485 files changed, 39617 insertions, 7462 deletions

diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog
index 8f3f512..bab7d0b 100644
--- a/crypto/heimdal/ChangeLog
+++ b/crypto/heimdal/ChangeLog
@@ -1,3 +1,333 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* Release 0.3f
+
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/Makefile.am: bump version to 16:0:0
+	* lib/hdb/Makefile.am: bump version to 7:1:0
+	* lib/asn1/Makefile.am: bump version to 5:0:0
+	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
+	* lib/krb5/codec.c: remove dead code
+
+2001-05-15  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
+	parenthesis
+
+	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
+	`errno' (called system_error) to allow callers to make sure they
+	pass the current and relevant value.  update callers
+
+2001-05-14  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
+
+2001-05-14  Assar Westerlund  <assar@sics.se>
+
+	* kpasswd/kpasswdd.c: adapt to new address functions
+	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
+	* kdc/connect.c: adapt to changing address functions
+	* kdc/config.c: new krb5_config_parse_file
+	* kdc/524.c: new krb5_sockaddr2address
+	* lib/krb5/*: add some krb5_{set,clear}_error_string
+
+	* lib/asn1/k5.asn1 (LR_TYPE): add
+	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
+
+2001-05-11  Assar Westerlund  <assar@sics.se>
+
+	* kdc/kerberos5.c (tsg_rep): fix typo in variable name
+
+	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
+	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
+	types and send two prompts at once when changning password
+	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
+	* lib/krb5/krb5.h (krb5_prompt): add type
+	(krb5_prompter_fct): add anem
+
+	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
+	paramaters to krb5_cc_next_cred (as MIT does, and not as they
+	document).  From "Jacques A. Vidrine" <n@nectar.com>
+
+2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/Makefile.am: store-test
+
+	* lib/krb5/store-test.c: simple bit storage test
+
+	* lib/krb5/store.c: add more byteorder storage flags
+	
+	* lib/krb5/krb5.h: add more byteorder storage flags
+	
+	* kdc/kerberos5.c: don't use NULL where we mean 0
+
+	* kdc/kerberos5.c: put referral test code in separate function,
+	and test for KRB5_NT_SRV_INST
+
+2001-05-10  Assar Westerlund  <assar@sics.se>
+
+	* admin/list.c (do_list): do not close the keytab if opening it
+	failed
+	* admin/list.c (do_list): always print complete names.  print
+	everything to stdout.
+	* admin/list.c: print both v5 and v4 list by default
+	* admin/remove.c (kt_remove): reorganize some.  open the keytab
+	(defaulting to the modify one).
+	* admin/purge.c (kt_purge): reorganize some.  open the keytab
+	(defaulting to the modify one). correct usage strings
+	* admin/list.c (kt_list): reorganize some.  open the keytab
+	* admin/get.c (kt_get): reorganize some.  open the keytab
+	(defaulting to the modify one)
+	* admin/copy.c (kt_copy): default to modify key name.  re-organise
+	* admin/change.c (kt_change): reorganize some.  open the keytab
+	(defaulting to the modify one)
+	* admin/add.c (kt_add): reorganize some.  open the keytab
+	(defaulting to the modify one)
+	* admin/ktutil.c (main): do not open the keytab, let every
+	sub-function handle it
+
+	* kdc/config.c (configure): call free_getarg_strings
+
+	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
+	a few more errors
+
+	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
+	`use_dns' parameter boolean
+
+	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
+	* lib/krb5/context.c (init_context_from_config_file): set
+	default_keytab_modify
+	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
+	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
+	(KEYTAB_DEFAULT_MODIFY): add
+	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
+	(krb5_kt_resolve): set error string for failed keytab type
+
+2001-05-08  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/crypto.c (encryption_type): make field names more
+	consistent
+	(create_checksum): separate usage and type
+	(krb5_create_checksum): add a separate type parameter
+	(encrypt_internal): only free once on mismatched checksum length
+
+	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
+	realm we didn't manage to reach any KDC for in the error string
+
+	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
+	the entire subkey.  from <tmartin@mirapoint.com>
+
+2001-05-07  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
+	KT_NOTFOUND if the file is empty
+
+2001-05-07  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
+	fatally
+	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
+	fails fatally
+
+	* lib/krb5/warn.c (_warnerr): print error_string in context in
+	preference to error string derived from error code
+	* kuser/kinit.c (main): try to print the error string
+	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
+	error strings for errors
+
+	* lib/krb5/krb5.h (krb5_context_data): add error_string and
+	error_buf
+	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
+	* lib/krb5/error_string.c: new file
+
+2001-05-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/time.c: krb5_string_to_deltat
+
+	* lib/krb5/sock_principal.c: one less data copy
+
+	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
+
+	* lib/krb5/get_default_principal.c: change this slightly
+
+	* lib/krb5/crypto.c: make checksum_types into an array of pointers
+
+	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
+	ticket
+
+2001-04-29  Assar Westerlund  <assar@sics.se>
+
+	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
+	the right realm if we fail to find a non-krbtgt service in the
+	database and the second component does a succesful non-dns lookup
+	to get the real realm (which has to be different from the
+	originally-supplied realm).  this should help windows 2000 clients
+	that always start their lookups in `their' realm and do not have
+	any idea of how to map hostnames into realms
+	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
+
+2001-04-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
+	parameter to request use of dns or not
+
+2001-04-25  Assar Westerlund  <assar@sics.se>
+
+	* admin/get.c (kt_get): allow specification of encryption types
+	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
+	close an unopened ccache, noted by <marc@mit.edu>
+
+	* lib/krb5/krb5.h (krb5_any_ops): add declaration
+	* lib/krb5/context.c (init_context_from_config_file): register
+	krb5_any_ops
+
+	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
+	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
+	
+	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
+	== NULL.  noted by <marc@mit.edu>
+
+2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
+	else, from Jacques Vidrine
+
+2001-04-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
+
+	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
+
+	* lib/krb5/krb5.h: adapt to asn1 changes
+
+	* lib/asn1/k5.asn1: move enctypes here
+
+	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
+	conflicts
+
+	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
+	conflicts
+
+	* lib/asn1/lex.l: use strtol to parse constants
+
+2001-04-06  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kuser/kinit.c: add simple support for running commands
+
+2001-03-26  Assar Westerlund  <assar@sics.se>
+
+	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
+	with more versions of openldap
+
+	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
+	replies
+	(*): update callers of krb5_km_error
+	(check_tgs_flags): handle renews requesting non-renewable tickets
+
+	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
+	and cusec
+
+	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
+	compatibility names
+
+	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
+	means pick from the `crypto' (context) and otherwise use that
+	type.  this is not a large change in practice and allows callers
+	to specify the exact checksum algorithm to use
+
+2001-03-13  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
+	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
+	integrity'.  this helps for talking to old (pre 0.3d) KDCs
+
+2001-03-12  Assar Westerlund  <assar@pdc.kth.se>
+
+	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
+	derived-key-test.c
+	* lib/krb5/string-to-key-test.c: add new test vectors posted by
+	Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
+	ietf-krb-wg@anl.gov
+	* lib/krb5/n-fold-test.c: more test vectors from same source
+	* lib/krb5/derived-key-test.c: more tests from same source
+
+2001-03-06  Assar Westerlund  <assar@sics.se>
+
+	* acconfig.h: include roken_rename.h when appropriate
+
+2001-03-06  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
+
+2001-03-04  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
+	compatibility with MIT krb5
+
+2001-03-02  Assar Westerlund  <assar@sics.se>
+
+	* kuser/kinit.c (main): only request a renewable ticket when
+	explicitly requested.  it still gets a renewable one if the renew
+	life is specified
+	* kuser/kinit.c (renew_validate): treat -1 as flags not being set
+
+2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
+
+2001-02-27  Johan Danielsson  <joda@pdc.kth.se>
+
+	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
+
+2001-02-25  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: do not use -R when testing for des functions
+
+2001-02-14  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: test for lber.h when trying to link against
+ 	openldap to handle openldap v1, from Sumit Bose
+ 	<sumit.bose@suse.de>
+
+2001-02-19  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/libasn1.h: add string.h (for memset)
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/warn.c (_warnerr): add printf attributes
+	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
+	returned by getaddrinfo before trying the next kdc.  from
+	thorpej@netbsd.org
+
+	* lib/krb5/krb5.conf.5: fix default_realm in example
+
+	* kdc/connect.c: fix a few kdc_log format types
+
+	* configure.in: try to handle libdes/libcrypto ont requiring -L
+
+2001-02-10  Assar Westerlund  <assar@sics.se>
+
+	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
+	the beginning of the generated function, and add a label `fail'
+	that the code jumps to in case of errors that frees all allocated
+	data
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* configure.in: aix dce: fix misquotes, from Ake Sandgren
+	<ake@cs.umu.se>
+
+	* configure.in (dpagaix_LDFLAGS): try to add export file
+
+2001-02-05  Assar Westerlund  <assar@sics.se>
+
+	* lib/krb5/krb5_keytab.3: new man page, contributed by
+	<lha@stacken.kth.se>
+
+	* kdc/kaserver.c: update to new db_fetch4
+
 2001-02-05  Assar Westerlund  <assar@assaris.sics.se>
 
 	* Release 0.3e
diff --git a/crypto/heimdal/Makefile.in b/crypto/heimdal/Makefile.in
index f534fb7..ad1b47c 100644
--- a/crypto/heimdal/Makefile.in
+++ b/crypto/heimdal/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl doc tools
@@ -212,9 +215,10 @@ configure.in install-sh ltconfig ltmain.sh missing mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 
 GZIP_ENV = --best
+DIST_SUBDIRS =  $(SUBDIRS)
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile
 
@@ -284,11 +288,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -334,6 +343,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS
index 1005e93..a53da3a 100644
--- a/crypto/heimdal/NEWS
+++ b/crypto/heimdal/NEWS
@@ -1,3 +1,28 @@
+Changes in release 0.3f
+
+ * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
+   the new keytab type that tries both of these in order (SRVTAB is
+   also an alias for krb4:)
+
+ * improve error reporting and error handling (error messages should
+   be more detailed and more useful)
+
+ * improve building with openssl
+
+ * add kadmin -K, rcp -F 
+
+ * fix two incorrect weak DES keys
+
+ * fix building of kaserver compat in KDC
+
+ * the API is closer to what MIT krb5 is using
+
+ * more compatible with windows 2000
+
+ * removed some memory leaks
+
+ * bug fixes
+
 Changes in release 0.3e
 
  * rcp program included
diff --git a/crypto/heimdal/acconfig.h b/crypto/heimdal/acconfig.h
index 8740dae..4ef0398 100644
--- a/crypto/heimdal/acconfig.h
+++ b/crypto/heimdal/acconfig.h
@@ -98,3 +98,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
 #  define WORDS_BIGENDIAN 1
 #  endif
 #endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/heimdal/aclocal.m4 b/crypto/heimdal/aclocal.m4
index 895b888..2c04f7f 100644
--- a/crypto/heimdal/aclocal.m4
+++ b/crypto/heimdal/aclocal.m4
@@ -1,14 +1,15 @@
-dnl ./aclocal.m4 generated automatically by aclocal 1.4a
+# ./aclocal.m4 generated automatically by aclocal 1.4b
 
-dnl Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
 
-dnl This program is distributed in the hope that it will be useful,
-dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-dnl PARTICULAR PURPOSE.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
 
 dnl $Id: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $
 dnl
@@ -49,32 +50,40 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
 ])])
 # Like AC_CONFIG_HEADER, but automatically create stamp file.
 
-AC_DEFUN(AM_CONFIG_HEADER,
-[AC_PREREQ([2.12])
-AC_CONFIG_HEADER([$1])
-dnl When config.status generates a header, we must update the stamp-h file.
-dnl This file resides in the same directory as the config header
-dnl that is generated.  We must strip everything past the first ":",
-dnl and everything past the last "/".
-AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl
-ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>,
-<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>,
-<<am_indx=1
-for am_file in <<$1>>; do
-  case " <<$>>CONFIG_HEADERS " in
-  *" <<$>>am_file "*<<)>>
-    echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx
-    ;;
-  esac
-  am_indx=`expr "<<$>>am_indx" + 1`
-done<<>>dnl>>)
-changequote([,]))])
+# serial 3
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  We must strip everything past the first ":",
+# and everything past the last "/".
+
+AC_PREREQ([2.12])
+
+AC_DEFUN([AM_CONFIG_HEADER],
+[AC_CONFIG_HEADER([$1])
+  AC_OUTPUT_COMMANDS(
+   ifelse(patsubst([$1], [[^ ]], []),
+	  [],
+	  [test -z "$CONFIG_HEADERS" || echo timestamp >dnl
+	   patsubst([$1], [^\([^:]*/\)?.*], [\1])stamp-h]),
+  [am_indx=1
+  for am_file in $1; do
+    case " $CONFIG_HEADERS " in
+    *" $am_file "*)
+      echo timestamp > `echo $am_file | sed 's%:.*%%;s%[^/]*$%%'`stamp-h$am_indx
+      ;;
+    esac
+    am_indx=\`expr \$am_indx + 1\`
+  done])
+])
 
 # Do all the work for Automake.  This macro actually does too much --
 # some checks are only needed if your package does certain things.
 # But this isn't really a big deal.
 
