Initial import of eBones.

(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's 
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)

Bones originally from MIT SIPB.
Original port to FreeBSD 1.x  by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.

18 files changed, 1648 insertions, 0 deletions

diff --git a/eBones/usr.bin/kadmin/kadmin.8 b/eBones/usr.bin/kadmin/kadmin.8
new file mode 100644
index 0000000..6e15015
--- /dev/null
+++ b/eBones/usr.bin/kadmin/kadmin.8
@@ -0,0 +1,158 @@
+.\" from: kadmin.8,v 4.2 89/07/25 17:20:02 jtkohl Exp $
+.\" $Id: kadmin.8,v 1.2 1994/07/19 19:27:22 g89r4222 Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <Copyright.MIT>.
+.\"
+.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kadmin \- network utility for Kerberos database administration
+.SH SYNOPSIS
+.B kadmin [-u user] [-r default_realm] [-m]
+.SH DESCRIPTION
+This utility provides a unified administration interface to
+the
+Kerberos
+master database.
+Kerberos
+administrators
+use
+.I kadmin
+to register new users and services to the master database,
+and to change information about existing database entries.
+For instance, an administrator can use
+.I kadmin
+to change a user's
+Kerberos
+password.
+A Kerberos administrator is a user with an ``admin'' instance
+whose name appears on one of the Kerberos administration access control
+lists.  If the \-u option is used, 
+.I user 
+will be used as the administrator instead of the local user.
+If the \-r option is used, 
+.I default_realm
+will be used as the default realm for transactions.  Otherwise,
+the local realm will be used by default.
+If the \-m option is used, multiple requests will be permitted 
+on only one entry of the admin password.  Some sites won't
+support this option.
+
+The
+.I kadmin
+program communicates over the network with the
+.I kadmind
+program, which runs on the machine housing the Kerberos master
+database.
+The
+.I kadmind
+creates new entries and makes modifications to the database.
+
+When you enter the
+.I kadmin
+command,
+the program displays a message that welcomes you and explains
+how to ask for help.
+Then
+.I kadmin
+waits for you to enter commands (which are described below).
+It then asks you for your
+.I admin
+password before accessing the database.
+
+Use the
+.I add_new_key
+(or
+.I ank
+for short)
+command to register a new principal
+with the master database.
+The command requires one argument,
+the principal's name.  The name
+given can be fully qualified using 
+the standard 
+.I name.instance@realm
+convention.
+You are asked to enter your
+.I admin
+password,
+then prompted twice to enter the principal's
+new password.  If no realm is specified, 
+the local realm is used unless another was
+given on the commandline with the \-r flag.  
+If no instance is
+specified, a null instance is used.  If
+a realm other than the default realm is specified,
+you will need to supply your admin password for
+the other realm.
+
+Use the
+.I change_password (cpw)
+to change a principal's
+Kerberos
+password.
+The command requires one argument,
+the principal's
+name.
+You are asked to enter your
+.I admin
+password,
+then prompted twice to enter the principal's new password.
+The name
+given can be fully qualified using 
+the standard 
+.I name.instance@realm
+convention.
+
+Use the
+.I change_admin_password (cap)
+to change your
+.I admin
+instance password.
+This command requires no arguments.
+It prompts you for your old
+.I admin
+password, then prompts you twice to enter the new
+.I admin
+password.  If this is your first command, 
+the default realm is used.  Otherwise, the realm
+used in the last command is used.
+
+Use the
+.I destroy_tickets (dest)
+command to destroy your admin tickets explicitly.
+
+Use the
+.I list_requests (lr)
+command to get a list of possible commands.
+
+Use the
+.I help
+command to display
+.IR kadmin's
+various help messages.
+If entered without an argument,
+.I help
+displays a general help message.
+You can get detailed information on specific
+.I kadmin
+commands
+by entering 
+.I help
+.IR command_name .
+
+To quit the program, type
+.IR quit .
+
+.SH BUGS
+The user interface is primitive, and the command names could be better.
+
+.SH "SEE ALSO"
+kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
+.br
+``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
+.SH AUTHORS
+Jeffrey I. Schiller, MIT Project Athena
+.br
+Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/eBones/usr.bin/kdestroy/Makefile b/eBones/usr.bin/kdestroy/Makefile
new file mode 100644
index 0000000..5947028
--- /dev/null
+++ b/eBones/usr.bin/kdestroy/Makefile
@@ -0,0 +1,11 @@
+#	From: @(#)Makefile	5.1 (Berkeley) 6/25/90
+#	$Id: Makefile,v 1.2 1994/07/19 19:24:15 g89r4222 Exp $
+
+PROG=	kdestroy
+CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -DBSD42
+DPADD=	${LIBKRB} ${LIBDES}
+LDADD=	-L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes
+BINDIR=	/usr/bin
+NOMAN=	noman
+
+.include <bsd.prog.mk>
diff --git a/eBones/usr.bin/kdestroy/kdestroy.1 b/eBones/usr.bin/kdestroy/kdestroy.1
new file mode 100644
index 0000000..7099353
--- /dev/null
+++ b/eBones/usr.bin/kdestroy/kdestroy.1
@@ -0,0 +1,81 @@
+.\" from: kdestroy.1,v 4.9 89/01/23 11:39:50 jtkohl Exp $
+.\" $Id: kdestroy.1,v 1.2 1994/07/19 19:27:32 g89r4222 Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <Copyright.MIT>.
+.\"
+.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdestroy \- destroy Kerberos tickets
+.SH SYNOPSIS
+.B kdestroy
+[
+.B \-f
+]
+[
+.B \-q
+]
+.SH DESCRIPTION
+The
+.I kdestroy
+utility destroys the user's active
+Kerberos
+authorization tickets by writing zeros to the file that contains them.
+If the ticket file does not exist,
+.I kdestroy
+displays a message to that effect.
+.PP
+After overwriting the file,
+.I kdestroy
+removes the file from the system.
+The utility
+displays a message indicating the success or failure of the
+operation.
