example template "
+#~ "will be copied into this directory with local parameters filled in. Some "
+#~ "sites who already have infrastructure to manage their own Kerberos "
+#~ "configuration will wish to disable any automatic configuration changes."
+#~ msgstr ""
+#~ "En moitos sitios se ha querer que este script cree automaticamente os "
+#~ "ficheiros de configuración do KDC de Kerberos en /etc/krb5kdc. Por "
+#~ "defecto hase copiar un patrón de exemplo neste directorio cos parámetros "
+#~ "locais introducidos. Os sitios que xa teñan a infraestructura para "
+#~ "xestionar a súa propia configuración de Kerberos poden ter que desactivar "
+#~ "os cambios automáticos na configuración."
+
+#~ msgid "disable, full, nopreauth, none"
+#~ msgstr "desactivado, completo, nopreauth, ningún"
+
+#~ msgid "Run a krb524d?"
+#~ msgstr "¿Executar krb524d?"
+
+#~ msgid ""
+#~ "Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 "
+#~ "tickets for the krb524init program. If you have Kerberos4 enabled at "
+#~ "all, then you probably want to run this program. Especially when "
+#~ "Kerberos4 compatibility is set to nopreauth, krb524d is important if you "
+#~ "have any Kerberos4 services."
+#~ msgstr ""
+#~ "Krb524d é un servizo que convirte os tiquets Kerberos5 en tiquets "
+#~ "Kerberos4 para o programa krb524init. Se ten Kerberos4 activado é "
+#~ "probable que queira executar este programa. Krb524d é importante se ten "
+#~ "servizos Kerberos4, especialmente se a compatibilidade con Kerberos4 é "
+#~ "nopreauth."
+
--- krb5-1.8.1+dfsg.orig/debian/patches/debian-path-fixes
+++ krb5-1.8.1+dfsg/debian/patches/debian-path-fixes
@@ -0,0 +1,145 @@
+Adjust man pages and code for Debian paths and FHS compliance. Not
+suitable for submission upstream, although it would be nice if upstream
+didn't put the full paths into man pages (and that part has been
+submitted).
+
+Kerberos RT #3010
+
+--- krb5-1.4.2.orig/src/appl/bsd/Makefile.in
++++ krb5-1.4.2/src/appl/bsd/Makefile.in
+@@ -22,9 +22,9 @@
+ OBJS= krcp.o krlogin.o krsh.o kcmd.o forward.o compat_recv.o $(SETENVOBJ) \
+ login.o krshd.o krlogind.o $(V4RCPO) $(LIBOBJS)
+
+-UCB_RLOGIN = @UCB_RLOGIN@
+-UCB_RSH = @UCB_RSH@
+-UCB_RCP = @UCB_RCP@
++UCB_RLOGIN = /usr/bin/netkit-rlogin
++UCB_RSH = /usr/bin/netkit-rsh
++UCB_RCP = /usr/bin/netkit-rcp
+
+ RSH= -DKRB5_PATH_RLOGIN=\"$(CLIENT_BINDIR)/rlogin\"
+ BSD= -DUCB_RLOGIN=\"$(UCB_RLOGIN)\" \
+--- krb5-1.4.2.orig/src/appl/bsd/klogind.M
++++ krb5-1.4.2/src/appl/bsd/klogind.M
+@@ -27,7 +27,7 @@
+ the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
+ configuration line for \fIklogind\fP might be:
+
+-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
++klogin stream tcp nowait root /usr/sbin/klogind klogind -e5c
+
+ When a service request is received, the following protocol is initiated:
+
+--- krb5-1.4.2.orig/src/appl/bsd/kshd.M
++++ krb5-1.4.2/src/appl/bsd/kshd.M
+@@ -8,7 +8,7 @@
+ .SH NAME
+ kshd \- kerberized remote shell server
+ .SH SYNOPSIS
+-.B /usr/local/sbin/kshd
++.B kshd
+ [
+ .B \-kr45ec
+ ]
+@@ -30,7 +30,7 @@
+ on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
+ configuration line for \fIkrshd\fP might be:
+
+-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c
++kshell stream tcp nowait root /usr/sbin/kshd kshd -5c
+
+ When a service request is received, the following protocol is initiated:
+
+--- krb5-1.4.2.orig/src/config-files/kdc.conf.M
++++ krb5-1.4.2/src/config-files/kdc.conf.M
+@@ -78,14 +78,14 @@
+ .B string
+ specifies the location of the access control list (acl) file that
+ kadmin uses to determine which principals are allowed which permissions
+-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
++on the database. The default value is /etc/krb5kdc/kadm5.acl.
+
+ .IP admin_keytab
+ This
+ .B string
+ Specifies the location of the keytab file that kadmin uses to
+ authenticate to the database. The default value is
+-/usr/local/var/krb5kdc/kadm5.keytab.
++/etc/krb5kdc/kadm5.keytab.
+
+ .IP database_name
+ This
+@@ -235,7 +235,7 @@
+ realm names and the [capaths] section of its krb5.conf file
+
+ .SH FILES
+-/usr/local/var/krb5kdc/kdc.conf
++/etc/krb5kdc/kdc.conf
+
+ .SH SEE ALSO
+ krb5.conf(5), krb5kdc(8)
+--- krb5-1.4.2.orig/src/include/krb5/stock/osconf.h
++++ krb5-1.4.2/src/include/krb5/stock/osconf.h
+@@ -117,10 +117,10 @@
+ * krb5 slave support follows
+ */
+
+-#define KPROP_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/slave_datatrans"
+-#define KPROPD_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/from_master"
+-#define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
+-#define KPROPD_DEFAULT_KDB5_EDIT "@SBINDIR/kdb5_edit"
++#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/slave_datatrans"
++#define KPROPD_DEFAULT_FILE "/var/lib/krb5kdc/from_master"
++#define KPROPD_DEFAULT_KDB5_UTIL "@PREFIX/sbin/kdb5_util"
++#define KPROPD_DEFAULT_KDB5_EDIT "@PREFIX/sbin/kdb5_edit"
+ #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE
+ #define KPROPD_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kpropd.acl"
+
+--- krb5-1.4.2.orig/src/slave/kprop.M
++++ krb5-1.4.2/src/slave/kprop.M
+@@ -39,7 +39,7 @@
+ This is done by transmitting the dumped database file to the slave
+ server over an encrypted, secure channel. The dump file must be created
+ by kdb5_util, and is normally KPROP_DEFAULT_FILE
+-(/usr/local/var/krb5kdc/slave_datatrans).
++(/var/lib/krb5kdc/slave_datatrans).
+ .SH OPTIONS
+ .TP
+ \fB\-r\fP \fIrealm\fP
+@@ -51,7 +51,7 @@
+ \fB\-f\fP \fIfile\fP
+ specifies the filename where the dumped principal database file is to be
+ found; by default the dumped database file is KPROP_DEFAULT_FILE
+-(normally /usr/local/var/krb5kdc/slave_datatrans).
++(normally /var/lib/krb5kdc/slave_datatrans).