-# serial 2
+# serial 3
+
+AC_PREREQ([2.13])
 
 # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
 # -----------------------------------------------------------
@@ -92,12 +101,11 @@ ifdef([AC_PROVIDE_IFELSE],
 
 # AM_INIT_AUTOMAKE(PACKAGE,VERSION, [NO-DEFINE])
 # ----------------------------------------------
-AC_DEFUN(AM_INIT_AUTOMAKE,
+AC_DEFUN([AM_INIT_AUTOMAKE],
 [dnl We require 2.13 because we rely on SHELL being computed by configure.
-AC_PREREQ([2.13])dnl
 AC_REQUIRE([AC_PROG_INSTALL])dnl
 # test to see if srcdir already configured
-if test "`CDPATH=: && cd $srcdir && pwd`" != "`pwd`" &&
+if test "`CDPATH=:; cd $srcdir && pwd`" != "`pwd`" &&
    test -f $srcdir/config.status; then
   AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
 fi
@@ -121,8 +129,8 @@ AM_MISSING_PROG(AUTOHEADER, autoheader)
 AM_MISSING_PROG(MAKEINFO, makeinfo)
 AM_MISSING_PROG(AMTAR, tar)
 AM_MISSING_INSTALL_SH
-dnl We need awk for the "check" target.  The system "awk" is bad on
-dnl some platforms.
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
 AC_REQUIRE([AC_PROG_AWK])dnl
 AC_REQUIRE([AC_PROG_MAKE_SET])dnl
 AC_REQUIRE([AM_DEP_TRACK])dnl
@@ -141,7 +149,7 @@ AC_PROVIDE_IFELSE([AC_PROG_CXX],
 # Check to make sure that the build environment is sane.
 #
 
-AC_DEFUN(AM_SANITY_CHECK,
+AC_DEFUN([AM_SANITY_CHECK],
 [AC_MSG_CHECKING([whether build environment is sane])
 # Just in case
 sleep 1
@@ -180,15 +188,15 @@ fi
 rm -f conftest*
 AC_MSG_RESULT(yes)])
 
-dnl AM_MISSING_PROG(NAME, PROGRAM)
-AC_DEFUN(AM_MISSING_PROG, [
+# AM_MISSING_PROG(NAME, PROGRAM)
+AC_DEFUN([AM_MISSING_PROG], [
 AC_REQUIRE([AM_MISSING_HAS_RUN])
 $1=${$1-"${am_missing_run}$2"}
 AC_SUBST($1)])
 
-dnl Like AM_MISSING_PROG, but only looks for install-sh.
-dnl AM_MISSING_INSTALL_SH()
-AC_DEFUN(AM_MISSING_INSTALL_SH, [
+# Like AM_MISSING_PROG, but only looks for install-sh.
+# AM_MISSING_INSTALL_SH()
+AC_DEFUN([AM_MISSING_INSTALL_SH], [
 AC_REQUIRE([AM_MISSING_HAS_RUN])
 if test -z "$install_sh"; then
    install_sh="$ac_aux_dir/install-sh"
@@ -200,13 +208,13 @@ if test -z "$install_sh"; then
 fi
 AC_SUBST(install_sh)])
 
-dnl AM_MISSING_HAS_RUN.
-dnl Define MISSING if not defined so far and test if it supports --run.
-dnl If it does, set am_missing_run to use it, otherwise, to nothing.
+# AM_MISSING_HAS_RUN.
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
 AC_DEFUN([AM_MISSING_HAS_RUN], [
 test x"${MISSING+set}" = xset || \
-  MISSING="\${SHELL} `CDPATH=: && cd $ac_aux_dir && pwd`/missing"
-dnl Use eval to expand $SHELL
+  MISSING="\${SHELL} `CDPATH=:; cd $ac_aux_dir && pwd`/missing"
+# Use eval to expand $SHELL
 if eval "$MISSING --run :"; then
   am_missing_run="$MISSING --run "
 else
@@ -216,14 +224,14 @@ else
 fi
 ])
 
-dnl See how the compiler implements dependency checking.
-dnl Usage:
-dnl AM_DEPENDENCIES(NAME)
-dnl NAME is "CC", "CXX" or "OBJC".
+# See how the compiler implements dependency checking.
+# Usage:
+# AM_DEPENDENCIES(NAME)
+# NAME is "CC", "CXX" or "OBJC".
 
-dnl We try a few techniques and use that to set a single cache variable.
+# We try a few techniques and use that to set a single cache variable.
 
-AC_DEFUN(AM_DEPENDENCIES,[
+AC_DEFUN([AM_DEPENDENCIES],[
 AC_REQUIRE([AM_SET_DEPDIR])
 AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])
 ifelse([$1],CC,[
@@ -259,10 +267,13 @@ if test -z "$AMDEP"; then
       ;;
     none) break ;;
     esac
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.
     if depmode="$depmode" \
        source=conftest.c object=conftest.o \
        depfile=conftest.Po tmpdepfile=conftest.TPo \
-       $SHELL $am_depcomp $depcc -c conftest.c 2>/dev/null &&
+       $SHELL $am_depcomp $depcc -c conftest.c -o conftest.o >/dev/null 2>&1 &&
        grep conftest.h conftest.Po > /dev/null 2>&1; then
       am_cv_[$1]_dependencies_compiler_type="$depmode"
       break
@@ -279,19 +290,22 @@ AC_MSG_RESULT($am_cv_[$1]_dependencies_compiler_type)
 AC_SUBST([$1]DEPMODE)
 ])
 
-dnl Choose a directory name for dependency files.
-dnl This macro is AC_REQUIREd in AM_DEPENDENCIES
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in AM_DEPENDENCIES
 
-AC_DEFUN(AM_SET_DEPDIR,[
+AC_DEFUN([AM_SET_DEPDIR],[
 if test -d .deps || mkdir .deps 2> /dev/null || test -d .deps; then
   DEPDIR=.deps
+  # We redirect because .deps might already exist and be populated.
+  # In this situation we don't want to see an error.
+  rmdir .deps > /dev/null 2>&1
 else
   DEPDIR=_deps
 fi
 AC_SUBST(DEPDIR)
 ])
 
-AC_DEFUN(AM_DEP_TRACK,[
+AC_DEFUN([AM_DEP_TRACK],[
 AC_ARG_ENABLE(dependency-tracking,
 [  --disable-dependency-tracking Speeds up one-time builds
   --enable-dependency-tracking  Do not reject slow dependency extractors])
@@ -316,16 +330,16 @@ subst(AMDEPBACKSLASH)
 popdef([subst])
 ])
 
-dnl Generate code to set up dependency tracking.
-dnl This macro should only be invoked once -- use via AC_REQUIRE.
-dnl Usage:
-dnl AM_OUTPUT_DEPENDENCY_COMMANDS
+# Generate code to set up dependency tracking.
+# This macro should only be invoked once -- use via AC_REQUIRE.
+# Usage:
+# AM_OUTPUT_DEPENDENCY_COMMANDS
 
-dnl
-dnl This code is only required when automatic dependency tracking
-dnl is enabled.  FIXME.  This creates each `.P' file that we will
-dnl need in order to bootstrap the dependency handling code.
-AC_DEFUN(AM_OUTPUT_DEPENDENCY_COMMANDS,[
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],[
 AC_OUTPUT_COMMANDS([
 test x"$AMDEP" != x"" ||
 for mf in $CONFIG_FILES; do
@@ -368,9 +382,9 @@ done
 ac_aux_dir="$ac_aux_dir"])])
 
 
-dnl AM_PROG_LEX
-dnl Look for flex, lex or missing, then run AC_PROG_LEX and AC_DECL_YYTEXT
-AC_DEFUN(AM_PROG_LEX,
+# AM_PROG_LEX
+# Look for flex, lex or missing, then run AC_PROG_LEX and AC_DECL_YYTEXT
+AC_DEFUN([AM_PROG_LEX],
 [AC_REQUIRE([AM_MISSING_HAS_RUN])
 AC_CHECK_PROGS(LEX, flex lex, [${am_missing_run}flex])
 AC_PROG_LEX
@@ -1371,7 +1385,7 @@ dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra
 AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
 AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
 
-dnl $Id: roken-frag.m4,v 1.19 2000/12/15 14:29:54 assar Exp $
+dnl $Id: roken-frag.m4,v 1.21 2001/05/11 13:58:21 joda Exp $
 dnl
 dnl some code to get roken working
 dnl
@@ -1445,6 +1459,7 @@ AC_CHECK_HEADERS([\
 	rpcsvc/dbm.h				\
 	rpcsvc/ypclnt.h				\
 	shadow.h				\
+	sys/bswap.h				\
 	sys/ioctl.h				\
 	sys/param.h				\
 	sys/proc.h				\
@@ -1536,8 +1551,10 @@ AC_CHECK_FUNCS([				\
 	asprintf				\
 	cgetent					\
 	getconfattr				\
+	getprogname				\
 	getrlimit				\
 	getspnam				\
+	setprogname				\
 	strsvis					\
 	strunvis				\
 	strvis					\
@@ -1614,6 +1631,16 @@ AC_NEED_PROTO([
 vasnprintf)dnl
 fi
 
+AC_FIND_FUNC_NO_LIBS(bswap16,,
+[#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif],0)
+
+AC_FIND_FUNC_NO_LIBS(bswap32,,
+[#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif],0)
+
 AC_FIND_FUNC_NO_LIBS(pidfile,util,
 [#ifdef HAVE_UTIL_H
 #include <util.h>
@@ -2066,7 +2093,7 @@ fi
 
 # Define a conditional.
 
-AC_DEFUN(AM_CONDITIONAL,
+AC_DEFUN([AM_CONDITIONAL],
 [AC_SUBST($1_TRUE)
 AC_SUBST($1_FALSE)
 if $2; then
@@ -2077,7 +2104,7 @@ else
   $1_FALSE=
 fi])
 
-dnl $Id: krb-ipv6.m4,v 1.9 2000/12/26 20:27:30 assar Exp $
+dnl $Id: krb-ipv6.m4,v 1.10 2001/03/26 03:28:03 assar Exp $
 dnl
 dnl test for IPv6
 dnl
@@ -2087,6 +2114,7 @@ AC_ARG_WITH(ipv6,
 if test "$withval" = "no"; then
 	ac_cv_lib_ipv6=no
 fi])
+save_CFLAGS="${CFLAGS}"
 AC_CACHE_VAL(ac_cv_lib_ipv6,
 [dnl check for different v6 implementations (by itojun)
 v6type=unknown
@@ -2197,6 +2225,8 @@ AC_MSG_CHECKING(for IPv6)
 AC_MSG_RESULT($ac_cv_lib_ipv6)
 if test "$ac_cv_lib_ipv6" = yes; then
   AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
+else
+  CFLAGS="${save_CFLAGS}"
 fi
 ])
 
@@ -2295,7 +2325,7 @@ undefine([foo])
 fi
 ])
 
-dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
+dnl $Id: broken-glob.m4,v 1.3 2001/03/26 11:40:24 assar Exp $
 dnl
 dnl check for glob(3)
 dnl
@@ -2305,12 +2335,13 @@ ac_cv_func_glob_working=yes
 AC_TRY_LINK([
 #include <stdio.h>
 #include <glob.h>],[
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT,
+NULL, NULL);
 ],:,ac_cv_func_glob_working=no,:))
 
 if test "$ac_cv_func_glob_working" = yes; then
 	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
-	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
 fi
 if test "$ac_cv_func_glob_working" = yes; then
 AC_NEED_PROTO([#include <stdio.h>
@@ -2486,49 +2517,6 @@ AH_BOTTOM([#ifdef BROKEN_REALLOC
 #endif])
 ])
 
-dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $
-dnl
-dnl
-dnl test for broken getcwd in (SunOS braindamage)
-dnl
-
-AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
-if test "$ac_cv_func_getcwd" = yes; then
-AC_MSG_CHECKING(if getcwd is broken)
-AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
-ac_cv_func_getcwd_broken=no
-
-AC_TRY_RUN([
-#include <errno.h>
-char *getcwd(char*, int);
-
-void *popen(char *cmd, char *mode)
-{
-	errno = ENOTTY;
-	return 0;
-}
-
-int main()
-{
-	char *ret;
-	ret = getcwd(0, 1024);
-	if(ret == 0 && errno == ENOTTY)
-		return 0;
-	return 1;
-}
-], ac_cv_func_getcwd_broken=yes,:,:)
-])
-if test "$ac_cv_func_getcwd_broken" = yes; then
-	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
-	LIBOBJS="$LIBOBJS getcwd.o"
-	AC_SUBST(LIBOBJS)dnl
-	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
-else
-	AC_MSG_RESULT([seems ok])
-fi
-fi
-])
-
 dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
 dnl
 dnl
diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in
index 9c192ad..44df52e 100644
--- a/crypto/heimdal/admin/Makefile.in
+++ b/crypto/heimdal/admin/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 man_MANS = ktutil.8
@@ -254,7 +257,7 @@ OBJECTS = $(am_ktutil_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile
 