+If
+.I kdestroy
+is unable to destroy the ticket file,
+the utility will warn you by making your terminal beep.
+.PP
+In the Athena workstation environment,
+the
+.I toehold
+service automatically destroys your tickets when you
+end a workstation session.
+If your site does not provide a similar ticket-destroying mechanism,
+you can place the
+.I kdestroy
+command in your
+.I .logout
+file so that your tickets are destroyed automatically
+when you logout.
+.PP
+The options to
+.I kdestroy
+are as follows:
+.TP 7
+.B \-f
+.I kdestroy
+runs without displaying the status message.
+.TP
+.B \-q
+.I kdestroy
+will not make your terminal beep if it fails to destroy the tickets.
+.SH FILES
+KRBTKFILE environment variable if set, otherwise
+.br
+/tmp/tkt[uid]
+.SH SEE ALSO
+kerberos(1), kinit(1), klist(1)
+.SH BUGS
+.PP
+Only the tickets in the user's current ticket file are destroyed.
+Separate ticket files are used to hold root instance and password
+changing tickets.  These files should probably be destroyed too, or
+all of a user's tickets kept in a single ticket file.
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
+.br
+Bill Sommerfeld, MIT Project Athena
diff --git a/eBones/usr.bin/kdestroy/kdestroy.c b/eBones/usr.bin/kdestroy/kdestroy.c
new file mode 100644
index 0000000..f010fcd
--- /dev/null
+++ b/eBones/usr.bin/kdestroy/kdestroy.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>. 
+ *
+ * This program causes Kerberos tickets to be destroyed.
+ * Options are: 
+ *
+ *   -q[uiet]	- no bell even if tickets not destroyed
+ *   -f[orce]	- no message printed at all 
+ *
+ *	from: kdestroy.c,v 4.5 88/03/18 15:16:02 steiner Exp $
+ *	$Id: kdestroy.c,v 1.2 1994/07/19 19:24:16 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: kdestroy.c,v 1.2 1994/07/19 19:24:16 g89r4222 Exp $";
+#endif	lint
+
+#include <stdio.h>
+#include <krb.h>
+#ifdef BSD42
+#include <strings.h>
+#endif BSD42
+
+
+static char *pname;
+
+static usage()
+{
+    fprintf(stderr, "Usage: %s [-f] [-q]\n", pname);
+    exit(1);
+}
+
+main(argc, argv)
+    char   *argv[];
+{
+    int     fflag=0, qflag=0, k_errno;
+    register char *cp;
+
+    cp = rindex (argv[0], '/');
+    if (cp == NULL)
+	pname = argv[0];
+    else
+	pname = cp+1;
+
+    if (argc > 2)
+	usage();
+    else if (argc == 2) {
+	if (!strcmp(argv[1], "-f"))
+	    ++fflag;
+	else if (!strcmp(argv[1], "-q"))
+	    ++qflag;
+	else usage();
+    }
+
+    k_errno = dest_tkt();
+
+    if (fflag) {
+	if (k_errno != 0 && k_errno != RET_TKFIL)
+	    exit(1);
+	else
+	    exit(0);
+    } else {
+	if (k_errno == 0)
+	    printf("Tickets destroyed.\n");
+	else if (k_errno == RET_TKFIL)
+	    fprintf(stderr, "No tickets to destroy.\n");
+	else {
+	    fprintf(stderr, "Tickets NOT destroyed.\n");
+	    if (!qflag)
+		fprintf(stderr, "\007");
+	    exit(1);
+	}
+    }
+    exit(0);
+}
diff --git a/eBones/usr.bin/kinit/Makefile b/eBones/usr.bin/kinit/Makefile
new file mode 100644
index 0000000..e616f42
--- /dev/null
+++ b/eBones/usr.bin/kinit/Makefile
@@ -0,0 +1,11 @@
+#	From: @(#)Makefile	5.1 (Berkeley) 6/25/90
+#	$Id: Makefile,v 1.2 1994/07/19 19:24:31 g89r4222 Exp $
+
+PROG=	kinit
+CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -DBSD42
+DPADD=	${LIBKRB} ${LIBDES}
+LDADD=	-L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes
+BINDIR=	/usr/bin
+NOMAN=	noman
+
+.include <bsd.prog.mk>
diff --git a/eBones/usr.bin/kinit/kinit.1 b/eBones/usr.bin/kinit/kinit.1
new file mode 100644
index 0000000..f9a97a7
--- /dev/null
+++ b/eBones/usr.bin/kinit/kinit.1
@@ -0,0 +1,133 @@
+.\" from: kinit.1,v 4.6 89/01/23 11:39:11 jtkohl Exp $
+.\" $Id: kinit.1,v 1.2 1994/07/19 19:27:36 g89r4222 Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <Copyright.MIT>.
+.\"
+.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kinit \- Kerberos login utility
+.SH SYNOPSIS
+.B kinit
+[
+.B \-irvl
+]
+.SH DESCRIPTION
+The
+.I kinit
+command is used to login to the
+Kerberos
+authentication and authorization system.
+Note that only registered
+Kerberos
+users can use the
+Kerberos
+system.
+For information about registering as a
+Kerberos
+user,
+see the
+.I kerberos(1)
+manual page.
+.PP
+If you are logged in to a workstation that is running the
+.I toehold
+service,
+you do not have to use
+.I kinit.
+The
+.I toehold
+login procedure will log you into
+Kerberos
+automatically.
+You will need to use
+.I kinit
+only in those situations in which
+your original tickets have expired.
+(Tickets expire in about a day.)
+Note as well that
+.I toehold
+will automatically destroy your tickets when you logout from the workstation.
+.PP
+When you use
+.I kinit
+without options,
+the utility
+prompts for your username and Kerberos password,
+and tries to authenticate your login with the local
+Kerberos
+server.
+.PP
+If
+Kerberos
+authenticates the login attempt,
+.I kinit
+retrieves your initial ticket and puts it in the ticket file specified by
+your KRBTKFILE environment variable.