+ .TP
+ \fB\-P\fP \fIport\fP
+ specifies the port to use to contact the
+--- krb5-1.4.2.orig/src/slave/kpropd.M
++++ krb5-1.4.2/src/slave/kpropd.M
+@@ -69,7 +69,7 @@
+ This is done by adding a line to the inetd.conf file which looks like
+ this:
+
+-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
++krb5_prop stream tcp nowait root /usr/sbin/kpropd kpropd
+
+ However, kpropd can also run as a standalone deamon, if the
+ .B \-S
+@@ -87,13 +87,13 @@
+ \fB\-f\fP \fIfile\fP
+ specifies the filename where the dumped principal database file is to be
+ stored; by default the dumped database file is KPROPD_DEFAULT_FILE
+-(normally /usr/local/var/krb5kdc/from_master).
++(normally /var/lib/krb5kdc/from_master).
+ .TP
+ .B \-p
+ allows the user to specify the pathname to the
+ .IR kdb5_util (8)
+ program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
+-(normally /usr/local/sbin/kdb5_util).
++(normally /usr/sbin/kdb5_util).
+ .TP
+ .B \-S
+ turn on standalone mode. Normally, kpropd is invoked out of
--- krb5-1.8.1+dfsg.orig/debian/patches/debian-krlogin-alpha
+++ krb5-1.8.1+dfsg/debian/patches/debian-krlogin-alpha
@@ -0,0 +1,13 @@
+Added with the following log entry: Fix TIOCGLTC lossage on alpha. This
+probably isn't appropriate for all non-Linux platforms.
+
+--- krb5-1.4.2.orig/src/appl/bsd/krlogin.c
++++ krb5-1.4.2/src/appl/bsd/krlogin.c
+@@ -137,6 +137,7 @@
+ #include
+ #endif
+ #endif
++#undef TIOCGLTC
+
+ #ifndef TIOCPKT_NOSTOP
+ /* These values are over-the-wire protocol, *not* local values */
--- krb5-1.8.1+dfsg.orig/debian/patches/info-fixes
+++ krb5-1.8.1+dfsg/debian/patches/info-fixes
@@ -0,0 +1,79 @@
+Add dircategory and direntry lines to the texinfo source and fix a few
+variable typos.
+
+Kerberos RT #3014
+
+--- krb5-1.4.2.orig/doc/admin.texinfo
++++ krb5-1.4.2/doc/admin.texinfo
+@@ -14,6 +14,11 @@
+ @parskip 6pt plus 6pt
+ @end iftex
+
++@dircategory Kerberos
++@direntry
++* krb5-admin: (krb5-admin). Kerberos V5 Administrator's Guide
++@end direntry
++
+ @include definitions.texinfo
+ @set EDITION 1.0
+ @set UPDATED June 16, 2000
+@@ -2443,7 +2448,7 @@
+ @b{Re-enter password for principal krbtgt/@value{PRIMARYREALM}@@@value{SECONDREALM}:}
+ @b{kadmin:} add_princ -requires_preauth krbtgt/@value{SECONDREALM}@@@value{PRIMARYREALM}
+ @b{Enter password for principal krbtgt/@value{SECONDREALM}@@@value{PRIMARYREALM}:}
+-@b{Enter password for principal krbtgt/@value{SECONDREALM}@@@value{PRIMARYREALML}:}
++@b{Enter password for principal krbtgt/@value{SECONDREALM}@@@value{PRIMARYREALM}:}
+ @b{kadmin:}
+ @end group
+ @end smallexample
+--- krb5-1.4.2.orig/doc/install.texinfo
++++ krb5-1.4.2/doc/install.texinfo
+@@ -15,6 +15,11 @@
+ @parskip 6pt plus 6pt
+ @end iftex
+
++@dircategory Kerberos
++@direntry
++* krb5-install: (krb5-install). Kerberos V5 Installation Guide
++@end direntry
++
+ @include definitions.texinfo
+ @set EDITION 1.1
+
+--- krb5-1.4.2.orig/doc/krb425.texinfo
++++ krb5-1.4.2/doc/krb425.texinfo
+@@ -15,6 +15,11 @@
+ @parskip 6pt plus 6pt
+ @end iftex
+
++@dircategory Kerberos
++@direntry
++* krb425: (krb425). Upgrading to Kerberos V5 from V4
++@end direntry
++
+ @include definitions.texinfo
+ @set EDITION 1.0
+ @set UPDATED May 22, 2003
+--- krb5-1.4.2.orig/doc/user-guide.texinfo
++++ krb5-1.4.2/doc/user-guide.texinfo
+@@ -13,6 +13,11 @@
+ @parskip 6pt plus 6pt
+ @end iftex
+
++@dircategory Kerberos
++@direntry
++* krb5-user: (krb5-user). Kerberos V5 UNIX User's Guide
++@end direntry
++
+ @include definitions.texinfo
+ @set EDITION 1.0
+
+@@ -932,7 +937,7 @@
+ [ Kerberos V5 accepts you as ``@value{RANDOMUSER1}@@@value{PRIMARYDOMAIN}'' ]
+ [ Kerberos V5 accepted forwarded credentials ]
+ What you type is protected by encryption.
+-Last login: Tue Jul 30 18:47:44 from @value{RANDOMHOST}.@value{SECONDDOMAIN}
++Last login: Tue Jul 30 18:47:44 from @value{RANDOMHOST1}.@value{SECONDDOMAIN}
+ Athena Server (sun4) Version 9.1.11 Tue Jul 30 14:40:08 EDT 2002
+
+ shell%}
--- krb5-1.8.1+dfsg.orig/debian/patches/kprop-service-name
+++ krb5-1.8.1+dfsg/debian/patches/kprop-service-name
@@ -0,0 +1,53 @@
+2001-11-24 Sam Hartman
+
+ * kpropd.c (do_standalone): Default to KPROP port
+ * kprop.c (open_connection): Default to 754 rather than an error,
+ Debian bug #120010
+
+Kerberos RT #3268
+Debian bug #120010
+
+--- krb5-1.4.2.orig/src/slave/kprop.c
++++ krb5-1.4.2/src/slave/kprop.c
+@@ -346,13 +346,11 @@
+ if(!port) {
+ sp = getservbyname(KPROP_SERVICE, "tcp");
+ if (sp == 0) {
+- (void) strncpy(Errmsg, KPROP_SERVICE, ErrmsgSz - 1);
+- Errmsg[ErrmsgSz - 1] = '\0';
+- (void) strncat(Errmsg, "/tcp: unknown service", ErrmsgSz - 1 - strlen(Errmsg));
+- *fd = -1;
+- return(0);
++ my_sin.sin_port = htons(KPROP_PORT);
++
++ } else {
++ my_sin.sin_port = sp->s_port;
+ }
+- my_sin.sin_port = sp->s_port;
+ } else
+ my_sin.sin_port = port;
+ s = socket(AF_INET, SOCK_STREAM, 0);
+--- krb5-1.4.2.orig/src/slave/kprop.h
++++ krb5-1.4.2/src/slave/kprop.h
+@@ -29,6 +29,7 @@
+ #define KPROP_SERVICE_NAME "host"
+ #define TGT_SERVICE_NAME "krbtgt"
+ #define KPROP_SERVICE "krb5_prop"
++#define KPROP_PORT 754
+
+ #define KPROP_PROT_VERSION "kprop5_01"
+
+--- krb5-1.4.2.orig/src/slave/kpropd.c
++++ krb5-1.4.2/src/slave/kpropd.c
+@@ -193,9 +193,9 @@
+ sp = getservbyname(KPROP_SERVICE, "tcp");
+ if (sp == NULL) {
+ com_err(progname, 0, "%s/tcp: unknown service", KPROP_SERVICE);
+- exit(1);
++ my_sin.sin_port = htons(KPROP_PORT);
+ }
+- my_sin.sin_port = sp->s_port;
++ else my_sin.sin_port = sp->s_port;
+ } else {
+ my_sin.sin_port = port;
+ }
--- krb5-1.8.1+dfsg.orig/debian/patches/krb5-2011-003-patch
+++ krb5-1.8.1+dfsg/debian/patches/krb5-2011-003-patch
@@ -0,0 +1,22 @@
+Origin: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
+Description: The MIT Kerberos 5 Key Distribution Center (KDC) daemon is
+vulnerable to a double-free condition if the Public Key Cryptography
+for Initial Authentication (PKINIT) capability is enabled, resulting
+in daemon crash; glibc detects double-frees and aborts.