@@ -387,6 +390,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c
index 954b5f8..5ad6517 100644
--- a/crypto/heimdal/admin/add.c
+++ b/crypto/heimdal/admin/add.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,12 +33,13 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: add.c,v 1.1 2000/01/02 04:41:00 assar Exp $");
+RCSID("$Id: add.c,v 1.2 2001/05/10 15:39:15 assar Exp $");
 
 int
 kt_add(int argc, char **argv)
 {
     krb5_error_code ret;
+    krb5_keytab keytab;
     krb5_keytab_entry entry;
     char buf[128];
     char *principal_string = NULL;
@@ -71,30 +72,47 @@ kt_add(int argc, char **argv)
 
     if(getarg(args, num_args, argc, argv, &optind)) {
 	arg_printusage(args, num_args, "ktutil add", "");
-	return 0;
+	return 1;
     }
     if(help_flag) {
 	arg_printusage(args, num_args, "ktutil add", "");
-	return 0;
+	return 1;
     }
+    if (keytab_string == NULL) {
+	ret = krb5_kt_default_modify_name (context, keytab_buf,
+					   sizeof(keytab_buf));
+	if (ret) {
+	    krb5_warn(context, ret, "krb5_kt_default_modify_name");
+	    return 1;
+	}
+	keytab_string = keytab_buf;
+    }
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+	return 1;
+    }
+
+    if (verbose_flag)
+	fprintf (stderr, "Using keytab %s\n", keytab_string);
+	
+    memset(&entry, 0, sizeof(entry));
     if(principal_string == NULL) {
 	printf("Principal: ");
 	if (fgets(buf, sizeof(buf), stdin) == NULL)
-	    return 0;
+	    return 1;
 	buf[strcspn(buf, "\r\n")] = '\0';
 	principal_string = buf;
     }
     ret = krb5_parse_name(context, principal_string, &entry.principal);
     if(ret) {
 	krb5_warn(context, ret, "%s", principal_string);
-	return 0;
+	goto out;
     }
     if(enctype_string == NULL) {
 	printf("Encryption type: ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL) {
-	    krb5_free_principal (context, entry.principal);
-	    return 0;
-	}
+	if (fgets(buf, sizeof(buf), stdin) == NULL)
+	    goto out;
 	buf[strcspn(buf, "\r\n")] = '\0';
 	enctype_string = buf;
     }
@@ -105,24 +123,19 @@ kt_add(int argc, char **argv)
 	    enctype = t;
 	else {
 	    krb5_warn(context, ret, "%s", enctype_string);
-	    krb5_free_principal(context, entry.principal);
-	    return 0;
+	    goto out;
 	}
     }
     if(kvno == -1) {
 	printf("Key version: ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL) {
-	    krb5_free_principal (context, entry.principal);
-	    return 0;
-	}
+	if (fgets(buf, sizeof(buf), stdin) == NULL)
+	    goto out;
 	buf[strcspn(buf, "\r\n")] = '\0';
 	kvno = atoi(buf);
     }
     if(password_string == NULL && random_flag == 0) {
-	if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
-	    krb5_free_principal (context, entry.principal);
-	    return 0;
-	}
+	if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1))
+	    goto out;
 	password_string = buf;
     }
     if(password_string) {
@@ -150,6 +163,8 @@ kt_add(int argc, char **argv)
     ret = krb5_kt_add_entry(context, keytab, &entry);
     if(ret)
 	krb5_warn(context, ret, "add");
+ out:
     krb5_kt_free_entry(context, &entry);
+    krb5_kt_close(context, keytab);
     return 0;
 }
diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c
index 128395a..c523dc4 100644
--- a/crypto/heimdal/admin/change.c
+++ b/crypto/heimdal/admin/change.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,10 +33,11 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: change.c,v 1.2 2000/06/03 12:24:03 assar Exp $");
+RCSID("$Id: change.c,v 1.3 2001/05/10 15:40:07 assar Exp $");
 
 static void
-change_entry (krb5_context context, krb5_keytab_entry *entry,
+change_entry (krb5_context context, krb5_keytab keytab,
+	      krb5_keytab_entry *entry,
 	      const char *realm, const char *admin_server, int server_port)
 {
     krb5_error_code ret;
@@ -49,7 +50,7 @@ change_entry (krb5_context context, krb5_keytab_entry *entry,
 
     ret = krb5_unparse_name (context, entry->principal, &client_name);
     if (ret) {
-	krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx");
+	krb5_warn (context, ret, "krb5_unparse_name");
 	return;
     }
 
@@ -113,6 +114,7 @@ int
 kt_change (int argc, char **argv)
 {
     krb5_error_code ret;
+    krb5_keytab keytab;
     krb5_kt_cursor cursor;
     krb5_keytab_entry entry;
     char *realm = NULL;
@@ -145,21 +147,39 @@ kt_change (int argc, char **argv)
        || help_flag) {
 	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
 		       "ktutil change", "principal...");
-	return 0;
+	return 1;
     }
     
+    if (keytab_string == NULL) {
+	ret = krb5_kt_default_modify_name (context, keytab_buf,
+					   sizeof(keytab_buf));
+	if (ret) {
+	    krb5_warn(context, ret, "krb5_kt_default_modify_name");
+	    return 1;
+	}
+	keytab_string = keytab_buf;
+    }
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+	return 1;
+    }
+
+    if (verbose_flag)
+	fprintf (stderr, "Using keytab %s\n", keytab_string);
+	
     j = 0;
     max = 10;
     princs = malloc (max * sizeof(*princs));
     if (princs == NULL) {
 	krb5_warnx (context, "malloc: out of memory");
-	return 1;
+	goto out;
     }
 
     ret = krb5_kt_start_seq_get(context, keytab, &cursor);
     if(ret){
 	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	return 1;
+	goto out;
     }
 
     while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
@@ -174,7 +194,8 @@ kt_change (int argc, char **argv)
 	    continue;
 
 	if (optind == argc) {
-	    change_entry (context, &entry, realm, admin_server, server_port);
+	    change_entry (context, keytab, &entry, realm, admin_server,
+			  server_port);
 	    done = 1;
 	} else {
 	    for (i = optind; i < argc; ++i) {
@@ -186,7 +207,7 @@ kt_change (int argc, char **argv)
 		    continue;
 		}
 		if (krb5_principal_compare (context, princ, entry.principal)) {
-		    change_entry (context, &entry,
+		    change_entry (context, keytab, &entry,
 				  realm, admin_server, server_port);
 		    done = 1;
 		}
@@ -220,5 +241,7 @@ kt_change (int argc, char **argv)
 	krb5_free_principal (context, princs[j]);
     free (princs);
     ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ out:
+    krb5_kt_close(context, keytab);
     return 0;
 }
diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c
index d2b5069..a446d09 100644
--- a/crypto/heimdal/admin/copy.c
+++ b/crypto/heimdal/admin/copy.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: copy.c,v 1.5 2000/12/16 00:45:29 joda Exp $");
+RCSID("$Id: copy.c,v 1.7 2001/05/11 00:54:01 assar Exp $");
 
 
 static krb5_boolean
@@ -57,22 +57,25 @@ kt_copy_int (const char *from, const char *to)
     ret = krb5_kt_resolve (context, from, &src_keytab);
     if (ret) {
 	krb5_warn (context, ret, "resolving src keytab `%s'", from);
-	return 0;
+	return 1;
     }
 
     ret = krb5_kt_resolve (context, to, &dst_keytab);
     if (ret) {
 	krb5_kt_close (context, src_keytab);
 	krb5_warn (context, ret, "resolving dst keytab `%s'", to);
-	return 0;
+	return 1;
     }
 
     ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
     if (ret) {
 	krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	goto fail;
+	goto out;
     }
 
+    if (verbose_flag)
+	fprintf(stderr, "copying %s to %s\n", from, to);
+
     while((ret = krb5_kt_next_entry(context, src_keytab,
 				    &entry, &cursor)) == 0) {
 	char *name_str;
@@ -121,7 +124,7 @@ kt_copy_int (const char *from, const char *to)
     }
     krb5_kt_end_seq_get (context, src_keytab, &cursor);
 
-  fail:
+  out:
     krb5_kt_close (context, src_keytab);
     krb5_kt_close (context, dst_keytab);
     return 0;
@@ -146,12 +149,12 @@ kt_copy (int argc, char **argv)
     if(getarg(args, num_args, argc, argv, &optind)) {
 	arg_printusage(args, num_args, "ktutil copy",
 		       "keytab-src keytab-dest");
-	return 0;
+	return 1;
     }
     if (help_flag) {
 	arg_printusage(args, num_args, "ktutil copy",
 		       "keytab-src keytab-dest");
-	return 0;
+	return 1;
     }
 
     argv += optind;
@@ -160,7 +163,7 @@ kt_copy (int argc, char **argv)
     if (argc != 2) {
 	arg_printusage(args, num_args, "ktutil copy",
 		       "keytab-src keytab-dest");
-	return 0;
+	return 1;
     }
 
     return kt_copy_int(argv[0], argv[1]);
@@ -220,7 +223,7 @@ conv(int srvconv, int argc, char **argv)
 	if(keytab_string != NULL)
 	    return kt_copy_int(kt4, keytab_string);
 	else {
-	    krb5_kt_default_name(context, kt5, sizeof(kt5));
+	    krb5_kt_default_modify_name(context, kt5, sizeof(kt5));
 	    return kt_copy_int(kt4, kt5);
 	}
     } else {
diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c
index 5df72a1..c9d49dd 100644
--- a/crypto/heimdal/admin/get.c
+++ b/crypto/heimdal/admin/get.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,14 +33,15 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: get.c,v 1.16 2000/12/31 02:51:43 assar Exp $");
+RCSID("$Id: get.c,v 1.18 2001/05/10 15:42:01 assar Exp $");
 
 int
 kt_get(int argc, char **argv)
 {
-    krb5_error_code ret;
+    krb5_error_code ret = 0;
+    krb5_keytab keytab;
     kadm5_config_params conf;
-    void *kadm_handle;
+    void *kadm_handle = NULL;
     char *principal = NULL;
     char *realm = NULL;
     char *admin_server = NULL;
@@ -48,11 +49,16 @@ kt_get(int argc, char **argv)
     int help_flag = 0;
     int optind = 0;
     int i, j;
+    struct getarg_strings etype_strs = {0, NULL};
+    krb5_enctype *etypes = NULL;
+    size_t netypes = 0;
     
     struct getargs args[] = {
 	{ "principal",	'p',	arg_string,   NULL, 
 	  "admin principal", "principal" 
 	},
+	{ "enctypes",	'e',	arg_strings,	NULL,
+	  "encryption types to use", "enctypes" },
 	{ "realm",	'r',	arg_string,   NULL, 
 	  "realm to use", "realm" 
 	},
@@ -66,10 +72,11 @@ kt_get(int argc, char **argv)
     };
 
     args[0].value = &principal;
-    args[1].value = &realm;
-    args[2].value = &admin_server;
-    args[3].value = &server_port;
-    args[4].value = &help_flag;
+    args[1].value = &etype_strs;
+    args[2].value = &realm;
+    args[3].value = &admin_server;
+    args[4].value = &server_port;
+    args[5].value = &help_flag;
 
     memset(&conf, 0, sizeof(conf));
 
@@ -77,9 +84,45 @@ kt_get(int argc, char **argv)
        || help_flag) {
 	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
 		       "ktutil get", "principal...");
-	return 0;
+	return 1;
     }
     
+    if (keytab_string == NULL) {
+	ret = krb5_kt_default_modify_name (context, keytab_buf,
+					   sizeof(keytab_buf));
+	if (ret) {
+	    krb5_warn(context, ret, "krb5_kt_default_modify_name");
+	    return 1;
+	}
+	keytab_string = keytab_buf;
+    }
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+	return 1;
+    }
+
+    if (etype_strs.num_strings) {
+	int i;
+
+	etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
+	if (etypes == NULL) {
+	    krb5_warnx(context, "malloc failed");
+	    goto out;
+	}
+	netypes = etype_strs.num_strings;
+	for(i = 0; i < netypes; i++) {
+	    ret = krb5_string_to_enctype(context, 
+					 etype_strs.strings[i], 
+					 &etypes[i]);
+	    if(ret) {
+		krb5_warnx(context, "unrecognized enctype: %s",
+			   etype_strs.strings[i]);
+		goto out;
+	    }
+	}
+    }
+
     if(realm) {
 	krb5_set_default_realm(context, realm); /* XXX should be fixed
 						   some other way */
@@ -105,10 +148,9 @@ kt_get(int argc, char **argv)
 				       &kadm_handle);
     if(ret) {
 	krb5_warn(context, ret, "kadm5_init_with_password");
-	return 0;
+	goto out;
     }
     