+If this variable is undefined,
+your ticket will be stored in the
+.IR /tmp
+directory,
+in the file
+.I tktuid ,
+where
+.I uid
+specifies your user identification number.
+.PP
+If you have logged in to
+Kerberos
+without the benefit of the workstation
+.I toehold
+system,
+make sure you use the
+.I kdestroy
+command to destroy any active tickets before you end your login session.
+You may want to put the
+.I kdestroy
+command in your
+.I \.logout
+file so that your tickets will be destroyed automatically when you logout.
+.PP
+The options to
+.I kinit
+are as follows:
+.TP 7
+.B \-i
+.I kinit
+prompts you for a
+Kerberos
+instance.
+.TP
+.B \-r
+.I kinit
+prompts you for a
+Kerberos
+realm.
+This option lets you authenticate yourself with a remote
+Kerberos
+server.
+.TP
+.B \-v
+Verbose mode.
+.I kinit
+prints the name of the ticket file used, and
+a status message indicating the success or failure of
+your login attempt.
+.TP
+.B \-l
+.I kinit
+prompts you for a ticket lifetime in minutes.  Due to protocol
+restrictions in Kerberos Version 4, this value must be between 5 and
+1275 minutes.
+.SH SEE ALSO
+.PP
+kerberos(1), kdestroy(1), klist(1), toehold(1)
+.SH BUGS
+The
+.B \-r
+option has not been fully implemented.
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
diff --git a/eBones/usr.bin/kinit/kinit.c b/eBones/usr.bin/kinit/kinit.c
new file mode 100644
index 0000000..94ce0fe
--- /dev/null
+++ b/eBones/usr.bin/kinit/kinit.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>. 
+ *
+ * Routine to initialize user to Kerberos.  Prompts optionally for
+ * user, instance and realm.  Authenticates user and gets a ticket
+ * for the Kerberos ticket-granting service for future use. 
+ *
+ * Options are: 
+ *
+ *   -i[instance]
+ *   -r[realm]
+ *   -v[erbose]
+ *   -l[ifetime]
+ *
+ *	from: kinit.c,v 4.12 90/03/20 16:11:15 jon Exp $
+ *	$Id: kinit.c,v 1.2 1994/07/19 19:24:33 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: kinit.c,v 1.2 1994/07/19 19:24:33 g89r4222 Exp $";
+#endif	lint
+
+#include <stdio.h>
+#include <pwd.h>
+#include <krb.h>
+
+#ifndef ORGANIZATION
+#define ORGANIZATION "MIT Project Athena"
+#endif /*ORGANIZATION*/
+
+#ifdef	PC
+#define	LEN	64		/* just guessing */
+#endif	PC
+
+#if defined(BSD42) || defined(__FreeBSD__)
+#include <strings.h>
+#include <sys/param.h>
+#if 	defined(ultrix) || defined(sun)
+#define LEN	64
+#else
+#define	LEN	MAXHOSTNAMELEN
+#endif	/* defined(ultrix) || defined(sun) */
+#endif	/* BSD42 */
+
+#define	LIFE	96	/* lifetime of ticket in 5-minute units */
+
+char   *progname;
+
+void
+get_input(s, size, stream)
+char *s;
+int size;
+FILE *stream;
+{
+	char *p;
+
+	if (fgets(s, size, stream) == NULL)
+	  exit(1);
+	if ((p = index(s, '\n')) != NULL)
+		*p = '\0';
+}
+
+main(argc, argv)
+    char   *argv[];
+{
+    char    aname[ANAME_SZ];
+    char    inst[INST_SZ];
+    char    realm[REALM_SZ];
+    char    buf[LEN];
+    char   *username = NULL;
+    int     iflag, rflag, vflag, lflag, lifetime, k_errno;
+    register char *cp;
+    register i;
+
+    *inst = *realm = '\0';
+    iflag = rflag = vflag = lflag = 0;
+    lifetime = LIFE;
+    progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv;
+
+    while (--argc) {
+	if ((*++argv)[0] != '-') {
+	    if (username)
+		usage();
+	    username = *argv;
+	    continue;
+	}
+	for (i = 1; (*argv)[i] != '\0'; i++)
+	    switch ((*argv)[i]) {
+	    case 'i':		/* Instance */
+		++iflag;
+		continue;
+	    case 'r':		/* Realm */
+		++rflag;
+		continue;
+	    case 'v':		/* Verbose */
+		++vflag;
+		continue;
+	    case 'l':
+		++lflag;
+		continue;
+	    default:
+		usage();
+		exit(1);
+	    }
+    }
+    if (username &&
+	(k_errno = kname_parse(aname, inst, realm, username))
+	!= KSUCCESS) {
+	fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]);
+	iflag = rflag = 1;
+	username = NULL;
+    }
+    if (k_gethostname(buf, LEN)) {
+	fprintf(stderr, "%s: k_gethostname failed\n", progname);
+	exit(1);
+    }
+    printf("%s (%s)\n", ORGANIZATION, buf);
+    if (username) {
+	printf("Kerberos Initialization for \"%s", aname);
+	if (*inst)
+	    printf(".%s", inst);
+	if (*realm)
+	    printf("@%s", realm);
+	printf("\"\n");
+    } else {
+	if (iflag) {
+		printf("Kerberos Initialization\n");
+		printf("Kerberos name: ");
+		get_input(aname, sizeof(aname), stdin);
+	} else {
+		int uid = getuid();
+		char *getenv();
+		struct passwd *pwd;
+
+		/* default to current user name unless running as root */
+		if (uid == 0 && (username = getenv("USER")) &&
+		    strcmp(username, "root") != 0) {
+			strncpy(aname, username, sizeof(aname));
+			strncpy(inst, "root", sizeof(inst));
+		} else {
+			pwd = getpwuid(uid);
+
+			if (pwd == (struct passwd *) NULL) {
+				fprintf(stderr, "Unknown name for your uid\n");