+
+CVE-2011-0284
+
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 46b5fa1..464cb6e 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
+ pad->contents = td[size]->data;
+ pad->length = td[size]->length;
+ pa[size] = pad;
++ td[size]->data = NULL;
++ td[size]->length = 0;
+ }
+ krb5_free_typed_data(kdc_context, td);
+ }
+
--- krb5-1.8.1+dfsg.orig/debian/patches/krb5-2011-001-patch
+++ krb5-1.8.1+dfsg/debian/patches/krb5-2011-001-patch
@@ -0,0 +1,31 @@
+Subject: kpropd denial of service
+Origin: upstream, http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-001.txt
+
+The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to
+a denial-of-service attack triggered by invalid network input. If a
+kpropd worker process receives invalid input that causes it to exit
+with an abnormal status, it can cause the termination of the listening
+process that spawned it, preventing the slave KDC it was running on
+from receiving database updates from the master KDC.
+
+CVE-2010-4022
+
+diff -up krb5/src/slave/kpropd.c krb5/src/slave/kpropd.c
+--- krb5/src/slave/kpropd.c 2010-12-17 11:14:26.000000000 -0500
++++ krb5/src/slave/kpropd.c 2010-12-17 11:41:19.000000000 -0500
+@@ -404,11 +404,11 @@ retry:
+ }
+
+ close(s);
+- if (iproprole == IPROP_SLAVE)
++ if (iproprole == IPROP_SLAVE) {
+ close(finet);
+-
+- if ((ret = WEXITSTATUS(status)) != 0)
+- return (ret);
++ if ((ret = WEXITSTATUS(status)) != 0)
++ return (ret);
++ }
+ }
+ if (iproprole == IPROP_SLAVE)
+ break;
--- krb5-1.8.1+dfsg.orig/debian/patches/config-comments
+++ krb5-1.8.1+dfsg/debian/patches/config-comments
@@ -0,0 +1,21 @@
+Support comments after whitespace in configuration files.
+
+Kerberos RT #1988
+Debian bug #314609
+
+--- krb5-1.4.2.orig/src/util/profile/prof_parse.c
++++ krb5-1.4.2/src/util/profile/prof_parse.c
+@@ -84,10 +84,10 @@
+
+ if (*line == 0)
+ return 0;
+- if (line[0] == ';' || line[0] == '#')
+- return 0;
+- strip_line(line);
+ cp = skip_over_blanks(line);
++ if (cp[0] == ';' || cp[0] == '#')
++ return 0;
++ strip_line(cp);
+ ch = *cp;
+ if (ch == 0)
+ return 0;
--- krb5-1.8.1+dfsg.orig/debian/patches/MITKRB5-SA-2010-006
+++ krb5-1.8.1+dfsg/debian/patches/MITKRB5-SA-2010-006
@@ -0,0 +1,37 @@
+Description: An authenticated remote attacker can cause the MIT krb5 KDC
+ process to crash, resulting in a denial of service (CVE-2010-1322).
+Origin: http://web.mit.edu/kerberos/advisories/2010-006-patch.txt
+
+diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
+index b5de64d..cc44e29 100644
+--- a/src/kdc/kdc_authdata.c
++++ b/src/kdc/kdc_authdata.c
+@@ -495,7 +495,7 @@ merge_authdata (krb5_context context,
+ krb5_boolean copy,
+ krb5_boolean ignore_kdc_issued)
+ {
+- size_t i, nadata = 0;
++ size_t i, j, nadata = 0;
+ krb5_authdata **authdata = *out_authdata;
+
+ if (in_authdata == NULL || in_authdata[0] == NULL)
+@@ -529,16 +529,16 @@ merge_authdata (krb5_context context,
+ in_authdata = tmp;
+ }
+
+- for (i = 0; in_authdata[i] != NULL; i++) {
++ for (i = 0, j = 0; in_authdata[i] != NULL; i++) {
+ if (ignore_kdc_issued &&
+ is_kdc_issued_authdatum(context, in_authdata[i], 0)) {
+ free(in_authdata[i]->contents);
+ free(in_authdata[i]);
+ } else
+- authdata[nadata + i] = in_authdata[i];
++ authdata[nadata + j++] = in_authdata[i];
+ }
+
+- authdata[nadata + i] = NULL;
++ authdata[nadata + j] = NULL;
+
+ free(in_authdata);
+
--- krb5-1.8.1+dfsg.orig/debian/patches/krb5-2011-006-1.8.patch
+++ krb5-1.8.1+dfsg/debian/patches/krb5-2011-006-1.8.patch
@@ -0,0 +1,127 @@
+Subject: Kerberos MITKRB5-SA-2011-006 Advisory
+Origin: http://web.mit.edu/kerberos/advisories/2011-006-patch.txt
+
+SUMMARY
+=======
+
+CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due
+to an assertion failure. No exploit is known to exist, but there is
+public evidence that the unidentified trigger condition occurs in the
+field.
+
+CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due
+to a null pointer dereference. No exploit is known to exist.
+
+IMPACT
+======
+
+CVE-2011-1528: An unauthenticated remote attacker can crash a KDC
+daemon via assertion failure.
+
+CVE-2011-1529: An unauthenticated remote attacker can crash a KDC
+daemon via null pointer dereference.
+
+AFFECTED SOFTWARE
+=================
+
+* The KDC in krb5-1.8 and later is vulnerable to CVE-2011-1528 when
+ configured with the LDAP back end. When configured with the
+ Berkeley DB ("db2") back end, only releases krb5-1.8 through
+ krb5-1.8.4 are vulnerable.