-    
     for(i = optind; i < argc; i++){
 	krb5_principal princ_ent;
 	kadm5_principal_ent_rec princ;
@@ -166,17 +208,38 @@ kt_get(int argc, char **argv)
 	    continue;
 	}
 	for(j = 0; j < n_keys; j++) {
-	    entry.principal = princ_ent;
-	    entry.vno = princ.kvno;
-	    entry.keyblock = keys[j];
-	    entry.timestamp = time (NULL);
-	    ret = krb5_kt_add_entry(context, keytab, &entry);
+	    int do_add = TRUE;
+
+	    if (netypes) {
+		int i;
+
+		do_add = FALSE;
+		for (i = 0; i < netypes; ++i)
+		    if (keys[j].keytype == etypes[i]) {
+			do_add = TRUE;
+			break;
+		    }
+	    }
+	    if (do_add) {
+		entry.principal = princ_ent;
+		entry.vno = princ.kvno;
+		entry.keyblock = keys[j];
+		entry.timestamp = time (NULL);
+		ret = krb5_kt_add_entry(context, keytab, &entry);
+		if (ret)
+		    krb5_warn(context, ret, "krb5_kt_add_entry");
+	    }
 	    krb5_free_keyblock_contents(context, &keys[j]);
 	}
 	
 	kadm5_free_principal_ent(kadm_handle, &princ);
 	krb5_free_principal(context, princ_ent);
     }
-    kadm5_destroy(kadm_handle);
-    return 0;
+ out:
+    free_getarg_strings(&etype_strs);
+    free(etypes);
+    if (kadm_handle)
+	kadm5_destroy(kadm_handle);
+    krb5_kt_close(context, keytab);
+    return ret != 0;
 }
diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8
index b862258..48095c4 100644
--- a/crypto/heimdal/admin/ktutil.8
+++ b/crypto/heimdal/admin/ktutil.8
@@ -1,4 +1,4 @@
-.\" $Id: ktutil.8,v 1.9 2000/12/16 00:58:49 joda Exp $
+.\" $Id: ktutil.8,v 1.12 2001/06/08 21:35:31 joda Exp $
 .\"
 .Dd December 16, 2000
 .Dt KTUTIL 8
@@ -63,6 +63,10 @@ to
 .It get Xo
 .Op Fl p Ar admin principal
 .Op Fl -principal= Ns Ar admin principal
+.Oo Fl e Ar enctype \*(Ba Xo
+.Fl -enctypes= Ns Ar enctype
+.Xc
+.Oc
 .Op Fl r Ar realm
 .Op Fl -realm= Ns Ar realm
 .Op Fl a Ar admin server
diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c
index 35ca1c9..36f7cd8 100644
--- a/crypto/heimdal/admin/ktutil.c
+++ b/crypto/heimdal/admin/ktutil.c
@@ -34,14 +34,13 @@
 #include "ktutil_locl.h"
 #include <err.h>
 
-RCSID("$Id: ktutil.c,v 1.30 2001/01/25 12:44:37 assar Exp $");
+RCSID("$Id: ktutil.c,v 1.33 2001/05/10 16:04:27 assar Exp $");
 
 static int help_flag;
 static int version_flag;
 int verbose_flag;
 char *keytab_string; 
-
-static char keytab_buf[256];
+char keytab_buf[256];
 
 static int help(int argc, char **argv);
 
@@ -108,7 +107,6 @@ static struct getargs args[] = {
 static int num_args = sizeof(args) / sizeof(args[0]);
 
 krb5_context context;
-krb5_keytab keytab;
 
 static int
 help(int argc, char **argv)
@@ -129,7 +127,7 @@ main(int argc, char **argv)
 {
     int optind = 0;
     krb5_error_code ret;
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     ret = krb5_init_context(&context);
     if (ret)
 	errx (1, "krb5_init_context failed: %d", ret);
@@ -145,20 +143,8 @@ main(int argc, char **argv)
     argv += optind;
     if(argc == 0)
 	usage(1);
-    if(keytab_string) {
-	ret = krb5_kt_resolve(context, keytab_string, &keytab);
-    } else {
-	if(krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)))
-	    strlcpy (keytab_buf, "unknown", sizeof(keytab_buf));
-	keytab_string = keytab_buf;
-
-	ret = krb5_kt_default(context, &keytab);
-    }
-    if(ret)
-	krb5_err(context, 1, ret, "resolving keytab");
     ret = sl_command(cmds, argc, argv);
     if(ret == -1)
 	krb5_warnx (context, "unrecognized command: %s", argv[0]);
-    krb5_kt_close(context, keytab);
     return ret;
 }
diff --git a/crypto/heimdal/admin/ktutil.cat8 b/crypto/heimdal/admin/ktutil.cat8
new file mode 100644
index 0000000..f349f61
--- /dev/null
+++ b/crypto/heimdal/admin/ktutil.cat8
@@ -0,0 +1,71 @@
+
+KTUTIL(8)                UNIX System Manager's Manual                KTUTIL(8)
+
+NNAAMMEE
+     kkttuuttiill - manage Kerberos keytabs
+
+SSYYNNOOPPSSIISS
+     kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh |
+     ----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkttuuttiill is a program for managing keytabs.  _c_o_m_m_a_n_d can be one of the fol-
+     lowing:
+
+     add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee
+             _e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d] [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d]
+             [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt]
+             Adds a key to the keytab. Options that are not specified will be
+             prompted for.
+
+     change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss
+             _p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t]
+             Update one or several keys to new versions.  By default, use the
+             admin server for the realm of an keytab entry.  Otherwise it will
+             use the values specified by the options.
+
+             If no principals are given, all the ones in the keytab are updat-
+             ed.
+
+     copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t
+             Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t.
+
+     get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e |
+             ----eennccttyyppeess==_e_n_c_t_y_p_e
+             sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t] [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t]
+             _p_r_i_n_c_i_p_a_l ][--rr   _r_e_a_l_m]   [----rreeaallmm==_r_e_a_l_m]   [--aa   _a_d_m_i_n   _s_e_r_v_e_r]
+             [----aaddmmiinn-- Get a key for pprriinncciippaall and store it in a keytab.
+
+     list [----kkeeyyss] [----ttiimmeessttaammpp]
+             List the keys stored in the keytab.
+
+     remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o]
+             [--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e]
+             Removes the specified key or keys. Not specifying a _k_v_n_o removes
+             keys with any version number. Not specifying a _e_n_c_t_y_p_e removes
+             keys of any type.
+
+     purge [----aaggee==_a_g_e]
+             Removes all old entries (for which there is a newer version) that
+             are older than _a_g_e (default one week).
+
+     srvconvert
+
+     srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
+             Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab and
+             stores it in _k_e_y_t_a_b. Identical to:
+
+                   ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b
+
+     srvcreate
+
+     key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
+             Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab and
+             stores it in _s_r_v_t_a_b. Identical to:
+
+                   ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b
+
+SSEEEE AALLSSOO
+     kadmin(8)
+
+ HEIMDAL                       December 16, 2000                             2
diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c
index 04c1d78..3640e4f 100644
--- a/crypto/heimdal/admin/list.c
+++ b/crypto/heimdal/admin/list.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: list.c,v 1.3 2000/06/29 08:21:40 joda Exp $");
+RCSID("$Id: list.c,v 1.8 2001/05/11 00:54:01 assar Exp $");
 
 static int help_flag;
 static int list_keys;
@@ -56,13 +56,13 @@ struct key_info {
     struct key_info *next;
 };
 
-int
-kt_list(int argc, char **argv)
+static int
+do_list(const char *keytab_string)
 {
     krb5_error_code ret;
-    krb5_kt_cursor cursor;
+    krb5_keytab keytab;
     krb5_keytab_entry entry;
-    int optind = 0;
+    krb5_kt_cursor cursor;
     struct key_info *ki, **kie = &ki, *kp;
 
     int max_version = sizeof("Vno") - 1;
@@ -71,27 +71,30 @@ kt_list(int argc, char **argv)
     int max_timestamp = sizeof("Date") - 1;
     int max_key = sizeof("Key") - 1;
 
-    if(verbose_flag)
-	list_timestamp = 1;
-
-    if(getarg(args, num_args, argc, argv, &optind)){
-	arg_printusage(args, num_args, "ktutil list", "");
-	return 1;
-    }
-    if(help_flag){
-	arg_printusage(args, num_args, "ktutil list", "");
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
 	return 0;
     }
 
     ret = krb5_kt_start_seq_get(context, keytab, &cursor);
     if(ret){
 	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	return 1;
+	goto out;
     }
+
+    printf ("%s:\n\n", keytab_string);
+	
     while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
 #define CHECK_MAX(F) if(max_##F < strlen(kp->F)) max_##F = strlen(kp->F)
 
 	kp = malloc(sizeof(*kp));
+	if (kp == NULL) {
+	    krb5_kt_free_entry(context, &entry);
+	    krb5_kt_end_seq_get(context, keytab, &cursor);
+	    krb5_warn(context, ret, "malloc failed");
+	    goto out;
+	}
 
 	asprintf(&kp->version, "%d", entry.vno);
 	CHECK_MAX(version);
@@ -100,7 +103,7 @@ kt_list(int argc, char **argv)
 	if (ret != 0) 
 	    asprintf(&kp->etype, "unknown (%d)", entry.keyblock.keytype);
 	CHECK_MAX(etype);
-	krb5_unparse_name_short(context, entry.principal, &kp->principal);
+	krb5_unparse_name(context, entry.principal, &kp->principal);
 	CHECK_MAX(principal);
 	if (list_timestamp) {
 	    char tstamp[256];
@@ -159,5 +162,36 @@ kt_list(int argc, char **argv)
 	kp = kp->next;
 	free(ki);
     }
+out:
+    krb5_kt_close(context, keytab);
+    return 0;
+}
+
+int
+kt_list(int argc, char **argv)
+{
+    int optind = 0;
+
+    if(verbose_flag)
+	list_timestamp = 1;
+
+    if(getarg(args, num_args, argc, argv, &optind)){
+	arg_printusage(args, num_args, "ktutil list", "");
+	return 1;
+    }
+    if(help_flag){
+	arg_printusage(args, num_args, "ktutil list", "");
+	return 0;
+    }
+
+    if (keytab_string == NULL) {
+	do_list("FILE:/etc/krb5.keytab");
+#ifdef KRB4
+	printf ("\n");
+	do_list("krb4:/etc/srvtab");
+#endif
+    } else {
+	do_list(keytab_string);
+    }
     return 0;
 }
diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c
index 5e22de5..c99f3bf 100644
--- a/crypto/heimdal/admin/purge.c
+++ b/crypto/heimdal/admin/purge.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: purge.c,v 1.3 2000/06/29 08:31:47 joda Exp $");
+RCSID("$Id: purge.c,v 1.5 2001/05/11 00:54:01 assar Exp $");
 
 /*
  * keep track of the highest version for every principal.
@@ -97,8 +97,9 @@ delete_list (struct e *head)
 int
 kt_purge(int argc, char **argv)
 {
-    krb5_error_code ret;
+    krb5_error_code ret = 0;
     krb5_kt_cursor cursor;
+    krb5_keytab keytab;
     krb5_keytab_entry entry;
     int help_flag = 0;
     char *age_str = "1 week";
@@ -117,26 +118,44 @@ kt_purge(int argc, char **argv)
     args[i++].value = &help_flag;
 
     if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, "ktutil remove", "");
-	return 0;
+	arg_printusage(args, num_args, "ktutil purge", "");
+	return 1;
     }
     if(help_flag) {
-	arg_printusage(args, num_args, "ktutil remove", "");
-	return 0;
+	arg_printusage(args, num_args, "ktutil purge", "");
+	return 1;
     }
 
     age = parse_time(age_str, "s");
     if(age < 0) {
 	krb5_warnx(context, "unparasable time `%s'", age_str);
-	return 0;
+	return 1;
+    }
+
+    if (keytab_string == NULL) {
+	ret = krb5_kt_default_modify_name (context, keytab_buf,
+					   sizeof(keytab_buf));
+	if (ret) {
+	    krb5_warn(context, ret, "krb5_kt_default_modify_name");
+	    return 1;
+	}
+	keytab_string = keytab_buf;
+    }
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+	return 1;
     }
 
     ret = krb5_kt_start_seq_get(context, keytab, &cursor);
     if(ret){
 	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	return 1;
+	goto out;
     }
 
+    if (verbose_flag)
+	fprintf (stderr, "Using keytab %s\n", keytab_string);
+	
     while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
 	add_entry (entry.principal, entry.vno, &head);
 	krb5_kt_free_entry(context, &entry);
@@ -148,7 +167,7 @@ kt_purge(int argc, char **argv)
     ret = krb5_kt_start_seq_get(context, keytab, &cursor);
     if(ret){
 	krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string);
-	return 1;
+	goto out;
     }
 
     while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
@@ -178,5 +197,7 @@ kt_purge(int argc, char **argv)
 
     delete_list (head);
 
-    return 0;
+ out:
+    krb5_kt_close (context, keytab);
+    return ret != 0;
 }
diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c
index e19de0a..c6f64db 100644
--- a/crypto/heimdal/admin/remove.c
+++ b/crypto/heimdal/admin/remove.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,13 +33,14 @@
 
 #include "ktutil_locl.h"
 
-RCSID("$Id: remove.c,v 1.1 2000/01/02 04:41:02 assar Exp $");
+RCSID("$Id: remove.c,v 1.2 2001/05/10 15:44:58 assar Exp $");
 
 int
 kt_remove(int argc, char **argv)
 {
-    krb5_error_code ret;
+    krb5_error_code ret = 0;
     krb5_keytab_entry entry;
+    krb5_keytab keytab;
     char *principal_string = NULL;
     krb5_principal principal = NULL;
     int kvno = 0;
@@ -61,7 +62,7 @@ kt_remove(int argc, char **argv)
     args[i++].value = &help_flag;
     if(getarg(args, num_args, argc, argv, &optind)) {
 	arg_printusage(args, num_args, "ktutil remove", "");
-	return 0;
+	return 1;
     }
     if(help_flag) {
 	arg_printusage(args, num_args, "ktutil remove", "");
@@ -71,7 +72,7 @@ kt_remove(int argc, char **argv)
 	ret = krb5_parse_name(context, principal_string, &principal);
 	if(ret) {
 	    krb5_warn(context, ret, "%s", principal_string);
-	    return 0;
+	    return 1;
 	}
     }
     if(keytype_string) {
@@ -84,7 +85,7 @@ kt_remove(int argc, char **argv)
 		krb5_warn(context, ret, "%s", keytype_string);
 		if(principal)
 		    krb5_free_principal(context, principal);
-		return 0;
+		return 1;
 	    }
 	}
     }
@@ -92,12 +93,32 @@ kt_remove(int argc, char **argv)
 	krb5_warnx(context, 
 		   "You must give at least one of "
 		   "principal, enctype or kvno.");
-	return 0;
+	return 1;
     }
+
+    if (keytab_string == NULL) {
+	ret = krb5_kt_default_modify_name (context, keytab_buf,
+					   sizeof(keytab_buf));
+	if (ret) {
+	    krb5_warn(context, ret, "krb5_kt_default_modify_name");
+	    return 1;
+	}
+	keytab_string = keytab_buf;
+    }
+    ret = krb5_kt_resolve(context, keytab_string, &keytab);
+    if (ret) {
+	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+	return 1;
+    }
+
+    if (verbose_flag)
+	fprintf (stderr, "Using keytab %s\n", keytab_string);
+	
     entry.principal = principal;
     entry.keyblock.keytype = enctype;
     entry.vno = kvno;
     ret = krb5_kt_remove_entry(context, keytab, &entry);
+    krb5_kt_close(context, keytab);
     if(ret)
 	krb5_warn(context, ret, "remove");
     if(principal)
diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in
index 2690db2..ae89497 100644
--- a/crypto/heimdal/appl/Makefile.in
+++ b/crypto/heimdal/appl/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 @OTP_TRUE@dir_otp = @OTP_TRUE@otp
@@ -227,7 +230,7 @@ DIST_SUBDIRS =  afsutil ftp login otp popper push rsh rcp su xnlock \
 telnet test kx kf dceutils
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/Makefile
 