+				printf("Kerberos name: ");
+				gets(aname);
+			} else
+				strncpy(aname, pwd->pw_name, sizeof(aname));
+		}
+	}
+		
+	if (!*aname)
+	    exit(0);
+	if (!k_isname(aname)) {
+	    fprintf(stderr, "%s: bad Kerberos name format\n",
+		    progname);
+	    exit(1);
+	}
+    }
+    /* optional instance */
+    if (iflag) {
+	printf("Kerberos instance: ");
+	get_input(inst, sizeof(inst), stdin);
+	if (!k_isinst(inst)) {
+	    fprintf(stderr, "%s: bad Kerberos instance format\n",
+		    progname);
+	    exit(1);
+	}
+    }
+    if (rflag) {
+	printf("Kerberos realm: ");
+	get_input(realm, sizeof(realm), stdin);
+	if (!k_isrealm(realm)) {
+	    fprintf(stderr, "%s: bad Kerberos realm format\n",
+		    progname);
+	    exit(1);
+	}
+    }
+    if (lflag) {
+	 printf("Kerberos ticket lifetime (minutes): ");
+	 get_input(buf, sizeof(buf), stdin);
+	 lifetime = atoi(buf);
+	 if (lifetime < 5)
+	      lifetime = 1;
+	 else
+	      lifetime /= 5;
+	 /* This should be changed if the maximum ticket lifetime */
+	 /* changes */
+	 if (lifetime > 255)
+	      lifetime = 255;
+    }
+    if (!*realm && krb_get_lrealm(realm, 1)) {
+	fprintf(stderr, "%s: krb_get_lrealm failed\n", progname);
+	exit(1);
+    }
+    k_errno = krb_get_pw_in_tkt(aname, inst, realm, "krbtgt", realm,
+				lifetime, 0);
+    if (vflag) {
+	printf("Kerberos realm %s:\n", realm);
+	printf("%s\n", krb_err_txt[k_errno]);
+    } else if (k_errno) {
+	fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]);
+	exit(1);
+    }
+}
+
+usage()
+{
+    fprintf(stderr, "Usage: %s [-irvl] [name]\n", progname);
+    exit(1);
+}
diff --git a/eBones/usr.bin/klist/Makefile b/eBones/usr.bin/klist/Makefile
new file mode 100644
index 0000000..aa0d720
--- /dev/null
+++ b/eBones/usr.bin/klist/Makefile
@@ -0,0 +1,11 @@
+#	From: @(#)Makefile	5.1 (Berkeley) 6/25/90
+#	$Id: Makefile,v 1.2 1994/07/19 19:24:37 g89r4222 Exp $
+
+PROG=	klist
+CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include
+DPADD=	${LIBKRB} ${LIBDES}
+LDADD=	-L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes
+BINDIR=	/usr/bin
+NOMAN=	noman
+
+.include <bsd.prog.mk>
diff --git a/eBones/usr.bin/klist/klist.1 b/eBones/usr.bin/klist/klist.1
new file mode 100644
index 0000000..a66e668
--- /dev/null
+++ b/eBones/usr.bin/klist/klist.1
@@ -0,0 +1,84 @@
+.\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $
+.\" $Id: klist.1,v 1.2 1994/07/19 19:27:38 g89r4222 Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <Copyright.MIT>.
+.\"
+.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+klist \- list currently held Kerberos tickets
+.SH SYNOPSIS
+.B klist
+[
+\fB\-s \fR|\fB \-t\fR
+] [
+.B \-file
+name ] [
+.B \-srvtab
+]
+.br
+.SH DESCRIPTION
+.I klist
+prints the name of the tickets file and the
+identity of the principal the tickets are for (as listed in the
+tickets file), and 
+lists the principal names of all Kerberos tickets currently held by
+the user, along with the issue and expire time for each authenticator.
+Principal names are listed in the form
+.I name.instance@realm,
+with the '.' omitted if the instance is null,
+and the '@' omitted if the realm is null.
+
+If given the
+.B \-s
+option,
+.I klist
+does not print the issue and expire times, the name of the tickets file,
+or the identity of the principal.
+
+If given the
+.B \-t
+option, 
+.B klist
+checks for the existence of a non-expired ticket-granting-ticket in the
+ticket file.  If one is present, it exits with status 0, else it exits
+with status 1.  No output is generated when this option is specified. 
+
+If given the
+.B \-file
+option, the following argument is used as the ticket file.
+Otherwise, if the
+.B KRBTKFILE
+environment variable is set, it is used.
+If this environment variable
+is not set, the file
+.B /tmp/tkt[uid]
+is used, where
+.B uid
+is the current user-id of the user.
+
+If given the
+.B \-srvtab
+option, the file is treated as a service key file, and the names of the
+keys contained therein are printed.  If no file is
+specified with a
+.B \-file
+option, the default is
+.IR /etc/srvtab .
+.SH FILES
+.TP 2i
+/etc/krb.conf
+to get the name of the local realm
+.TP
+/tmp/tkt[uid]
+as the default ticket file ([uid] is the decimal UID of the user).
+.TP
+/etc/srvtab
+as the default service key file
+.SH SEE ALSO
+.PP
+kerberos(1), kinit(1), kdestroy(1)
+.SH BUGS
+When reading a file as a service key file, very little sanity or error
+checking is performed.
diff --git a/eBones/usr.bin/klist/klist.c b/eBones/usr.bin/klist/klist.c
new file mode 100644
index 0000000..4a95bc0
--- /dev/null
+++ b/eBones/usr.bin/klist/klist.c
@@ -0,0 +1,275 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>. 
+ *
+ * Lists your current Kerberos tickets.
+ * Written by Bill Sommerfeld, MIT Project Athena.