+
+* The KDC in krb5-1.8 and later is vulnerable to CVE-2011-1529 when
+ configured with either the Berkeley DB ("db2") or the LDAP back end.
+
+FIXES
+=====
+
+* Workaround: restart the KDC when it crashes, possibly using an
+ automated monitoring process.
+
+* Upcoming releases in the krb5-1.8.x and krb5-1.9.x series will fix
+ CVE-2011-1528 and CVE-2011-1529.
+
+* The following patch is for krb5-1.8.x:
+
+diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c
+index 498c0de..5f973fb 100644
+--- a/src/plugins/kdb/db2/lockout.c
++++ b/src/plugins/kdb/db2/lockout.c
+@@ -158,13 +158,23 @@ krb5_db2_lockout_audit(krb5_context context,
+ return 0;
+ }
+
++ if (entry == NULL)
++ return 0;
++
+ code = lookup_lockout_policy(context, entry, &max_fail,
+ &failcnt_interval,
+ &lockout_duration);
+ if (code != 0)
+ return code;
+
+- assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry));
++ /*
++ * Don't continue to modify the DB for an already locked account.
++ * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
++ * this check is unneeded, but in rare cases, we can fail with an
++ * integrity error or preauth failure before a policy check.)
++ */
++ if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
++ return 0;
+
+ if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
+ /*
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index 626ed1f..68e8ec4 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -131,6 +131,7 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+ CHECK_LDAP_HANDLE(ldap_context);
+
+ if (is_principal_in_realm(ldap_context, searchfor) != 0) {
++ st = KRB5_KDB_NOENTRY;
+ *more = 0;
+ krb5_set_error_message (context, st, "Principal does not belong to realm");
+ goto cleanup;
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+index 020c77a..24b9493 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+@@ -150,15 +150,25 @@ krb5_ldap_lockout_audit(krb5_context context,
+ return 0;
+ }
+
++ if (entry == NULL)
++ return 0;
++
+ code = lookup_lockout_policy(context, entry, &max_fail,
+ &failcnt_interval,
+ &lockout_duration);
+ if (code != 0)
+ return code;
+
+- entry->mask = 0;
++ /*
++ * Don't continue to modify the DB for an already locked account.
++ * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
++ * this check is unneeded, but in rare cases, we can fail with an
++ * integrity error or preauth failure before a policy check.)
++ */
++ if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
++ return 0;
+
+- assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry));
++ entry->mask = 0;
+
+ if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
+ /*
+
+ This patch is also available at
+
+ http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt
+
+ A PGP-signed patch is available at
+
+ http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt.asc
+
--- krb5-1.8.1+dfsg.orig/debian/patches/krb5_config_do_deps
+++ krb5-1.8.1+dfsg/debian/patches/krb5_config_do_deps
@@ -0,0 +1,26 @@
+=== src/krb5-config.in
+==================================================================
+--- src/krb5-config.in (revision 2796)
++++ src/krb5-config.in (local)
+@@ -121,6 +121,7 @@
+ echo " [--prefix] Kerberos installed prefix"
+ echo " [--exec-prefix] Kerberos installed exec_prefix"
+ echo " [--cflags] Compile time CFLAGS"
++ echo " [--deps] Include dependent libraries"
+ echo " [--libs] List libraries required to link [LIBRARIES]"
+ echo "Libraries:"
+ echo " krb5 Kerberos 5 application"
+@@ -217,7 +218,12 @@
+ fi
+
+ if test $library = 'krb5'; then
+- lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
++ if [ "x$do_deps" = "x1" ] ; then
++ dep_libs="$GEN_LIB $LIBS $DL_LIB"
++ else
++ dep_libs=""
++ fi
++ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $dep_libs"
+ fi
+
+ echo $lib_flags
--- krb5-1.8.1+dfsg.orig/debian/patches/krb5-config-include
+++ krb5-1.8.1+dfsg/debian/patches/krb5-config-include
@@ -0,0 +1,19 @@
+Never pass -I/usr/include to a compiler. It does bad things.
+
+Kerberos RT #3011
+
+--- krb5-1.4.2.orig/src/krb5-config.in
++++ krb5-1.4.2/src/krb5-config.in
+@@ -166,7 +166,11 @@
+ fi
+
+ if test -n "$do_cflags"; then
+- echo "-I${includedir}"
++ if test x"$includedir" != x"/usr/include" ; then
++ echo "-I${includedir}"
++ else
++ echo ''
++ fi
+ fi
+
+
--- krb5-1.8.1+dfsg.orig/debian/patches/hurd-portability
+++ krb5-1.8.1+dfsg/debian/patches/hurd-portability
@@ -0,0 +1,365 @@
+Patch for Hurd portability, setting MAXPATHLEN and MAXHOSTNAMELEN where
+needed and declaring additional weak symbols. There's probably a better
+way to do this for upstream; it needs a bit more attention towards
+integration with configure. Patch from Michael Banck .
+
+Kerberos RT #3265
+Debian bug #324305 and #341608
+
+--- krb5/src/include/k5-thread.h.orig 2005-12-01 22:12:36.000000000 +0100
++++ krb5/src/include/k5-thread.h 2005-12-01 22:05:37.000000000 +0100
+@@ -375,6 +375,12 @@
+ # pragma weak pthread_mutex_init
+ # pragma weak pthread_self
+ # pragma weak pthread_equal
++# if __GNU__
++# pragma weak _pthread_mutex_lock
++# pragma weak _pthread_mutex_unlock
++# pragma weak _pthread_mutex_destroy
++# pragma weak _pthread_mutex_init
++# endif /* __GNU__ */
+ # ifdef HAVE_PTHREAD_MUTEXATTR_SETROBUST_NP_IN_THREAD_LIB
+ # pragma weak pthread_mutexattr_setrobust_np
+ # endif
+
+=== krb5/src/appl/bsd/krlogind.c
+==================================================================
+--- krb5/src/appl/bsd/krlogind.c (revision 1833)
++++ krb5/src/appl/bsd/krlogind.c (local)
+@@ -302,6 +302,10 @@
+ #define MAXDNAME 256 /*per the rfc*/
+ #endif
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ char lusername[UT_NAMESIZE+1];
+ char rusername[UT_NAMESIZE+1];
+ char *krusername = 0;
+=== krb5/src/appl/bsd/krshd.c
+==================================================================
+--- krb5/src/appl/bsd/krshd.c (revision 1833)
++++ krb5/src/appl/bsd/krshd.c (local)
+@@ -515,6 +515,11 @@
+ #define NCARGS 1024
+ #endif
+
++#if NCARGS == INT_MAX
++#undef NCARGS
++#define NCARGS 4096
++#endif
++
+ #define NMAX 16
+
+ int pid;
+=== krb5/src/appl/bsd/login.c
+==================================================================
+--- krb5/src/appl/bsd/login.c (revision 1833)
++++ krb5/src/appl/bsd/login.c (local)
+@@ -132,6 +132,14 @@
+ #define siglongjmp longjmp
+ #endif
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ #ifdef POSIX_SIGNALS
+ typedef struct sigaction handler;
+ #define handler_init(H,F) (sigemptyset(&(H).sa_mask), \
+=== krb5/src/appl/gssftp/ftp/cmds.c
+==================================================================
+--- krb5/src/appl/gssftp/ftp/cmds.c (revision 1833)
++++ krb5/src/appl/gssftp/ftp/cmds.c (local)
+@@ -66,6 +66,10 @@
+ #include
+ #include
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ #ifdef HAVE_GETCWD
+ #define getwd(x) getcwd(x,MAXPATHLEN)
+ #endif
+=== krb5/src/appl/gssftp/ftp/ftp.c
+==================================================================
+--- krb5/src/appl/gssftp/ftp/ftp.c (revision 1833)
++++ krb5/src/appl/gssftp/ftp/ftp.c (local)
+@@ -153,6 +153,10 @@
+ #include "ftp_var.h"
+ #include "secure.h"
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ #ifdef GSSAPI
+ void user_gss_error (OM_uint32, OM_uint32, char *);
+ #endif
+=== krb5/src/appl/gssftp/ftp/ftp_var.h
+==================================================================
+--- krb5/src/appl/gssftp/ftp/ftp_var.h (revision 1833)
++++ krb5/src/appl/gssftp/ftp/ftp_var.h (local)
+@@ -70,6 +70,10 @@
+ #define extern
+ #endif
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ /*
+ * Options and other state info.