@@ -268,11 +271,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -318,6 +326,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog
index af83aef..8dfd532 100644
--- a/crypto/heimdal/appl/afsutil/ChangeLog
+++ b/crypto/heimdal/appl/afsutil/ChangeLog
@@ -1,3 +1,7 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* afslog.c (main): call free_getarg_strings
+
 2000-12-31  Assar Westerlund  <assar@sics.se>
 
 	* afslog.c (main): handle krb5_init_context failure consistently
diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in
index 24f5a61..44d5b58 100644
--- a/crypto/heimdal/appl/afsutil/Makefile.in
+++ b/crypto/heimdal/appl/afsutil/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 @KRB4_TRUE@AFSPROGS = @KRB4_TRUE@afslog pagsh
@@ -253,7 +256,7 @@ OBJECTS = $(am_afslog_OBJECTS) $(am_pagsh_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/afsutil/Makefile
 
@@ -349,6 +352,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c
index f557421..5451b22 100644
--- a/crypto/heimdal/appl/afsutil/afslog.c
+++ b/crypto/heimdal/appl/afsutil/afslog.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: afslog.c,v 1.14 2001/01/25 12:44:46 assar Exp $");
+RCSID("$Id: afslog.c,v 1.16 2001/05/16 22:10:15 assar Exp $");
 #endif
 #include <ctype.h>
 #include <krb5.h>
@@ -179,7 +179,7 @@ main(int argc, char **argv)
     int num;
     int ret = 0;
     