+ *
+ *	from: klist.c,v 4.15 89/08/30 11:19:16 jtkohl Exp $
+ *	$Id: klist.c,v 1.2 1994/07/19 19:24:38 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: klist.c,v 1.2 1994/07/19 19:24:38 g89r4222 Exp $";
+#endif	lint
+
+#include <stdio.h>
+#include <strings.h>
+#include <sys/file.h>
+#include <krb.h>
+#include <prot.h>
+
+char   *tkt_string();
+char   *short_date();
+char   *whoami;			/* What was I invoked as?? */
+char   *getenv();
+
+extern char *krb_err_txt[];
+
+/* ARGSUSED */
+main(argc, argv)
+    int     argc;
+    char  **argv;
+{
+    int     long_form = 1;
+    int     tgt_test = 0;
+    int     do_srvtab = 0;
+    char   *tkt_file = NULL;
+    char   *cp;
+
+    whoami = (cp = rindex(*argv, '/')) ? cp + 1 : *argv;
+
+    while (*(++argv)) {
+	if (!strcmp(*argv, "-s")) {
+	    long_form = 0;
+	    continue;
+	}
+	if (!strcmp(*argv, "-t")) {
+	    tgt_test = 1;
+	    long_form = 0;
+	    continue;
+	}
+	if (!strcmp(*argv, "-l")) {	/* now default */
+	    continue;
+	}
+	if (!strcmp(*argv, "-file")) {
+	    if (*(++argv)) {
+		tkt_file = *argv;
+		continue;
+	    } else
+		usage();
+	}
+	if (!strcmp(*argv, "-srvtab")) {
+		if (tkt_file == NULL)	/* if no other file spec'ed,
+					   set file to default srvtab */
+		    tkt_file = KEYFILE;
+		do_srvtab = 1;
+		continue;
+	}
+	usage();
+    }
+
+    if (do_srvtab)
+	display_srvtab(tkt_file);
+    else
+	display_tktfile(tkt_file, tgt_test, long_form);
+    exit(0);
+}
+
+
+display_tktfile(file, tgt_test, long_form)
+char *file;
+int tgt_test, long_form;
+{
+    char    pname[ANAME_SZ];
+    char    pinst[INST_SZ];
+    char    prealm[REALM_SZ];
+    char    buf1[20], buf2[20];
+    int     k_errno;
+    CREDENTIALS c;
+    int     header = 1;
+
+    if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL))
+	file = TKT_FILE;
+
+    if (long_form)
+	printf("Ticket file:	%s\n", file);
+
+    /* 
+     * Since krb_get_tf_realm will return a ticket_file error, 
+     * we will call tf_init and tf_close first to filter out
+     * things like no ticket file.  Otherwise, the error that 
+     * the user would see would be 
+     * klist: can't find realm of ticket file: No ticket file (tf_util)
+     * instead of
+     * klist: No ticket file (tf_util)
+     */
+
+    /* Open ticket file */
+    if (k_errno = tf_init(file, R_TKT_FIL)) {
+	if (!tgt_test)
+		fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
+	exit(1);
+    }
+    /* Close ticket file */
+    (void) tf_close();
+
+    /* 
+     * We must find the realm of the ticket file here before calling
+     * tf_init because since the realm of the ticket file is not
+     * really stored in the principal section of the file, the
+     * routine we use must itself call tf_init and tf_close.
+     */
+    if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) {
+	if (!tgt_test)
+	    fprintf(stderr, "%s: can't find realm of ticket file: %s\n",
+		    whoami, krb_err_txt[k_errno]);
+	exit(1);
+    }
+
+    /* Open ticket file */
+    if (k_errno = tf_init(file, R_TKT_FIL)) {
+	if (!tgt_test)
+		fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
+	exit(1);
+    }
+    /* Get principal name and instance */
+    if ((k_errno = tf_get_pname(pname)) ||
+	(k_errno = tf_get_pinst(pinst))) {
+	    if (!tgt_test)
+		    fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]);
+	    exit(1);
+    }
+
+    /* 
+     * You may think that this is the obvious place to get the
+     * realm of the ticket file, but it can't be done here as the
+     * routine to do this must open the ticket file.  This is why 
+     * it was done before tf_init.
+     */
+       
+    if (!tgt_test && long_form)
+	printf("Principal:\t%s%s%s%s%s\n\n", pname,
+	       (pinst[0] ? "." : ""), pinst,
+	       (prealm[0] ? "@" : ""), prealm);
+    while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
+	if (!tgt_test && long_form && header) {
+	    printf("%-15s  %-15s  %s\n",
+		   "  Issued", "  Expires", "  Principal");
+	    header = 0;
+	}
+	if (tgt_test) {
+	    c.issue_date += ((unsigned char) c.lifetime) * 5 * 60;
+	    if (!strcmp(c.service, TICKET_GRANTING_TICKET) &&
+		!strcmp(c.instance, prealm)) {
+		if (time(0) < c.issue_date)
+		    exit(0);		/* tgt hasn't expired */
+		else
+		    exit(1);		/* has expired */
+	    }
+	    continue;			/* not a tgt */
+	}
+	if (long_form) {
+	    (void) strcpy(buf1, short_date(&c.issue_date));
+	    c.issue_date += ((unsigned char) c.lifetime) * 5 * 60;
+	    (void) strcpy(buf2, short_date(&c.issue_date));
+	    printf("%s  %s  ", buf1, buf2);
+	}
+	printf("%s%s%s%s%s\n",
+	       c.service, (c.instance[0] ? "." : ""), c.instance,
+	       (c.realm[0] ? "@" : ""), c.realm);
+    }
+    if (tgt_test)
+	exit(1);			/* no tgt found */
+    if (header && long_form && k_errno == EOF) {
+	printf("No tickets in file.\n");
+    }
+}
+
+char   *
+short_date(dp)
+    long   *dp;
+{
+    register char *cp;
+    extern char *ctime();
+    cp = ctime(dp) + 4;
+    cp[15] = '\0';
+    return (cp);
+}
+
+usage()
+{
+    fprintf(stderr,
+        "Usage: %s [ -s | -t ] [ -file filename ] [ -srvtab ]\n", whoami);
+    exit(1);
+}
+
+display_srvtab(file)
+char *file;
+{
+    int stab;
+    char serv[SNAME_SZ];
+    char inst[INST_SZ];
+    char rlm[REALM_SZ];
+    unsigned char key[8];
+    unsigned char vno;
+    int count;
+
+    printf("Server key file:   %s\n", file);
+	
+    if ((stab = open(file, O_RDONLY, 0400)) < 0) {
+	perror(file);
+	exit(1);
+    }
+    printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm",
+	   "Key Version");
+    printf("------------------------------------------------------\n");
+
+    /* argh. getst doesn't return error codes, it silently fails */
+    while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
+	   && ((count = ok_getst(stab, inst, INST_SZ)) > 0)
+	   && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
+	if (((count = read(stab,(char *) &vno,1)) != 1) ||
+	     ((count = read(stab,(char *) key,8)) != 8)) {
+	    if (count < 0)
+		perror("reading from key file");
+	    else
+		fprintf(stderr, "key file truncated\n");
+	    exit(1);
+	}
+	printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
+    }
+    if (count < 0)
+	perror(file);
+    (void) close(stab);
+}
+
+/* adapted from getst() in librkb */
+/*
+ * ok_getst() takes a file descriptor, a string and a count.  It reads
+ * from the file until either it has read "count" characters, or until
+ * it reads a null byte.  When finished, what has been read exists in
+ * the given string "s".  If "count" characters were actually read, the
+ * last is changed to a null, so the returned string is always null-
+ * terminated.  ok_getst() returns the number of characters read, including
+ * the null terminator.