+ */
+=== krb5/src/appl/gssftp/ftpd/ftpd.c
+==================================================================
+--- krb5/src/appl/gssftp/ftpd/ftpd.c (revision 1833)
++++ krb5/src/appl/gssftp/ftpd/ftpd.c (local)
+@@ -171,6 +171,14 @@
+ #include "ftpd_var.h"
+ #include "secure.h"
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ extern char *crypt();
+ extern char version[];
+ extern char *home; /* pointer to home directory for glob */
+=== krb5/src/clients/ksu/ksu.h
+==================================================================
+--- krb5/src/clients/ksu/ksu.h (revision 1833)
++++ krb5/src/clients/ksu/ksu.h (local)
+@@ -56,8 +56,11 @@
+ #define CACHE_MODE 0600
+ #define MAX_CMD 2048 /* this is temp, should use realloc instead,
+ as done in most of the code */
+-
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ extern int optind;
+ extern char * optarg;
+
+=== krb5/src/kadmin/ktutil/ktutil_funcs.c
+==================================================================
+--- krb5/src/kadmin/ktutil/ktutil_funcs.c (revision 1833)
++++ krb5/src/kadmin/ktutil/ktutil_funcs.c (local)
+@@ -35,6 +35,10 @@
+ #include
+ #include
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ /*
+ * Free a kt_list
+ */
+=== krb5/src/lib/kdb/fetch_mkey.c
+==================================================================
+--- krb5/src/lib/kdb/fetch_mkey.c (revision 1833)
++++ krb5/src/lib/kdb/fetch_mkey.c (local)
+@@ -80,6 +80,10 @@
+ #define min(a,b) (((a) < (b)) ? (a) : (b))
+ #endif
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ krb5_error_code
+ krb5_db_fetch_mkey(context, mname, etype, fromkeyboard, twice, keyfile,
+ salt, key)
+=== krb5/src/lib/krb4/RealmsConfig-glue.c
+==================================================================
+--- krb5/src/lib/krb4/RealmsConfig-glue.c (revision 1833)
++++ krb5/src/lib/krb4/RealmsConfig-glue.c (local)
+@@ -45,6 +45,10 @@
+ #include "krb5.h"
+ #undef KRB5_PRIVATE
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ /* These two *must* be kept in sync to avoid buffer overflows. */
+ #define SCNSCRATCH "%1023s"
+ #define SCRATCHSZ 1024
+=== krb5/src/lib/krb4/g_cnffile.c
+==================================================================
+--- krb5/src/lib/krb4/g_cnffile.c (revision 1833)
++++ krb5/src/lib/krb4/g_cnffile.c (local)
+@@ -20,6 +20,10 @@
+ #include "k5-int.h"
+ #include "krb4int.h"
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ krb5_context krb5__krb4_context = 0;
+
+ static FILE*
+=== krb5/src/lib/krb4/g_phost.c
+==================================================================
+--- krb5/src/lib/krb4/g_phost.c (revision 1833)
++++ krb5/src/lib/krb4/g_phost.c (local)
+@@ -48,6 +48,10 @@
+ * to the original "alias" argument is returned.
+ */
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ char * KRB5_CALLCONV
+ krb_get_phost(alias)
+ char *alias;
+=== krb5/src/lib/krb4/kuserok.c
+==================================================================
+--- krb5/src/lib/krb4/kuserok.c (revision 1833)
++++ krb5/src/lib/krb4/kuserok.c (local)
+@@ -57,6 +57,10 @@
+ #define NOTOK 1
+ #define MAX_USERNAME 10
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ /*
+ * Given a Kerberos principal "kdata", and a local username "luser",
+ * determine whether user is authorized to login according to the
+=== krb5/src/lib/krb4/send_to_kdc.c
+==================================================================
+--- krb5/src/lib/krb4/send_to_kdc.c (revision 1833)
++++ krb5/src/lib/krb4/send_to_kdc.c (local)
+@@ -55,6 +55,10 @@
+ static char *prog = "send_to_kdc";
+ #endif
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ /*
+ * send_to_kdc() sends a message to the Kerberos authentication
+ * server(s) in the given realm and returns the reply message.
+=== krb5/src/lib/krb4/tkt_string.c
+==================================================================
+--- krb5/src/lib/krb4/tkt_string.c (revision 1833)
++++ krb5/src/lib/krb4/tkt_string.c (local)
+@@ -44,6 +44,10 @@
+ uid_t getuid(void) { return 0; }
+ #endif /* _WIN32 */
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ /*
+ * This routine is used to generate the name of the file that holds
+ * the user's cache of server tickets and associated session keys.
+=== krb5/src/lib/krb5/os/kuserok.c
+==================================================================
+--- krb5/src/lib/krb5/os/kuserok.c (revision 1833)
++++ krb5/src/lib/krb5/os/kuserok.c (local)
+@@ -40,6 +40,10 @@
+
+ #define MAX_USERNAME 65
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ /*
+ * Given a Kerberos principal "principal", and a local username "luser",
+ * determine whether user is authorized to login according to the
+=== krb5/src/lib/krb5/os/sn2princ.c
+==================================================================
+--- krb5/src/lib/krb5/os/sn2princ.c (revision 1833)
++++ krb5/src/lib/krb5/os/sn2princ.c (local)
+@@ -61,6 +61,10 @@
+ }
+
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ krb5_error_code KRB5_CALLCONV
+ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname, krb5_int32 type, krb5_principal *ret_princ)
+ {
+=== krb5/src/tests/resolve/resolve.c
+==================================================================
+--- krb5/src/tests/resolve/resolve.c (revision 1833)
++++ krb5/src/tests/resolve/resolve.c (local)
+@@ -70,6 +70,10 @@
+
+ #include
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ int
+ main(argc, argv)
+ int argc;
+=== krb5/src/util/db2/btree/bt_open.c
+==================================================================
+--- krb5/src/util/db2/btree/bt_open.c (revision 1833)
++++ krb5/src/util/db2/btree/bt_open.c (local)
+@@ -66,6 +66,10 @@
+ #define MINPSIZE 128
+ #endif
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ static int byteorder __P((void));
+ static int nroot __P((BTREE *));
+ static int tmp __P((void));
+=== krb5/src/util/db2/hash/dbm.c
+==================================================================
+--- krb5/src/util/db2/hash/dbm.c (revision 1833)
++++ krb5/src/util/db2/hash/dbm.c (local)
+@@ -58,6 +58,10 @@
+
+ #define NEED_COPY
+
++#ifndef MAXPATHLEN
++# define MAXPATHLEN 4096
++#endif
++
+ /*
+ *
+ * This package provides dbm and ndbm compatible interfaces to DB.