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
@@ -206,10 +206,12 @@ main(int argc, char **argv)
     for(i = 0; i < files.num_strings; i++){
 	afslog_file(context, id, files.strings[i]);
 	num++;
+	free_getarg_strings (&files);
     }
     for(i = 0; i < cells.num_strings; i++){
 	afslog_cell(context, id, cells.strings[i], 1);
 	num++;
+	free_getarg_strings (&cells);
     }
     for(i = optind; i < argc; i++){
 	num++;
diff --git a/crypto/heimdal/appl/dceutils/ChangeLog b/crypto/heimdal/appl/dceutils/ChangeLog
new file mode 100644
index 0000000..8d991ca
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/ChangeLog
@@ -0,0 +1,18 @@
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am (dpagaix): needs to be linked with ld, add an
+	explicit command for it.  from Ake Sandgren <ake@cs.umu.se>
+
+2000-10-02  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: link with roken on everything except irix, where
+	apperently it fails.  reported by Ake Sandgren <ake@cs.umu.se>
+
+2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* Makefile.am: set compiler flags
+
+2000-07-01  Assar Westerlund  <assar@sics.se>
+
+	* imported stuff from Ake Sandgren <ake@cs.umu.se>
+
diff --git a/crypto/heimdal/appl/dceutils/Makefile.am b/crypto/heimdal/appl/dceutils/Makefile.am
new file mode 100644
index 0000000..bc7ebef
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/Makefile.am
@@ -0,0 +1,30 @@
+# $Id: Makefile.am,v 1.6 2001/02/07 22:45:37 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+
+DFSPROGS = k5dcecon
+if AIX
+AIX_DFSPROGS = dpagaix
+endif
+
+libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
+
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDFLAGS = @dpagaix_LDFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+
+dpagaix: $(dpagaix_OBJECTS)
+	ld -edpagaix -o dpagaix $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
+
+LIB_dce = -ldce
+
+k5dcecon_SOURCES  = k5dcecon.c k5dce.h
+
+dpagaix_SOURCES = dpagaix.c
+
+if IRIX
+LDADD = $(LIB_dce)
+else
+LDADD = $(LIB_roken) $(LIB_dce)
+endif
diff --git a/crypto/heimdal/appl/dceutils/Makefile.in b/crypto/heimdal/appl/dceutils/Makefile.in
new file mode 100644
index 0000000..4138b1c
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/Makefile.in
@@ -0,0 +1,594 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.6 2001/02/07 22:45:37 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+DFSPROGS = k5dcecon
+@AIX_TRUE@AIX_DFSPROGS = @AIX_TRUE@dpagaix
+
+libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
+
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDFLAGS = @dpagaix_LDFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+
+LIB_dce = -ldce
+
+k5dcecon_SOURCES = k5dcecon.c k5dce.h
+
+dpagaix_SOURCES = dpagaix.c
+@IRIX_TRUE@LDADD = @IRIX_TRUE@$(LIB_dce)
+@IRIX_FALSE@LDADD = @IRIX_FALSE@$(LIB_roken) $(LIB_dce)
+subdir = appl/dceutils
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+@AIX_FALSE@libexec_PROGRAMS =  k5dcecon$(EXEEXT)
+@AIX_TRUE@libexec_PROGRAMS =  k5dcecon$(EXEEXT) dpagaix$(EXEEXT)
+PROGRAMS =  $(libexec_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+am_dpagaix_OBJECTS =  dpagaix-dpagaix.$(OBJEXT)
+dpagaix_OBJECTS =  $(am_dpagaix_OBJECTS)
+dpagaix_DEPENDENCIES = 
+am_k5dcecon_OBJECTS =  k5dcecon.$(OBJEXT)
+k5dcecon_OBJECTS =  $(am_k5dcecon_OBJECTS)
+k5dcecon_LDADD = $(LDADD)
+@IRIX_FALSE@k5dcecon_DEPENDENCIES = 
+@IRIX_TRUE@k5dcecon_DEPENDENCIES = 
+k5dcecon_LDFLAGS = 
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
+depcomp = 
+DIST_COMMON =  ChangeLog Makefile.am Makefile.in compile
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
+OBJECTS = $(am_dpagaix_OBJECTS) $(am_k5dcecon_OBJECTS)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/dceutils/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-libexecPROGRAMS:
+
+clean-libexecPROGRAMS:
+	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+distclean-libexecPROGRAMS:
+
+maintainer-clean-libexecPROGRAMS:
+
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
+	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
+	done
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+dpagaix-dpagaix.$(OBJEXT): dpagaix.c
+	$(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.$(OBJEXT) `test -f dpagaix.c || echo '$(srcdir)/'`dpagaix.c
+
+dpagaix$(EXEEXT): $(dpagaix_OBJECTS) $(dpagaix_DEPENDENCIES)
+	@rm -f dpagaix$(EXEEXT)
+	$(LINK) $(dpagaix_LDFLAGS) $(dpagaix_OBJECTS) $(dpagaix_LDADD) $(LIBS)
+
+k5dcecon$(EXEEXT): $(k5dcecon_OBJECTS) $(k5dcecon_DEPENDENCIES)
+	@rm -f k5dcecon$(EXEEXT)
+	$(LINK) $(k5dcecon_LDFLAGS) $(k5dcecon_OBJECTS) $(k5dcecon_LDADD) $(LIBS)
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-libexecPROGRAMS
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-libexecPROGRAMS
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(libexecdir)
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-libexecPROGRAMS mostlyclean-compile \
+		mostlyclean-libtool mostlyclean-tags \
+		mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-libexecPROGRAMS clean-compile clean-libtool clean-tags \
+		clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-libexecPROGRAMS distclean-compile \
+		distclean-libtool distclean-tags distclean-generic \
+		clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-libexecPROGRAMS \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-tags maintainer-clean-generic \
+		distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
+clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
+uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
+distclean-compile clean-compile maintainer-clean-compile \
+mostlyclean-libtool distclean-libtool clean-libtool \
+maintainer-clean-libtool tags mostlyclean-tags distclean-tags \
+clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \
+check-local check check-am installcheck-am installcheck install-exec-am \
+install-exec install-data-local install-data-am install-data install-am \
+install uninstall-am uninstall all-local all-redirect all-am all \
+install-strip installdirs mostlyclean-generic distclean-generic \
+clean-generic maintainer-clean-generic clean mostlyclean distclean \
+maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+dpagaix: $(dpagaix_OBJECTS)
+	ld -edpagaix -o dpagaix $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/dceutils/README.dcedfs b/crypto/heimdal/appl/dceutils/README.dcedfs
new file mode 100644
index 0000000..80a06fe
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/README.dcedfs
@@ -0,0 +1,59 @@
+This is a set of patches and files to get a DFS ticket from a k5 ticket.
+This code comes from Doug Engert, Argonne Nat. Lab (See dce/README.original
+for more info)
+
+The files in dce are;
+testpag: for testing if this is at all possible.
+k5dfspag: included in libkrb5
+k5dcecon: Creates (or searches for) the actual DFSPAG ticketfile.
+dpagaix: An AIX syscall stub.
+README.original: Original README file from Doug Engert
+
+
+Certain applications (rshd/telnetd) have been patched to call the
+functions in k5dfspag when the situation is right. They are ifdef
+with DCE. The patches are also originally from Doug but they
+where against MIT krb5 code and have been merged into heimdal by me.
+I will try to fix ftpd soon...
+
+There is also an ifdefs for DCE && AIX that can be used to make AIX
+use DCE for getting group/passwd entries. This is needed if one is running
+with a bare bones passwd/group file and AUTHSTATE set to DCE (This will be
+more or less clear to people doing this...) I have forced this on for now.
+
+k5dfspag.c is in lib/krb5
+k5dfspag.c is dependent on DCE only.
+It is also POSIX systems only. There are defines for the location of
+k5dcecon and dpagaix that needs a correct configure setting.
+
+k5dcecon needs no special things for the compile except whatever is needed
+on the target system to compile dce programs.
+(On aix the dce compile flags are: -D_THREAD_SAFE -D_AIX32_THREADS=1 -D_AIX41 -D_AES_SOURCE or one can use xlc_r4 if it is version 3.6.4 or later)
+
+k5dcecon wants the following libs (on aix 4.3):
+-ldce (and setenv from somewhere)
+
+dpagaix is only needed on AIX (see k5dfspag.c).
+dpagaix needs dfspag.exp and is linked with
+ld -edpagaix -o dpagaix dpagaix.o dfspag.exp
+
+
+Hope to get this into heimdal soon :-) although I know that you will have to
+change some things to get it cleanly into configure. Since I don't know the
+structure of the code (heimdal), nor enough of configure, good enough I
+just won't try it myself.
+
+One more thing, to get this to work one has to put fcache_version = x in
+krb5.conf where x = whatever the DCE implementation understands, (usually
+1 or 2).
+Thanks for adding that...
+
+
+Åke Sandgren (ake@hpc2n.umu.se)
+HPC2N
+Umeå University
+Sweden
+
+PS
+I have now added patches for configure.in and some Makefile.am's to get this
+all cleanly (I hope) into heimdal.
diff --git a/crypto/heimdal/appl/dceutils/README.original b/crypto/heimdal/appl/dceutils/README.original
new file mode 100644
index 0000000..7283c38
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/README.original
@@ -0,0 +1,335 @@
+KERBEROS and DCE INTEROPERABILITY ROUTINES
+
+WHAT'S NEW
+
+When k5dcecon was examining the ticket caches looking to 
+update one with a newer TGT, it might update the wrong
+one for the correct user.  This problem was reported by PNNL,
+and is now fixed.
+
+Any Kerberized application can now use a forwarded TGT to establish a
+DCE context, or can use a previously established DCE context. This is
+both a functional improvement and a performance improvement.
+
+BACKGROUND
+
+The MIT Kerberos 5 Release 1.x and DCE 1.1 can interoperate in a
+number of ways. This is possible because:
+
+ o DCE used Kerberos 5 internally. Based on the MIT code as of beta 4
+   or so, with additional changes. 
+
+ o The DCE security server can act as a K5 KDC, as defined in RFC 1510
+   and responds on port 88. 
+
+ o On the clients, DCE and Kerberos use the same format for the ticket
+   cache, and then can share it. The KRB5CCNAME environment variable points
+   at the cache.   
+ 
+ o On the clients, DCE and Kerberos use the same format for the srvtab
+   file. DCE refers to is a /krb5/v5srvtab and Kerberos as
+   /etc/krb5.keytab. They can be symlinked.  
+
+ o MIT has added many options to the krb5.conf configuration file
+   which allows newer features of Release 1.0 to be turned off to match
+   the earlier version of Kerberos upon which DCE is based. 
+
+ o DCE will accept a externally obtained Kerberos TGT in place of a
+   password when establishing a DCE context. 
+
+There are some areas where they differ, including the following:
+ 
+ o Administration of the database and the keytab files is done by the
+   DCE routines, rather the the Kerberos kadmin.
+
+ o User password changes must be done using the DCE commands. Kpasswd
+   does not work. (But there are mods to Kerberos to use the v5passwd 
+   with DCE.  
+
+ o DCE goes beyond authentication only, and provides authorization via
+   the PAC, and the dce-ptgt tickets stored in the cache. Thus a
+   Kerberos KDC can not act as a DCE security server. 
+
+ o A DCE cell and Kerberos realm can cross-realm authenticate, but 
+   there can be no intermediate realms. (There are other problems
+   in this area as well. But directly connected realms/cells do work.)
+
+ o You can't link a module with the DCE library and the Kerberos
+   library. They have conflicting routines, static data and structures.  
+ 
+One of the main features of DCE is the Distributed File System
+DFS. Access to DFS requires authentication and authorization, and when
+one uses a Kerberized network utility such as telnet, a forwarded
+Kerberos ticket can be used to establish the DCE context to allow
+access to DFS.  
+
+
+NEW TO THIS RELEASE
+
+This release introduces sharing of a DCE context, and PAG, and allows
+any Kerberized application to establish or share the context. This is
+made possible by using an undocumented feature of DCE which is on at
+least the Transarc and IBM releases of DCE 1.1.
+
+I am in the process of trying to get this contributed to the general
+DCE 1.2.2 release as a patch, so it could be included in other vendors
+products.  HP has expressed interest in doing this, as well as the
+OpenGroup if the modification is contributed. You can help by
+requesting Transarc and/or IBM to submit this modification to the
+OpenGroup and ask your vendor to adopt this modification.
+
+The feature is a modification to the setpag() system call which will
+allow an authorized process to set the PAG to a specific value, and
+thus allow unrelated processes to share the same PAG.
+
+This then allows the Kerberized daemons such as kshd, to exec a DCE
+module which established the DCE context. Kshd then sets the
+KRB5CCNAME environment variable and then issues the setpag() to use
+this context. This solves the linking problem. This is done via the
+k5dfspag.c routine.
+
+The k5dfspag.c code is compiled with the lib/krb5/os routines and
+included in the libkrb5. A daemon calls krb5_dfs_pag after the
+krb5_kuserok has determined that the Kerberos principal and local
+userid pair are acceptable. This should be done early so as to give
+the daemon access to the home directory which may be located on DFS.  
+If the .k5login file is used by krb5_kuserok it will need to be
+accessed by the daemon and will need special ACL handling.  
+
+The krb5_dfs_pag routine will exec the k5dcecon module to do all the
+real work. Upon return, if a PAG is obtained, krb5_dfs_pag with set
+the PAG for the current process to the returned PAG value. It will
+also set the KRB5CCNAME environment as well. Under DCE the PAG value
+is the nnnnnnn part of the name of the cache:
+FILE:/opt/dcelocal/var/security/creds/dcecred_nnnnnnnn. 
+
+The k5dcecon routine will attempt to use TGT which may have been
+forwarded, to convert it to a DCE context. If there is no TGT, an
+attempt will be made to join an existing PAG for the local userid, and
+Kerberos principal. If there are existing PAGs, and a forwarded TGT,
+k5dcecon will check the lifetime of the forwarded TGT, and if it is
+less then the lifetime of the PAG, it will just join the PAG. If it
+is greater, it will refresh the PAG using the forwarded TGT. 
+This approach has the advantage of not requiring many new tickets from
+having to be obtained, and allows one to refresh a DCE context, or use
+an already established context. 
+
+If the system also has AFS, the AFS krb5_afs_pag should be called
+after the krb5_dfs_pag, since cache pointed at via the KRB5CCNAME may
+have changed, such as if a DFS PAG has been joined. The AFS code does
+not have the capability to join an existing AFS PAG, but can use the
+same cache which might already had a
+afsx/<afs.cell.name>@<k5.realm.name> service ticket.
+
+
+WHAT'S IN THIS RELEASE
+
+The k5prelogin, k5dcelogin, k5afslogin (with ak5log) were designed to
+be slipped in between telnetd or klogind and login.krb5. They would
+use a forwarded Kerberos ticket to establish a DCE context.  They are
+the older programs which are included here. They work on all DCE
+platforms, and don't take advantage of the undocumented setpag
+feature. (A version of k5dcelogin is being included with DCE 1.2.2)