+ *
+ * If there is a read error, it returns -1 (like the read(2) system call)
+ */
+
+ok_getst(fd, s, n)
+    int fd;
+    register char *s;
+{
+    register count = n;
+    int err;
+    while ((err = read(fd, s, 1)) > 0 && --count)
+        if (*s++ == '\0')
+            return (n - count);
+    if (err < 0)
+	return(-1);
+    *s = '\0';
+    return (n - count);
+}
diff --git a/eBones/usr.bin/ksrvtgt/Makefile b/eBones/usr.bin/ksrvtgt/Makefile
new file mode 100644
index 0000000..5e8944d
--- /dev/null
+++ b/eBones/usr.bin/ksrvtgt/Makefile
@@ -0,0 +1,11 @@
+#	From: @(#)Makefile	5.1 (Berkeley) 6/25/90
+#	$Id: Makefile,v 1.2 1994/07/19 19:26:54 g89r4222 Exp $
+
+PROG=	ksrvtgt
+CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include
+DPADD=	${LIBKRB} ${LIBDES}
+LDADD=	-L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes
+BINDIR=	/usr/bin
+NOMAN=	noman
+
+.include <bsd.prog.mk>
diff --git a/eBones/usr.bin/ksrvtgt/ksrvtgt.1 b/eBones/usr.bin/ksrvtgt/ksrvtgt.1
new file mode 100644
index 0000000..25fd939
--- /dev/null
+++ b/eBones/usr.bin/ksrvtgt/ksrvtgt.1
@@ -0,0 +1,51 @@
+.\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $
+.\" $Id: ksrvtgt.1,v 1.2 1994/07/19 19:27:52 g89r4222 Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <Copyright.MIT>.
+.\"
+.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a
+service key
+.SH SYNOPSIS
+.B ksrvtgt
+name instance [[realm] srvtab]
+.SH DESCRIPTION
+.I ksrvtgt
+retrieves a ticket-granting ticket with a lifetime of five (5) minutes
+for the principal
+.I name.instance@realm
+(or 
+.I name.instance@localrealm
+if
+.I realm
+is not supplied on the command line), decrypts the response using
+the service key found in
+.I srvtab
+(or in 
+.B /etc/srvtab
+if
+.I srvtab
+is not specified on the command line), and stores the ticket in the
+standard ticket cache.
+.PP
+This command is intended primarily for use in shell scripts and other
+batch-type facilities.
+.SH DIAGNOSTICS
+"Generic kerberos failure (kfailure)" can indicate a whole range of
+problems, the most common of which is the inability to read the service
+key file.
+.SH FILES
+.TP 2i
+/etc/krb.conf
+to get the name of the local realm.
+.TP
+/tmp/tkt[uid]
+The default ticket file.
+.TP
+/etc/srvtab
+The default service key file.
+.SH SEE ALSO
+kerberos(1), kinit(1), kdestroy(1)
diff --git a/eBones/usr.bin/ksrvtgt/ksrvtgt.c b/eBones/usr.bin/ksrvtgt/ksrvtgt.c
new file mode 100644
index 0000000..46bbd56
--- /dev/null
+++ b/eBones/usr.bin/ksrvtgt/ksrvtgt.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>. 