+=== krb5/src/util/pty/sane_hostname.c
+==================================================================
+--- krb5/src/util/pty/sane_hostname.c (revision 1833)
++++ krb5/src/util/pty/sane_hostname.c (local)
+@@ -29,6 +29,10 @@
+ #include "socket-utils.h"
+ #include "fake-addrinfo.h"
+
++#ifndef MAXHOSTNAMELEN
++# define MAXHOSTNAMELEN 256
++#endif
++
+ static void
+ downcase (char *s)
+ {
--- krb5-1.8.1+dfsg.orig/debian/patches/MITKRB5-SA-2011-004
+++ krb5-1.8.1+dfsg/debian/patches/MITKRB5-SA-2011-004
@@ -0,0 +1,35 @@
+diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c
+index c8ce4f1..bb911ff 100644
+--- a/src/kadmin/server/network.c
++++ b/src/kadmin/server/network.c
+@@ -1384,6 +1384,10 @@ cleanup:
+ if (local_kaddrs != NULL)
+ krb5_free_addresses(server_handle->context, local_kaddrs);
+
++ if ((*response)->data == NULL) {
++ free(*response);
++ *response = NULL;
++ }
+ krb5_kt_close(server_handle->context, kt);
+
+ return ret;
+diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
+index c1b2217..992b55f 100644
+--- a/src/kadmin/server/schpw.c
++++ b/src/kadmin/server/schpw.c
+@@ -74,8 +74,13 @@ process_chpw_request(context, server_handle, realm, keytab,
+ plen = (*ptr++ & 0xff);
+ plen = (plen<<8) | (*ptr++ & 0xff);
+
+- if (plen != req->length)
+- return(KRB5KRB_AP_ERR_MODIFIED);
++ if (plen != req->length) {
++ ret = KRB5KRB_AP_ERR_MODIFIED;
++ numresult = KRB5_KPASSWD_MALFORMED;
++ strlcpy(strresult, "Request length was inconsistent",
++ sizeof(strresult));
++ goto chpwfail;
++ }
+
+ /* verify version number */
+
--- krb5-1.8.1+dfsg.orig/debian/patches/telnet-help
+++ krb5-1.8.1+dfsg/debian/patches/telnet-help
@@ -0,0 +1,50 @@
+2001-11-24 Sam Hartman
+
+ * commands.c main.c: telnet help should telnet to a host called
+ help not print an incorrect usage message; patch from Graeme
+ Mathieson
+
+Kerberos RT #3269
+
+--- krb5-1.4.2.orig/src/appl/telnet/telnet/commands.c
++++ krb5-1.4.2/src/appl/telnet/telnet/commands.c
+@@ -2446,8 +2446,6 @@
+ cmd = *argv;
+ --argc; ++argv;
+ while (argc) {
+- if (isprefix(*argv, "help") || isprefix(*argv, "?"))
+- goto usage;
+ if (strcmp(*argv, "-l") == 0) {
+ --argc; ++argv;
+ if (argc == 0)
+@@ -2472,8 +2470,7 @@
+ continue;
+ }
+ usage:
+- printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
+- return 0;
++ return 2;
+ }
+ if (hostp == 0)
+ goto usage;
+--- krb5-1.4.2.orig/src/appl/telnet/telnet/main.c
++++ krb5-1.4.2/src/appl/telnet/telnet/main.c
+@@ -333,10 +333,14 @@
+
+ if (setjmp(toplevel) != 0)
+ Exit(0);
+- if (tn(argp - args, args) == 1)
+- return (0);
+- else
+- return (1);
++ {
++ int ret = tn(argp - args, args);
++ switch (ret) {
++ case 1: return 0;
++ case 2: usage();
++ default: return 1;
++ }
++ }
+ }
+ (void)setjmp(toplevel);
+ for (;;) {
--- krb5-1.8.1+dfsg.orig/debian/patches/MITKRB5-SA-2010-007
+++ krb5-1.8.1+dfsg/debian/patches/MITKRB5-SA-2010-007
@@ -0,0 +1,187 @@
+Description: fix message forgery and privilege escalation via
+ unacceptable checksums
+Origin: backport, http://web.mit.edu/kerberos/advisories/2010-007-patch.txt
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553
+
+diff -Naurp krb5-1.8.1+dfsg.ori//src/lib/crypto/krb/dk/derive.c krb5-1.8.1+dfsg/src/lib/crypto/krb/dk/derive.c
+--- krb5-1.8.1+dfsg.ori//src/lib/crypto/krb/dk/derive.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/lib/crypto/krb/dk/derive.c 2010-12-08 09:04:32.000000000 -0500
+@@ -91,6 +91,8 @@ krb5int_derive_random(const struct krb5_
+ blocksize = enc->block_size;
+ keybytes = enc->keybytes;
+
++ if (blocksize == 1)
++ return KRB5_BAD_ENCTYPE;
+ if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
+ return KRB5_CRYPTO_INTERNAL;
+
+diff -Naurp krb5-1.8.1+dfsg.ori//src/lib/crypto/krb/keyed_checksum_types.c krb5-1.8.1+dfsg/src/lib/crypto/krb/keyed_checksum_types.c
+--- krb5-1.8.1+dfsg.ori//src/lib/crypto/krb/keyed_checksum_types.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/lib/crypto/krb/keyed_checksum_types.c 2010-12-08 09:04:32.000000000 -0500
+@@ -35,6 +35,13 @@ is_keyed_for(const struct krb5_cksumtype
+ {
+ if (ctp->flags & CKSUM_UNKEYED)
+ return FALSE;
++ /* Stream ciphers do not play well with RFC 3961 key derivation, so be
++ * conservative with RC4. */
++ if ((ktp->etype == ENCTYPE_ARCFOUR_HMAC ||
++ ktp->etype == ENCTYPE_ARCFOUR_HMAC_EXP) &&
++ ctp->ctype != CKSUMTYPE_HMAC_MD5_ARCFOUR &&
++ ctp->ctype != CKSUMTYPE_MD5_HMAC_ARCFOUR)
++ return FALSE;
+ return (!ctp->enc || ktp->enc == ctp->enc);
+ }
+
+diff -Naurp krb5-1.8.1+dfsg.ori//src/lib/gssapi/krb5/util_crypt.c krb5-1.8.1+dfsg/src/lib/gssapi/krb5/util_crypt.c
+--- krb5-1.8.1+dfsg.ori//src/lib/gssapi/krb5/util_crypt.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/lib/gssapi/krb5/util_crypt.c 2010-12-08 09:04:32.000000000 -0500
+@@ -119,10 +119,22 @@ kg_setup_keys(krb5_context context, krb5
+ if (code != 0)
+ return code;
+
+- code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype,
+- cksumtype);
+- if (code != 0)
+- return code;
++ switch (subkey->keyblock.enctype) {
++ case ENCTYPE_DES_CBC_MD4:
++ *cksumtype = CKSUMTYPE_RSA_MD4_DES;