+ 
+K5dcecon is the new program which can be used to create, update or
+join a DCE context. k5dcecon returns KRB5CCNAME string which contains
+the PAG.
+
+k5dfspag.c is to be built in the MIT Kerberos 5 release 1.0 patchlevel
+1 and added to the libkrb5. It will exec k5dcecon and upon return set
+the KRB5CCNAME and PAG. Mods to Kerberized klogind, rshd, telnetd,
+ftpd are available to use the k5dfspag. 
+
+Testpag.c is a test programs to see if the PAG can be set.
+
+The cpwkey.c routine can be used to change a key in the DCE registry,
+by adding the key directly, or by setting the salt/pepper and password
+or by providing the key and the pepper. This could be useful when
+coping keys from a K4 or AFS database to DCE. It can also be used when
+setting a DCE to K5 cross-cell key.  This program is a test program
+For mass inserts, it should be rewritten to read from stdin.
+
+K5dcelogin can also be called directly, much like dce_login.
+I use the following commands in effect do the same thing as dce_login
+and get a forwardable ticket, DCE context and an AFS token:
+
+  #!/bin/csh
+  # simulate a dce_login using krb5 kinit and k5dcelogin
+  #
+  setenv KRB5CCNAME FILE:/tmp/krb5cc_p$$
+  /krb5/bin/kinit -f
+  exec /krb5/sbin/k5dcelogin /krb5/sbin/k5afslogin /bin/csh
+  #exec /krb5/sbin/k5dcelogin  /bin/csh
+
+This could be useful in a mixed cell where "AS_REQ" messages are
+handled by a K5 KDC, but DCE RPCs are handled by the DCE security
+server.
+
+TESTING THE SETPAG
+
+The krb5_dfs_pag routine relies on an undocumented feature which is
+in the AIX and Transarc Solaris ports of DCE and has been recently
+added to the SGI version.  To test if this feature is present 
+on some other DFS implementation use the testpag routine. 
+
+The testpag routine attempts to set a PAG value to one you supply. It
+uses the afs_syscall with the afs_setpag, and passes the supplied 
+PAG value as the next parameter. On an unmodifed system, this 
+will be ignored, and a new will be set. You should also check that
+if run as a user, you cannot join a PAG owned by another user. 
+When run as root, any PAG should be usable. 
+
+On a machine with DFS running, do a dce_login to get a DCE context and
+PAG. ECHO the KRB5CCNAME and look at the nnnnnnnn at the end. It
+should look like an 8 char hex value, which may be 41ffxxxx on some
+systems. 
+
+Su to root and unsetenv KRB5CCNAME. Do a testpag -n nnnnnnnn where
+nnnnnnnn is the PAG obtained for the above name. 
+
+It should look like this example on an AIX 4.1.4 system:
+
+   pembroke# ./testpag -n 63dc9997
+   calling k5dcepag newpag=63dc9997
+   PAG returned = 63dc9997
+
+You will be running under a new shell with the PAG and KRB5CCNAME set.
+If the PAG returned is the same as the newpag, then it worked. You can
+further verify this by doing a DCE klist, cd to DFS and a DCE klist
+again. The klist should show some tickets for DFS servers.
+
+If the PAG returned is not the same, and repeated attempts show a
+returned PAG decremented by 1 from the previous returned PAG, then
+this system does not have the modification For example: 
+ 
+   # ./testpag -n 41fffff9
+   calling k5dcepag newpag=41fffff9
+   PAG returned = 41fffff8
+   # ./testpag -n 41fffff9
+   calling k5dcepag newpag=41fffff9
+   PAG returned = 41fffff7
+
+In this case the syscall is ignoring the newpag parameter. 
+
+Running it with -n 0 should get the next PAG value with or without
+this modification. 
+
+If the DFS kernel extensions are not installed, you would get
+something like this:
+
+  caliban.ctd.anl.gov% ./testpag -n 012345678
+  calling k5dcepag newpag=012345678
+  Setpag failed with a system error
+  PAG returned = ffffffff
+  Not a good pag value
+
+If you DFS implementation does not have this modification, you could
+attempt to install it yourself. But this requires source and requires
+modifications to the kernel extensions. At the end of this note is an
+untested sample using the DCE 1.2.2 source code. You can also contact
+your system vendor and ask for this modification.
+
+UNICOS has a similar function setppag(newpag) which can be used to set
+the PAG of the parent. Contact me if you are interested. 
+
+HOW TO INSTALL
+
+Examine the k5dfspag.c file to make sure the DFS syscalls are correct
+for your platform. See the /opt/dcelocal/share/include/dcedfs/syscall.h
+on Solaris for example. 
+
+You should build the testpag routine and make sure it works before 
+adding all the other mods. If it fails you can still use the klogind
+and telnetd with the k5prelogin and k5dcelogin code. 
+
+If you intend to install with a prefix other then /krb5, change:
+DPAGAIX and K5DCECON in k5dfspag.c; the three references in
+k5prelogin.c; and the DESTDIR in the Makefile.
+
+Get k5101.cdiff.xxxxxx.tar file and install the mods for ANL_DFS_PAG
+and ANL_DCE to the MIT Kerberos 5 source. These mods turn on some DCE
+related changes and the calls to krb5_dfs_pag. 
+
+Symlink or copy the k5dfspag.c to the src/lib/krb5/os directory. 
+
+Add the -DANL_DFS_PAG and -DANL_DCE flags to the configuration. 
+
+Configure and Build the Kerberos v5. 
+
+Modify the k5dce Makefile for your system. 
+
+Build the k5dcecon and related programs. 
+
+Install both the MIT Kerberos v5 and the k5dcecon and dpagaix if AIX.    
+
+The makefile can also build k5dcelogin and k5prelogin.  The install
+can install k5dcelogin, k5prelogin and update the links for login.krb5
+-> k5prelogin and moving login.krb5 to login.k5. If you will be using
+the k5dcecon/k5dfspag with the Kerberos mods, you don't need
+k5prelogin, or the links changed, and may not need k5dcelogin.
+
+Note that Transarc has obfuscated the entries to the lib, and 
+the 1.0.3a is different from the 1.1. You may need to build two
+versions of the k5dcelogin and/or k5dcecon one for each. 
+
+AIX ONLY
+
+The dpagaix routine is needed for AIX because of the way they do the 
+syscalls. 
+
+The following fix.aix.libdce.mk is not needed if dce 2.1.0.21
+has been installed. This PTF exposed the needed entrypoints. 
+
+The fix.aix.libdce.mk is a Makefile for AIX 4.x to add the required
+external entry points to the libdce.a.  These are needed by k5dcecon
+and k5dcelogin.  A bug report was submitted to IBM on this, and it was
+rejected. But since DCE 1.2.2 will have a k5dcelogin, this should not
+be needed with 1.2.2
+
+Copy /usr/lib/libdce.a to /usr/libdce.a.orig before starting. Copy the
+makefile to its own directory. It will create a new libdce.a which you
+need to copy back to /usr/lib/libdce.a You will need to reboot the
+machine.  See the /usr/lpp/dce/examples/inst/README.AIX for a similar
+procedure.  IBM was not responsive in a request to have these added.
+
+UNTESTED KERNEL EXTENSION FOR SETPAG
+
+*** src/file/osi/,osi_pag.c  Wed Oct  2 13:03:05 1996
+--- src/file/osi/osi_pag.c   Mon Jul 28 13:53:13 1997
+***************
+*** 293,298 ****
+--- 293,302 ----
+      int code;
+  
+      osi_MakePreemptionRight();
++    /* allow sharing of a PAG by non child processes DEE- 6/6/97 */
++    if (unused && osi_GetUID(osi_getucred()) == 0) {
++     newpag = unused;
++    } else {
+      osi_mutex_enter(&osi_pagLock);
+      now = osi_Time();
+      soonest = osi_firstPagTime +
+***************
+*** 309,314 ****
+--- 313,319 ----
+      }
+      osi_mutex_exit(&osi_pagLock);
+      newpag = osi_genpag();
++    }
+      osi_pcred_lock(p);
+      credp = crcopy(osi_getucred());
+      code = osi_SetPagInCred(credp, newpag);
+
+Created     07/08/96
+Modified    09/30/96
+Modified    11/19/96
+Modified    12/19/96
+Modified    06/20/97
+Modified    07/28/97
+Modified    02/18/98
+
+ Douglas E. Engert  <DEEngert@anl.gov>
+ Argonne National Laboratory
+ 9700 South Cass Avenue
+ Argonne, Illinois  60439 
+ (630) 252-5444
diff --git a/crypto/heimdal/appl/dceutils/compile b/crypto/heimdal/appl/dceutils/compile
new file mode 100755
index 0000000..d4a34aa
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/compile
@@ -0,0 +1,82 @@
+#! /bin/sh
+
+# Wrapper for compilers which do not understand `-c -o'.
+
+# Copyright 1999, 2000 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Usage:
+# compile PROGRAM [ARGS]...
+# `-o FOO.o' is removed from the args passed to the actual compile.
+
+prog=$1
+shift
+
+ofile=
+cfile=
+args=
+while test $# -gt 0; do
+   case "$1" in
+    -o)
+       ofile=$2
+       shift
+       ;;
+    *.c)
+       cfile=$1
+       args="$args $1"
+       ;;
+    *)
+       args="$args $1"
+       ;;
+   esac
+   shift
+done
+
+test -z "$ofile" && {
+   echo "compile: no \`-o' option seen" 1>&2
+   exit 1
+}
+
+test -z "$cfile" && {
+   echo "compile: no \`.c' file seen" 1>&2
+   exit 1
+}
+
+# Name of file we expect compiler to create.
+cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
+
+# Create the lock directory.
+lockdir=`echo $ofile | sed -e 's|/|_|g'`
+while true; do
+   if mkdir $lockdir > /dev/null 2>&1; then
+      break
+   fi
+   sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir $lockdir; exit 1" 1 2 15
+
+# Run the compile.
+"$prog" $args
+status=$?
+
+if test -f "$cofile"; then
+   mv "$cofile" "$ofile"
+fi
+
+rmdir $lockdir
+exit $status
diff --git a/crypto/heimdal/appl/dceutils/dfspag.exp b/crypto/heimdal/appl/dceutils/dfspag.exp
new file mode 100644
index 0000000..ed39788
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/dfspag.exp
@@ -0,0 +1,3 @@
+#!/unix
+* kernel extentions used to get the pag
+kafs_syscall syscall
diff --git a/crypto/heimdal/appl/dceutils/dpagaix.c b/crypto/heimdal/appl/dceutils/dpagaix.c
new file mode 100644
index 0000000..cbc23cb
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/dpagaix.c
@@ -0,0 +1,23 @@
+/*
+ * dpagaix.c
+ * On AIX we need to get the kernel extentions
+ * with the DFS kafs_syscall in it. 
+ * We might be running on a system
+ * where DFS is not active. 
+ * So we use this dummy routine which 
+ * might not load to do the dirty work
+ *
+ * DCE does this with the /usr/lib/drivers/dfsloadobj 
+ *
+ */
+ 
+ int dpagaix(parm1, parm2, parm3, parm4, parm5, parm6)
+   int parm1;
+   int parm2;
+   int parm3;
+   int parm4;
+   int parm5;
+   int parm6;
+ {
+   return(kafs_syscall(parm1, parm2, parm3, parm4, parm5, parm6));
+ }
diff --git a/crypto/heimdal/appl/dceutils/k5dce.h b/crypto/heimdal/appl/dceutils/k5dce.h
new file mode 100644
index 0000000..424ebdc
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/k5dce.h
@@ -0,0 +1,165 @@
+/* dummy K5 routines which are needed to get this to 
+ * compile without having access ti the DCE versions 
+ * of the header files.
+ * Thiis is very crude, and OSF needs to expose the K5
+ * API.
+ */
+
+#ifdef sun
+/* Transarc obfascates these routines */
+#ifdef DCE_1_1
+
+#define krb5_init_ets                   _dce_PkjKqOaklP 
+#define krb5_copy_creds                 _dce_LuFxPiITzD
+#define krb5_unparse_name               _dce_LWHtAuNgRV
+#define krb5_get_default_realm          _dce_vDruhprWGh
+#define krb5_build_principal            _dce_qwAalSzTtF
+#define krb5_build_principal_ext        _dce_vhafIQlejW
+#define krb5_build_principal_va         _dce_alsqToMmuJ
+#define krb5_cc_default                 _dce_KZRshhTXhE
+#define krb5_cc_default_name            _dce_bzJVAjHXVQ
+#define sec_login_krb5_add_cred			_dce_ePDtOJTZvU
+
+#else /* DCE 1.0.3a */
+
+#define krb5_init_ets                   _dce_BmLRpOVsBo
+#define krb5_copy_creds                 _dce_VGwSEBNwaf
+#define krb5_unparse_name               _dce_PgAOkJoMXA
+#define krb5_get_default_realm          _dce_plVOzStKyK
+#define krb5_build_principal            _dce_uAKSsluIFy
+#define krb5_build_principal_ext        _dce_tRMpPiRada
+#define krb5_build_principal_va         _dce_SxnLejZemH
+#define krb5_cc_default                 _dce_SeKosWFnsv
+#define krb5_cc_default_name            _dce_qJeaphJWVc
+#define sec_login_krb5_add_cred         _dce_uHwRasumsN
+
+#endif
+#endif
+
+/* Define the bare minimum k5 structures which are needed
+ * by this program. Since the krb5 includes are not supplied 
+ * with DCE, these were based on the MIT Kerberos 5 beta 3
+ * which should match the DCE as of 1.0.3 at least.
+ * The tricky one is the krb5_creds, since one is allocated
+ * by this program, and it needs access to the client principal
+ * in it.
+ * Note that there are no function prototypes, so there is no 
+ * compile time checking.
+ * DEE 07/11/95
+ */
+#define     NPROTOTYPE(x) () 
+typedef int krb5_int32;  /* assuming all DCE systems are 32 bit */
+typedef short krb5short; /* assuming short is 16 bit */
+typedef krb5_int32      krb5_error_code;
+typedef unsigned char   krb5_octet;
+typedef krb5_octet      krb5_boolean;
+typedef krb5short       krb5_keytype; /* in k5.2 it's a short */
+typedef krb5_int32      krb5_flags;
+typedef krb5_int32  krb5_timestamp;
+
+typedef char * krb5_pointer;  /* pointer to unexposed data */
+
+typedef struct _krb5_ccache {
+    struct _krb5_cc_ops *ops;
+    krb5_pointer data;
+} *krb5_ccache;
+
+typedef struct _krb5_cc_ops {
+    char *prefix;
+    char *(*get_name) NPROTOTYPE((krb5_ccache));
+    krb5_error_code (*resolve) NPROTOTYPE((krb5_ccache *, char *));
+    krb5_error_code (*gen_new) NPROTOTYPE((krb5_ccache *));
+    krb5_error_code (*init) NPROTOTYPE((krb5_ccache, krb5_principal));
+    krb5_error_code (*destroy) NPROTOTYPE((krb5_ccache));
+    krb5_error_code (*close) NPROTOTYPE((krb5_ccache));
+    krb5_error_code (*store) NPROTOTYPE((krb5_ccache, krb5_creds *));
+    krb5_error_code (*retrieve) NPROTOTYPE((krb5_ccache, krb5_flags,
+                   krb5_creds *, krb5_creds *));
+    krb5_error_code (*get_princ) NPROTOTYPE((krb5_ccache,
+                        krb5_principal *));
+    krb5_error_code (*get_first) NPROTOTYPE((krb5_ccache,
+                        krb5_cc_cursor *));
+    krb5_error_code (*get_next) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *,
+                   krb5_creds *));
+    krb5_error_code (*end_get) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *));
+    krb5_error_code (*remove_cred) NPROTOTYPE((krb5_ccache, krb5_flags,
+                      krb5_creds *));
+    krb5_error_code (*set_flags) NPROTOTYPE((krb5_ccache, krb5_flags));
+} krb5_cc_ops;
+
+typedef struct _krb5_keyblock {
+	krb5_keytype keytype;
+	int length;
+	krb5_octet *contents;
+} krb5_keyblock;
+
+typedef struct _krb5_ticket_times {
+	krb5_timestamp authtime;
+	krb5_timestamp starttime;
+	krb5_timestamp endtime;
+	krb5_timestamp renew_till;
+} krb5_ticket_times;
+
+typedef krb5_pointer krb5_cc_cursor;
+
+typedef struct _krb5_data {
+   int length;
+   char *data;
+} krb5_data;
+
+typedef struct _krb5_authdata {
+   int ad_type;
+   int length;
+   krb5_octet *contents;
+} krb5_authdata;
+
+typedef struct _krb5_creds {
+    krb5_pointer client;
+    krb5_pointer server;
+    krb5_keyblock keyblock;
+    krb5_ticket_times times;
+    krb5_boolean is_skey;
+    krb5_flags ticket_flags;
+    krb5_pointer **addresses;
+    krb5_data ticket;
+    krb5_data second_ticket;
+    krb5_pointer **authdata;
+} krb5_creds;
+
+typedef krb5_pointer krb5_principal; 
+ 
+#define KRB5_CC_END                              336760974
+#define KRB5_TC_OPENCLOSE              0x00000001
+
+/* Ticket flags */
+/* flags are 32 bits; each host is responsible to put the 4 bytes