+ *
+ * Get a ticket-granting-ticket given a service key file (srvtab)
+ * The lifetime is the shortest allowed [1 five-minute interval]
+ *
+ *	from: ksrvtgt.c,v 4.3 89/07/28 10:17:28 jtkohl Exp $
+ *	$Id: ksrvtgt.c,v 1.2 1994/07/19 19:26:56 g89r4222 Exp $
+ */
+
+#ifndef lint
+const char rcsid[] =
+"$Id: ksrvtgt.c,v 1.2 1994/07/19 19:26:56 g89r4222 Exp $";
+#endif /* lint */
+
+#include <stdio.h>
+#include <sys/param.h>
+#include <krb.h>
+#include <conf.h>
+
+main(argc,argv)
+    int argc;
+    char **argv;
+{
+    char realm[REALM_SZ + 1];
+    register int code;
+    char srvtab[MAXPATHLEN + 1];
+
+    bzero(realm, sizeof(realm));
+    bzero(srvtab, sizeof(srvtab));
+
+    if (argc < 3 || argc > 5) {
+	fprintf(stderr, "Usage: %s name instance [[realm] srvtab]\n",
+		argv[0]);
+	exit(1);
+    }
+    
+    if (argc == 4)
+	(void) strncpy(srvtab, argv[3], sizeof(srvtab) -1);
+    
+    if (argc == 5) {
+	(void) strncpy(realm, argv[3], sizeof(realm) - 1);
+	(void) strncpy(srvtab, argv[4], sizeof(srvtab) -1);
+    }
+
+    if (srvtab[0] == 0)
+	(void) strcpy(srvtab, KEYFILE);
+
+    if (realm[0] == 0)
+	if (krb_get_lrealm(realm) != KSUCCESS)
+	    (void) strcpy(realm, KRB_REALM);
+
+    code = krb_get_svc_in_tkt(argv[1], argv[2], realm,
+			      "krbtgt", realm, 1, srvtab);
+    if (code)
+	fprintf(stderr, "%s\n", krb_err_txt[code]);
+    exit(code);
+}
diff --git a/eBones/usr.bin/register/Makefile b/eBones/usr.bin/register/Makefile
new file mode 100644
index 0000000..3ab09c3
--- /dev/null
+++ b/eBones/usr.bin/register/Makefile
@@ -0,0 +1,14 @@
+#	@(#)Makefile	8.1 (Berkeley) 6/1/93
+# $Id: Makefile,v 1.4 1994/07/20 09:21:07 g89r4222 Exp $
+
+PROG=	register
+SRCS=	register.c
+CFLAGS+=-DCRYPT -DDEBUG -DKERBEROS -I${.CURDIR}/../include
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+DPADD=	${LIBKRB} ${LIBDES}
+LDADD=	-lkrb -ldes -lcrypt
+BINDIR=	/usr/bin
+BINOWN=	root
+BINMODE=4555
+
+.include <bsd.prog.mk>
diff --git a/eBones/usr.bin/register/pathnames.h b/eBones/usr.bin/register/pathnames.h
new file mode 100644
index 0000000..611c54f
--- /dev/null
+++ b/eBones/usr.bin/register/pathnames.h
@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)pathnames.h	8.1 (Berkeley) 6/1/93
+ */
+
+#define	SERVER_KEYDIR	"/etc/kerberosIV/register_keys"
+#define	CLIENT_KEYFILE	"/etc/kerberosIV/.update.key"
+#define	KEYFILE_BASE	".update.key"
+#define	_PATH_KPASSWD	"/usr/bin/passwd"
diff --git a/eBones/usr.bin/register/register.1 b/eBones/usr.bin/register/register.1
new file mode 100644
index 0000000..d8bf104
--- /dev/null
+++ b/eBones/usr.bin/register/register.1
@@ -0,0 +1,63 @@
+.\" Copyright (c) 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)register.1	8.1 (Berkeley) 6/1/93
+.\"
+.TH REGISTER 1 "June 1, 1993"
+.UC 7
+.SH NAME
+register \- register with Kerberos
+.SH SYNOPSIS
+.B register
+.SH DESCRIPTION
+The
+.I register
+command
+is used to register a new user with Kerberos.
+The Kerberos server keeps record of certain trusted hosts
+from which it will accept new registrations.
+If the host on which
+.I register
+is run is trusted by Kerberos, the user
+is asked for his current password, and then
+a new password to be used with Kerberos.
+A user may only register with Kerberos one time.
+.SH FILES
+.br
+/.update.keyxx.xx.xx.xx    shared DES key with server
+.SH "SEE ALSO"
+registerd(8), kerberos(1)
+.SH DIAGNOSTICS
+\*(lqPrincipal not unique\*(rq
+if the user already exists in the Kerberos database.
+.br
+\*(lqPermission Denied,\*(rq
+if the host on which register is being run is untrusted.
diff --git a/eBones/usr.bin/register/register.c b/eBones/usr.bin/register/register.c
new file mode 100644
index 0000000..d20f848
--- /dev/null
+++ b/eBones/usr.bin/register/register.c
@@ -0,0 +1,311 @@
+/*-
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1989, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)register.c	8.1 (Berkeley) 6/1/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/signal.h>
+#include <netinet/in.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <netdb.h>
+#include <kerberosIV/des.h>
+#include <kerberosIV/krb.h>
+#include "pathnames.h"
+#include "register_proto.h"
+
+#define	SERVICE	"krbupdate"	/* service to add to KDC's database */
+#define	PROTO	"tcp"
+
+char	realm[REALM_SZ];
+char	krbhst[MAX_HSTNM];
+
+static	char	pname[ANAME_SZ];
+static	char	iname[INST_SZ];
+static	char	password[_PASSWORD_LEN];
+
+/* extern char	*sys_errlist; */
+void	die();
+void	setup_key(), type_info(), cleanup();
+
+main(argc, argv)
+	int	argc;
+	char	**argv;
+{
+	struct servent	*se;
+	struct hostent	*host;
+	struct sockaddr_in	sin, local;
+	int		rval;
+	int		sock, llen;
+	u_char		code;
+	static struct rlimit rl = { 0, 0 };
+
+	signal(SIGPIPE, die);
+
+	if (setrlimit(RLIMIT_CORE, &rl) < 0) {
+		perror("rlimit");
+		exit(1);
+	}
+
+	if ((se = getservbyname(SERVICE, PROTO)) == NULL) {
+		fprintf(stderr, "couldn't find entry for service %s\n",
+			SERVICE);
+		exit(1);
+	}
+	if ((rval = krb_get_lrealm(realm,0)) != KSUCCESS) {