++ break;
++ case ENCTYPE_DES_CBC_MD5:
++ case ENCTYPE_DES_CBC_CRC:
++ *cksumtype = CKSUMTYPE_RSA_MD5_DES;
++ break;
++ default:
++ code = (*kaccess.mandatory_cksumtype)(context,
++ subkey->keyblock.enctype,
++ cksumtype);
++ if (code != 0)
++ return code;
++ break;
++ }
+
+ switch (subkey->keyblock.enctype) {
+ case ENCTYPE_DES_CBC_MD5:
+diff -Naurp krb5-1.8.1+dfsg.ori//src/lib/krb5/krb/mk_safe.c krb5-1.8.1+dfsg/src/lib/krb5/krb/mk_safe.c
+--- krb5-1.8.1+dfsg.ori//src/lib/krb5/krb/mk_safe.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/lib/krb5/krb/mk_safe.c 2010-12-08 09:04:32.000000000 -0500
+@@ -215,10 +215,28 @@ krb5_mk_safe(krb5_context context, krb5_
+ for (i = 0; i < nsumtypes; i++)
+ if (auth_context->safe_cksumtype == sumtypes[i])
+ break;
+- if (i == nsumtypes)
+- i = 0;
+- sumtype = sumtypes[i];
+ krb5_free_cksumtypes (context, sumtypes);
++ if (i < nsumtypes)
++ sumtype = auth_context->safe_cksumtype;
++ else {
++ switch (enctype) {
++ case ENCTYPE_DES_CBC_MD4:
++ sumtype = CKSUMTYPE_RSA_MD4_DES;
++ break;
++ case ENCTYPE_DES_CBC_MD5:
++ case ENCTYPE_DES_CBC_CRC:
++ sumtype = CKSUMTYPE_RSA_MD5_DES;
++ break;
++ default:
++ retval = krb5int_c_mandatory_cksumtype(context, enctype,
++ &sumtype);
++ if (retval) {
++ CLEANUP_DONE();
++ goto error;
++ }
++ break;
++ }
++ }
+ }
+ if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
+ plocal_fulladdr, premote_fulladdr,
+diff -Naurp krb5-1.8.1+dfsg.ori//src/lib/krb5/krb/pac.c krb5-1.8.1+dfsg/src/lib/krb5/krb/pac.c
+--- krb5-1.8.1+dfsg.ori//src/lib/krb5/krb/pac.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/lib/krb5/krb/pac.c 2010-12-08 09:04:32.000000000 -0500
+@@ -582,6 +582,8 @@ k5_pac_verify_server_checksum(krb5_conte
+ checksum.checksum_type = load_32_le(p);
+ checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH;
+ checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH;
++ if (!krb5_c_is_keyed_cksum(checksum.checksum_type))
++ return KRB5KRB_AP_ERR_INAPP_CKSUM;
+
+ pac_data.length = pac->data.length;
+ pac_data.data = malloc(pac->data.length);
+diff -Naurp krb5-1.8.1+dfsg.ori//src/lib/krb5/krb/preauth2.c krb5-1.8.1+dfsg/src/lib/krb5/krb/preauth2.c
+--- krb5-1.8.1+dfsg.ori//src/lib/krb5/krb/preauth2.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/lib/krb5/krb/preauth2.c 2010-12-08 09:04:32.000000000 -0500
+@@ -1578,7 +1578,9 @@ pa_sam_2(krb5_context context, krb5_kdc_
+
+ cksum = sc2->sam_cksum;
+
+- while (*cksum) {
++ for (; *cksum; cksum++) {
++ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
++ continue;
+ /* Check this cksum */
+ retval = krb5_c_verify_checksum(context, as_key,
+ KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
+@@ -1592,7 +1594,6 @@ pa_sam_2(krb5_context context, krb5_kdc_
+ }
+ if (valid_cksum)
+ break;
+- cksum++;
+ }
+
+ if (!valid_cksum) {
+diff -Naurp krb5-1.8.1+dfsg.ori//src/plugins/preauth/pkinit/pkinit_srv.c krb5-1.8.1+dfsg/src/plugins/preauth/pkinit/pkinit_srv.c
+--- krb5-1.8.1+dfsg.ori//src/plugins/preauth/pkinit/pkinit_srv.c 2010-04-11 09:51:50.000000000 -0400
++++ krb5-1.8.1+dfsg/src/plugins/preauth/pkinit/pkinit_srv.c 2010-12-08 09:04:32.000000000 -0500
+@@ -691,8 +691,7 @@ pkinit_server_return_padata(krb5_context
+ krb5_reply_key_pack *key_pack = NULL;
+ krb5_reply_key_pack_draft9 *key_pack9 = NULL;
+ krb5_data *encoded_key_pack = NULL;
+- unsigned int num_types;
+- krb5_cksumtype *cksum_types = NULL;
++ krb5_cksumtype cksum_type;
+
+ pkinit_kdc_context plgctx;
+ pkinit_kdc_req_context reqctx;
+@@ -882,14 +881,25 @@ pkinit_server_return_padata(krb5_context
+ retval = ENOMEM;
+ goto cleanup;
+ }
+- /* retrieve checksums for a given enctype of the reply key */
+- retval = krb5_c_keyed_checksum_types(context,
+- encrypting_key->enctype, &num_types, &cksum_types);
+- if (retval)
+- goto cleanup;
+
+- /* pick the first of acceptable enctypes for the checksum */
+- retval = krb5_c_make_checksum(context, cksum_types[0],
++ switch (encrypting_key->enctype) {
++ case ENCTYPE_DES_CBC_MD4:
++ cksum_type = CKSUMTYPE_RSA_MD4_DES;
++ break;
++ case ENCTYPE_DES_CBC_MD5:
++ case ENCTYPE_DES_CBC_CRC:
++ cksum_type = CKSUMTYPE_RSA_MD5_DES;
++ break;
++ default:
++ retval = krb5int_c_mandatory_cksumtype(context,
++ encrypting_key->enctype,
++ &cksum_type);
++ if (retval)
++ goto cleanup;
++ break;
++ }
++
++ retval = krb5_c_make_checksum(context, cksum_type,
+ encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+ req_pkt, &key_pack->asChecksum);
+ if (retval) {
+@@ -1033,7 +1043,6 @@ cleanup:
+ krb5_free_data(context, encoded_key_pack);
+ free(dh_pubkey);
+ free(server_key);
+- free(cksum_types);
+
+ switch ((int)padata->pa_type) {
+ case KRB5_PADATA_PK_AS_REQ:
--- krb5-1.8.1+dfsg.orig/debian/patches/krb5-2011-002-r18-patch
+++ krb5-1.8.1+dfsg/debian/patches/krb5-2011-002-r18-patch
@@ -0,0 +1,127 @@
+Subject: krb5 Key Distribution Center (KDC) daemon DoS
+Origin: upstream, http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-002.txt
+
+The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to
+denial of service attacks from unauthenticated remote attackers.
+CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back
+ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.
+
+Exploit code is not known to exist, but the vulnerabilities are easy
+to trigger manually. The trigger for CVE-2011-0281 has already been
+disclosed publicly, but that fact might not be obvious to casual
+readers of the message in which it was disclosed. The triggers for
+CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly,
+but they are also trivial.
+
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+index 1ca09b4..60caf3d 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
+ #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
+
+ #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \
+- do { \
+- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
+- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
+- if (ldap_server_handle) \
+- ld = ldap_server_handle->ldap_handle; \
+- } \
+- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
++ tempst = 0; \
++ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \
++ NULL, &timelimit, LDAP_NO_LIMIT, &result); \
++ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
++ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
++ if (ldap_server_handle) \
++ ld = ldap_server_handle->ldap_handle; \
++ if (tempst == 0) \
++ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \
++ NULL, NULL, &timelimit, \
++ LDAP_NO_LIMIT, &result); \
++ } \
+ \
+ if (status_check != IGNORE_STATUS) { \
+ if (tempst != 0) { \
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+index 82b0333..84e80ee 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context,
+ {
+ krb5_ldap_server_handle *handle = *ldap_server_handle;
+
++ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
+ if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
+ || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
+ return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+index f549e23..b70940f 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+@@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context,
+ * portion, then the first portion of the principal name SHOULD be
+ * "krbtgt". All this check is done in the immediate block.
+ */
+- if (searchfor->length == 2)
+- if ((strncasecmp(searchfor->data[0].data, "krbtgt",
+- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
+- (strncasecmp(searchfor->data[1].data, defrealm,
+- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
++ if (searchfor->length == 2) {
++ if (data_eq_string(searchfor->data[0], "krbtgt") &&
++ data_eq_string(searchfor->data[1], defrealm))
+ return 0;
++ }
+
+ /* first check the length, if they are not equal, then they are not same */
+ if (strlen(defrealm) != searchfor->realm.length)
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index 7ad31da..626ed1f 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+ unsigned int flags, krb5_db_entry *entries,
+ int *nentries, krb5_boolean *more)
+ {
+- char *user=NULL, *filter=NULL, **subtree=NULL;
++ char *user=NULL, *filter=NULL, *filtuser=NULL;
+ unsigned int tree=0, ntrees=1, princlen=0;
+ krb5_error_code tempst=0, st=0;
+- char **values=NULL, *cname=NULL;
++ char **values=NULL, **subtree=NULL, *cname=NULL;
+ LDAP *ld=NULL;
+ LDAPMessage *result=NULL, *ent=NULL;
+ krb5_ldap_context *ldap_context=NULL;
+@@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+ if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
+ goto cleanup;
+
+- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */
++ filtuser = ldap_filter_correct(user);
++ if (filtuser == NULL) {
++ st = ENOMEM;
++ goto cleanup;
++ }
++
++ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */
+ if ((filter = malloc(princlen)) == NULL) {
+ st = ENOMEM;
+ goto cleanup;
+ }
+- snprintf(filter, princlen, FILTER"%s))", user);
++ snprintf(filter, princlen, FILTER"%s))", filtuser);
+
+ if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
+ goto cleanup;
+@@ -231,6 +237,9 @@ cleanup:
+ if (user)
+ free(user);
+
++ if (filtuser)
++ free(filtuser);
++
+ if (cname)
+ free(cname);
+
--- krb5-1.8.1+dfsg.orig/debian/patches/kadmind-startup
+++ krb5-1.8.1+dfsg/debian/patches/kadmind-startup
@@ -0,0 +1,46 @@
+We want kadmind to background itself before it tries to seed the random
+number generator, since /dev/random may block and if read before the
+fork, it may block the whole boot process. Reported by Bernd Schubert.
+
+Not yet submitted upstream.
+
+Debian bug #364308
+
+Index: krb5/src/kadmin/server/ovsec_kadmd.c
+===================================================================
+--- krb5/src/kadmin/server/ovsec_kadmd.c (revision 18327)
++++ krb5/src/kadmin/server/ovsec_kadmd.c (working copy)
+@@ -301,15 +301,6 @@
+
+ krb5_klog_init(context, "admin_server", whoami, 1);
+
+- krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
+- ret = krb5_c_random_os_entropy(context, 1, NULL);
+- if(ret) {
+- krb5_klog_syslog(LOG_ERR,
+- "Error getting random seed: %s, aborting",
+- krb5_get_error_message (context, ret));
+- exit(1);
+- }
+-
+ if((ret = kadm5_init("kadmind", NULL,
+ NULL, ¶ms,
+ KADM5_STRUCT_VERSION,
+@@ -639,6 +630,17 @@
+ exit(1);
+ }
+
++ krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
++ ret = krb5_c_random_os_entropy(context, 1, NULL);
++ if (ret) {
++ krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
++ krb5_get_error_message(context, ret));
++ svcauth_gssapi_unset_names();
++ kadm5_destroy(global_server_handle);
++ krb5_klog_close(context);
++ exit(1);
++ }
++
+ setup_signal_handlers();
+ krb5_klog_syslog(LOG_INFO, "starting");
+ kadm_svc_run(¶ms);
--- krb5-1.8.1+dfsg.orig/debian/patches/bsd-portability
+++ krb5-1.8.1+dfsg/debian/patches/bsd-portability
@@ -0,0 +1,31 @@
+Patch for GNU/kFreeBSD portability from Petr Salinger
+.
+
+Kerberos RT #3466
+Debian bug #261712
+
+=== krb5/src/appl/telnet/telnet/sys_bsd.c
+==================================================================
+--- krb5/src/appl/telnet/telnet/sys_bsd.c (revision 2038)
++++ krb5/src/appl/telnet/telnet/sys_bsd.c (local)
+@@ -43,6 +43,8 @@
+ #include
+ #include
+ #include
++#include
++
+ #ifdef HAVE_SYS_SELECT_H
+ #include
+ #endif
+=== krb5/src/appl/telnet/telnetd/defs.h
+==================================================================
+--- krb5/src/appl/telnet/telnetd/defs.h (revision 2038)
++++ krb5/src/appl/telnet/telnetd/defs.h (local)
+@@ -38,6 +38,7 @@
+ */
+ #include
+ #include