+		fprintf(stderr, "couldn't get local Kerberos realm: %s\n",
+			krb_err_txt[rval]);
+		exit(1);
+	}
+
+	if ((rval = krb_get_krbhst(krbhst, realm, 1)) != KSUCCESS) {
+		fprintf(stderr, "couldn't get Kerberos host: %s\n",
+			krb_err_txt[rval]);
+		exit(1);
+	}
+
+	if ((host = gethostbyname(krbhst)) == NULL) {
+		fprintf(stderr, "couldn't get host entry for host %s\n",
+			krbhst);
+		exit(1);
+	}
+
+	sin.sin_family = host->h_addrtype;
+	(void)bcopy(host->h_addr, (char *) &sin.sin_addr, host->h_length);
+	sin.sin_port = se->s_port;
+
+	if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
+		perror("socket");
+		exit(1);
+	}
+
+	if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
+		perror("connect");
+		(void)close(sock);
+		exit(1);
+	}
+
+	llen = sizeof(local);
+	if (getsockname(sock, (struct sockaddr *) &local, &llen) < 0) {
+		perror("getsockname");
+		(void)close(sock);
+		exit(1);
+	}
+
+	setup_key(local);
+
+	type_info();
+
+	if (!get_user_info()) {
+		code = ABORT;
+		(void)des_write(sock, &code, 1);
+		cleanup();
+		exit(1);
+	}
+
+	code = APPEND_DB;
+	if (des_write(sock, &code, 1) != 1) {
+		perror("write 1");
+		cleanup();
+		exit(1);
+	}
+
+	if (des_write(sock, pname, ANAME_SZ) != ANAME_SZ) {
+		perror("write principal name");
+		cleanup();
+		exit(1);
+	}
+
+	if (des_write(sock, iname, INST_SZ) != INST_SZ) {
+		perror("write instance name");
+		cleanup();
+		exit(1);
+	}
+
+	if (des_write(sock, password, 255) != 255) {
+		perror("write password");
+		cleanup();
+		exit(1);
+	}
+
+	/* get return message */
+
+	{
+		int	cc;
+		char	msgbuf[BUFSIZ];
+
+		cc = read(sock, msgbuf, BUFSIZ);
+		if (cc <= 0) {
+			fprintf(stderr, "protocol error during key verification\n");
+			cleanup();
+			exit(1);
+		}
+		if (strncmp(msgbuf, GOTKEY_MSG, 6) != 0) {
+			fprintf(stderr, "%s: %s", krbhst, msgbuf);
+			cleanup();
+			exit(1);
+		}
+
+		cc = des_read(sock, msgbuf, BUFSIZ);
+		if (cc <= 0) {
+			fprintf(stderr, "protocol error during read\n");
+			cleanup();
+			exit(1);
+		} else {
+			printf("%s: %s", krbhst, msgbuf);
+		}
+	}
+
+	cleanup();
+	(void)close(sock);
+}
+
+void
+cleanup()
+{
+	bzero(password, 255);
+}
+
+extern	char	*crypt();
+extern	char	*getpass();
+
+int
+get_user_info()
+{
+	int	uid = getuid();
+	int	valid = 0, i;
+	struct	passwd	*pw;
+	char	*pas, *namep;
+
+	/* NB: we must run setuid-root to get at the real pw file */
+
+	if ((pw = getpwuid(uid)) == NULL) {
+		fprintf(stderr, "Who are you?\n");
+		return(0);
+	}
+	(void)seteuid(uid);
+	(void)strcpy(pname, pw->pw_name);	/* principal name */
+
+	for (i = 1; i < 3; i++) {
+		pas = getpass("login password:");
+		namep = crypt(pas, pw->pw_passwd);
+		if (strcmp(namep, pw->pw_passwd)) {
+			fprintf(stderr, "Password incorrect\n");
+			continue;
+		} else {
+			valid = 1;
+			break;
+		}
+	}
+	if (!valid)
+		return(0);
+	pas = getpass("Kerberos password (may be the same):");
+	while (*pas == NULL) {
+		printf("<NULL> password not allowed\n");
+		pas = getpass("Kerberos password (may be the same):");
+	}
+	(void)strcpy(password, pas);		/* password */
+	pas = getpass("Retype Kerberos password:");
+	if (strcmp(password, pas)) {
+		fprintf(stderr, "Password mismatch -- aborted\n");
+		return(0);
+	}
+
+	iname[0] = NULL;	/* null instance name */
+	return(1);
+}
+
+void
+setup_key(local)
+	struct	sockaddr_in	local;
+{
+	static	struct	keyfile_data	kdata;
+	static  Key_schedule		schedule;
+	int	fd;
+	char	namebuf[MAXPATHLEN];
+	extern int errno;
+
+	(void) sprintf(namebuf, "%s%s",
+		CLIENT_KEYFILE,
+		inet_ntoa(local.sin_addr));
+
+	fd = open(namebuf, O_RDONLY);
+	if (fd < 0) {
+		fprintf(stderr, "couldn't open key file %s for local host: ",
+			namebuf);
+		perror("");
+		exit(1);
+	}
+
+	if (read(fd, (char *)&kdata, sizeof(kdata)) != sizeof(kdata)) {
+		fprintf(stderr,"size error reading key file for local host %s\n",
+			inet_ntoa(local.sin_addr));
+		exit(1);
+	}
+	key_sched(kdata.kf_key, schedule);
+	des_set_key(kdata.kf_key, schedule);
+	return;
+}
+
+void
+type_info()
+{
+	printf("Kerberos user registration (realm %s)\n\n", realm);
+	printf("Please enter your login password followed by your new Kerberos password.\n");
+	printf("The Kerberos password you enter now will be used in the future\n");
+	printf("as your Kerberos password for all machines in the %s realm.\n", realm);
+	printf("You will only be allowed to perform this operation once, although you may run\n");
+	printf("the %s program from now on to change your Kerberos password.\n\n", _PATH_KPASSWD);
+}
+
+void
+die()
+{
+	fprintf(stderr, "\nServer no longer listening\n");
+	fflush(stderr);
+	cleanup();
+	exit(1);
+}
diff --git a/eBones/usr.bin/register/register_proto.h b/eBones/usr.bin/register/register_proto.h
new file mode 100644
index 0000000..5478949
--- /dev/null
+++ b/eBones/usr.bin/register/register_proto.h
@@ -0,0 +1,43 @@
+/*-
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)register_proto.h	8.1 (Berkeley) 6/1/93
+ */
+
+#define	APPEND_DB	0x01
+#define	ABORT		0x02
+
+#define	GOTKEY_MSG	"GOTKEY"
+
+struct	keyfile_data {
+	C_Block		kf_key;
+};