+   representing these bits into net order before transmission */
+/* #define  TKT_FLG_RESERVED    0x80000000 */
+#define TKT_FLG_FORWARDABLE     0x40000000
+#define TKT_FLG_FORWARDED       0x20000000
+#define TKT_FLG_PROXIABLE       0x10000000
+#define TKT_FLG_PROXY           0x08000000
+#define TKT_FLG_MAY_POSTDATE    0x04000000
+#define TKT_FLG_POSTDATED       0x02000000
+#define TKT_FLG_INVALID         0x01000000
+#define TKT_FLG_RENEWABLE       0x00800000
+#define TKT_FLG_INITIAL         0x00400000
+#define TKT_FLG_PRE_AUTH        0x00200000
+#define TKT_FLG_HW_AUTH         0x00100000
+#ifdef PK_INIT
+#define TKT_FLG_PUBKEY_PREAUTH          0x00080000
+#define TKT_FLG_DIGSIGN_PREAUTH         0x00040000
+#define TKT_FLG_PRIVKEY_PREAUTH         0x00020000
+#endif
+
+
+#define krb5_cc_get_principal(cache, principal) (*(cache)->ops->get_princ)(cache, principal)
+#define krb5_cc_set_flags(cache, flags) (*(cache)->ops->set_flags)(cache, flags)
+#define krb5_cc_get_name(cache) (*(cache)->ops->get_name)(cache)
+#define krb5_cc_start_seq_get(cache, cursor) (*(cache)->ops->get_first)(cache, cursor)
+#define krb5_cc_next_cred(cache, cursor, creds) (*(cache)->ops->get_next)(cache, cursor, creds)
+#define krb5_cc_destroy(cache) (*(cache)->ops->destroy)(cache)
+#define krb5_cc_end_seq_get(cache, cursor) (*(cache)->ops->end_get)(cache, cursor)
+
+/* end of k5 dummy typedefs */
+
diff --git a/crypto/heimdal/appl/dceutils/k5dcecon.c b/crypto/heimdal/appl/dceutils/k5dcecon.c
new file mode 100644
index 0000000..38acee9
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/k5dcecon.c
@@ -0,0 +1,791 @@
+/*
+ * (c) Copyright 1995 HEWLETT-PACKARD COMPANY
+ * 
+ * To anyone who acknowledges that this file is provided 
+ * "AS IS" without any express or implied warranty:
+ * permission to use, copy, modify, and distribute this 
+ * file for any purpose is hereby granted without fee, 
+ * provided that the above copyright notice and this 
+ * notice appears in all copies, and that the name of 
+ * Hewlett-Packard Company not be used in advertising or 
+ * publicity pertaining to distribution of the software 
+ * without specific, written prior permission.  Hewlett-
+ * Packard Company makes no representations about the 
+ * suitability of this software for any purpose.
+ *
+ */
+/*
+ * k5dcecon - Program to convert a K5 TGT to a DCE context,
+ * for use with DFS and its PAG.
+ * 
+ * The program is designed to be called as a sub process, 
+ * and return via stdout the name of the cache which implies 
+ * the PAG which should be used. This program itself does not 
+ * use the cache or PAG itself, so the PAG in the kernel for 
+ * this program may not be set. 
+ * 
+ * The calling program can then use the name of the cache
+ * to set the KRB5CCNAME and PAG for its self and its children. 
+ *
+ * If no ticket was passed, an attemplt to join an existing
+ * PAG will be made. 
+ * 
+ * If a forwarded K5 TGT is passed in, either a new DCE 
+ * context will be created, or an existing one will be updated.
+ * If the same ticket was already used to create an existing
+ * context, it will be joined instead. 
+ * 
+ * Parts of this program are based on k5dceauth,c which was
+ * given to me by HP and by the k5dcelogin.c which I developed. 
+ * A slightly different version of k5dcelogin.c, was added to
+ * DCE 1.2.2
+ * 
+ * D. E. Engert 6/17/97 ANL
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <locale.h>
+#include <pwd.h>
+#include <string.h>
+#include <time.h>
+
+#include <errno.h>
+#include "k5dce.h"
+
+#include <dce/sec_login.h>
+#include <dce/dce_error.h>
+#include <dce/passwd.h>
+
+/* #define DEBUG */
+#if defined(DEBUG)
+#define DEEDEBUG(A) fprintf(stderr,A); fflush(stderr)
+#define DEEDEBUG2(A,B) fprintf(stderr,A,B); fflush(stderr)
+#else
+#define DEEDEBUG(A)
+#define DEEDEBUG2(A,B)
+#endif
+
+#ifdef __hpux
+#define seteuid(A)		setresuid(-1,A,-1);
+#endif
+
+
+int k5dcecreate (uid_t, char *, char*, krb5_creds **);
+int k5dcecon (uid_t, char *, char *);
+int k5dcegettgt (krb5_ccache *, char *, char *, krb5_creds **);
+int k5dcematch (uid_t, char *, char *, off_t *, krb5_creds **);
+int k5dcesession (uid_t, char *, krb5_creds **, int *,krb5_flags);
+
+
+char *progname = "k5dcecon";
+static time_t now;
+
+#ifdef notdef
+#ifdef _AIX
+/*---------------------------------------------*/
+ /* AIX with DCE 1.1 does not have the com_err in the libdce.a
+  * do a half hearted job of substituting for it. 
+  */ 
+void com_err(char *p1, int code, ...) 
+{
+    int lst;
+    dce_error_string_t  err_string;
+    dce_error_inq_text(code, err_string, &lst);
+    fprintf(stderr,"Error %d in %s: %s\n", code, p1, err_string );
+}
+
+/*---------------------------------------------*/
+void krb5_init_ets()
+{
+
+}
+#endif
+#endif
+
+
+/*------------------------------------------------*/
+/* find a cache to use  for our new pag           */
+/* Since there is no simple way to determine which
+ * caches are associated with a pag, we will have
+ * do look around and see what makes most sense on 
+ * different systems. 
+ * on a Solaris system, and in the DCE source, 
+ * the pags always start with a 41. 
+ * this is not true on the IBM, where there does not
+ * appear to be any pattern. 
+ * 
+ * But since we are always certifing our creds when
+ * they are received, we can us that fact, and look
+ * at the first word of the associated data file
+ * to see that it has a "5". If not don't use. 
+ */
+
+int k5dcesession(luid, pname, tgt, ppag, tflags)
+  uid_t luid;
+  char *pname;
+  krb5_creds **tgt;
+  int *ppag;
+  krb5_flags tflags;
+{
+  DIR *dirp;
+  struct dirent *direntp;
+  off_t size;
+  krb5_timestamp endtime;
+  int better = 0;
+  krb5_creds *xtgt;
+
+  char prev_name[17] = "";  
+  krb5_timestamp prev_endtime;
+  off_t prev_size;
+  u_long prev_pag = 0;
+
+  char ccname[64] = "FILE:/opt/dcelocal/var/security/creds/";
+ 
+  error_status_t st;
+  sec_login_handle_t lcontext = 0;
+  dce_error_string_t  err_string;
+  int lst;
+
+  DEEDEBUG2("k5dcesession looking for flags %8.8x\n",tflags);
+
+  dirp = opendir("/opt/dcelocal/var/security/creds/");
+  if (dirp == NULL) {
+	return 1;
+  }
+
+  while ( (direntp = readdir( dirp )) != NULL ) {
+
+/*  
+ * (but root has the ffffffff which we are not interested in)
+ */
+    if (!strncmp(direntp->d_name,"dcecred_",8)
+         && (strlen(direntp->d_name) == 16)) {
+
+      /* looks like a cache name, lets do the stat, etc */
+
+      strcpy(ccname+38,direntp->d_name);
+      if (!k5dcematch(luid, pname, ccname, &size, &xtgt))  {
+
+        /* its one of our caches, see if it is better  
+         * i.e. the endtime is farther, and if the endtimes
+         * are the same, take the larger, as he who has the 
+         * most tickets wins.
+         * it must also had the same set of flags at least
+         * i.e. if the forwarded TGT is forwardable, this one must 
+         * be as well.   
+         */
+
+        DEEDEBUG2("Cache:%s",direntp->d_name);
+        DEEDEBUG2(" size:%d",size);
+		DEEDEBUG2(" flags:%8.8x",xtgt->ticket_flags);
+		DEEDEBUG2(" %s",ctime((time_t *)&xtgt->times.endtime));
+ 
+        if ((xtgt->ticket_flags & tflags) == tflags ) {
+          if (prev_name[0]) {
+            if (xtgt->times.endtime > prev_endtime) {
+              better = 1;
+            } else if ((xtgt->times.endtime = prev_endtime) 
+                  && (size > prev_size)){
+              better = 1;
+	        }
+          } else {   /* the first */
+            if (xtgt->times.endtime >= now) {
+            better = 1;
+	        }
+          }
+          if (better) {
+            strcpy(prev_name, direntp->d_name);
+	  	    prev_endtime = xtgt->times.endtime;
+            prev_size = size;
+            sscanf(prev_name+8,"%8X",&prev_pag);
+			*tgt = xtgt;
+            better = 0;
+          }
+        }
+      } 
+    }
+  }
+  (void)closedir( dirp );
+
+  if (!prev_name[0])  
+	 return 1; /* failed to find one */
+
+   DEEDEBUG2("Best: %s\n",prev_name);
+
+   if (ppag)
+      *ppag = prev_pag;
+
+   strcpy(ccname+38,prev_name);
+   setenv("KRB5CCNAME",ccname,1);
+ 
+   return(0);
+}
+
+
+/*----------------------------------------------*/
+/* see if this cache is for this this principal */
+
+int k5dcematch(luid, pname, ccname, sizep, tgt) 
+  uid_t luid;
+  char *pname;
+  char *ccname;
+  off_t *sizep;  /* size of the file */
+  krb5_creds **tgt;
+{
+
+  krb5_ccache cache;
+  struct stat stbuf;
+  char ccdata[256];
+  int fd;
+  int status;
+
+  /* DEEDEBUG2("k5dcematch called: cache=%s\n",ccname+38); */
+
+  if (!strncmp(ccname,"FILE:",5)) {
+
+    strcpy(ccdata,ccname+5);
+    strcat(ccdata,".data");
+
+    /* DEEDEBUG2("Checking the .data file for %s\n",ccdata); */
+
+    if (stat(ccdata, &stbuf))
+      return(1);
+ 
+    if (stbuf.st_uid != luid)
+      return(1);
+
+    if ((fd = open(ccdata,O_RDONLY)) == -1)
+      return(1);
+    
+    if ((read(fd,&status,4)) != 4) {
+      close(fd);
+      return(1);
+    }
+    
+    /* DEEDEBUG2(".data file status = %d\n", status); */
+
+    if (status != 5)
+     return(1);
+
+    if (stat(ccname+5, &stbuf))
+      return(1);
+
+    if (stbuf.st_uid != luid)
+      return(1);
+
+    *sizep = stbuf.st_size;
+  }
+
+  return(k5dcegettgt(&cache, ccname, pname, tgt));
+}
+
+
+/*----------------------------------------*/
+/* k5dcegettgt - get the tgt from a cache */
+
+int k5dcegettgt(pcache, ccname, pname, tgt)
+  krb5_ccache *pcache;
+  char *ccname;
+  char *pname;
+  krb5_creds **tgt;
+
+{
+  krb5_ccache cache;
+  krb5_cc_cursor cur;
+  krb5_creds creds;
+  int code;
+  int found = 1;
+  krb5_principal princ;
+  char *kusername;
+  krb5_flags flags;
+  char *sname, *realm, *tgtname = NULL;
+
+  /* Since DCE does not expose much of the Kerberos interface,
+   * we will have to use what we can. This means setting the 
+   * KRB5CCNAME for each file we want to test
+   * We will also not worry about freeing extra cache structures
+   * as this this routine is also not exposed, and this should not 
+   * effect this module. 
+   * We should also free the creds contents, but that is not exposed
+   * either. 
+   */
+
+  setenv("KRB5CCNAME",ccname,1);
+  cache = NULL;
+  *tgt = NULL;
+
+  if (code = krb5_cc_default(pcache)) {
+     com_err(progname, code, "while getting ccache");
+     goto return2;
+  }
+
+  DEEDEBUG("Got cache\n");
+  flags = 0;
+  if (code = krb5_cc_set_flags(*pcache, flags)) {
+    com_err(progname, code,"While setting flags"); 
+    goto return2;
+  }
+  DEEDEBUG("Set flags\n");
+  if (code = krb5_cc_get_principal(*pcache, &princ)) {
+	com_err(progname, code, "While getting princ");
+    goto return1;
+  }
+  DEEDEBUG("Got principal\n");
+  if (code = krb5_unparse_name(princ, &kusername)) {
+    com_err(progname, code, "While unparsing principal");
+    goto return1;
+  }
+
+  DEEDEBUG2("Unparsed to \"%s\"\n", kusername);
+  DEEDEBUG2("pname is \"%s\"\n", pname);
+  if (strcmp(kusername, pname)) {
+   DEEDEBUG("Principals not equal\n");
+   goto return1;
+  }
+  DEEDEBUG("Principals equal\n");
+
+  realm = strchr(pname,'@');
+  realm++;
+
+  if ((tgtname = malloc(9 + 2 * strlen(realm))) == 0) {
+       fprintf(stderr,"Malloc failed for tgtname\n");
+       goto return1;
+  }
+
+  strcpy(tgtname,"krbtgt/");
+  strcat(tgtname,realm);
+  strcat(tgtname,"@");
+  strcat(tgtname,realm);
+ 
+  DEEDEBUG2("Getting tgt %s\n", tgtname);
+  if (code = krb5_cc_start_seq_get(*pcache, &cur)) {
+    com_err(progname, code, "while starting to retrieve tickets");
+    goto return1;
+  }
+
+  while (!(code = krb5_cc_next_cred(*pcache, &cur, &creds))) {
+    krb5_creds *cred = &creds;
+
+    if (code = krb5_unparse_name(cred->server, &sname)) {
+      com_err(progname, code, "while unparsing server name");
+      continue;
+    }
+
+    if (strncmp(sname, tgtname, strlen(tgtname)) == 0) {
+      DEEDEBUG("FOUND\n");
+      if (code = krb5_copy_creds(&creds, tgt)) {
+        com_err(progname, code, "while copying TGT");
+        goto return1;
+      }
+      found = 0;
+      break;
+    } 
+    /* we should do a krb5_free_cred_contents(creds); */
+  }
+
+  if (code = krb5_cc_end_seq_get(*pcache, &cur)) {
+    com_err(progname, code, "while finishing retrieval"); 
+    goto return2;
+  }
+
+return1:
+  flags = KRB5_TC_OPENCLOSE; 
+  krb5_cc_set_flags(*pcache, flags); /* force a close */
+   
+return2:
+  if (tgtname)
+    free(tgtname);
+
+  return(found);
+}
+
+
+/*------------------------------------------*/
+/* Convert a forwarded TGT to a DCE context */
+int k5dcecon(luid, luser, pname)
+  uid_t luid;
+  char *luser;
+  char *pname;
+{
+
+  krb5_creds *ftgt = NULL;
+  krb5_creds *tgt = NULL;
+  unsigned32 dfspag;
+  boolean32 reset_passwd = 0;
+  int lst;
+  dce_error_string_t  err_string;
+  char *shell_prog;
+  krb5_ccache fcache;
+  char *ccname;
+  char *kusername;
+  char *urealm;
+  char *cp;
+  int pag;
+  int code;
+  krb5_timestamp endtime;
+
+
+  /* If there is no cache to be converted, we should not be here */
+
+  if ((ccname = getenv("KRB5CCNAME")) == NULL) {
+    DEEDEBUG("No KRB5CCNAME\n");
+    return(1);
+  }
+
+  if (k5dcegettgt(&fcache, ccname, pname, &ftgt)) {
+    fprintf(stderr, "%s: Did not find TGT\n", progname);
+    return(1);
+  }
+
+ 
+  DEEDEBUG2("flags=%x\n",ftgt->ticket_flags);
+  if (!(ftgt->ticket_flags & TKT_FLG_FORWARDABLE)){
+    fprintf(stderr,"Ticket not forwardable\n");
+    return(0); /* but OK to continue */
+  }
+
+  setenv("KRB5CCNAME","",1);
+    
+#define TKT_ACCEPTABLE (TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE \
+         | TKT_FLG_MAY_POSTDATE | TKT_FLG_RENEWABLE | TKT_FLG_HW_AUTH \
+         | TKT_FLG_PRE_AUTH)
+
+  if (!k5dcesession(luid, pname, &tgt, &pag, 
+        (ftgt->ticket_flags & TKT_ACCEPTABLE))) {
+    if (ftgt->times.endtime > tgt->times.endtime) {
+      DEEDEBUG("Updating existing cache\n"); 
+      return(k5dceupdate(&ftgt, pag));
+    } else {
+      DEEDEBUG("Using existing cache\n");
+      return(0); /* use the original one */
+    }
+  } 
+    /* see if the tgts match up */
+
+  if ((code = k5dcecreate(luid, luser, pname, &ftgt))) {
+	return (code);
+  }
+
+  /*
+   * Destroy the Kerberos5 cred cache file.
+   * but dont care aout the return code. 
+   */
+
+  DEEDEBUG("Destroying the old cache\n");
+  if ((code = krb5_cc_destroy(fcache))) {
+    com_err(progname, code, "while destroying Kerberos5 ccache");
+  }
+  return (0);
+}
+
+
+/*--------------------------------------------------*/
+/* k5dceupdate - update the cache with a new TGT    */
+/* Assumed that the KRB5CCNAME has been set         */
+
+int k5dceupdate(krbtgt, pag) 
+   krb5_creds **krbtgt;
+   int pag;
+{
+ 
+  krb5_ccache ccache;
+  int code;
+
+  if (code = krb5_cc_default(&ccache)) {
+    com_err(progname, code, "while opening cache for update");
+    return(2);
+   }
+
+  if (code = ccache->ops->init(ccache,(*krbtgt)->client)) {
+    com_err(progname, code, "while reinitilizing cache");
+    return(3);
+  } 
+
+    /* krb5_cc_store_cred */
+  if (code = ccache->ops->store(ccache, *krbtgt)) {
+    com_err(progname, code, "while updating cache");
+    return(2);
+  }
+
+  sec_login_pag_new_tgt(pag, (*krbtgt)->times.endtime);
+  return(0);
+}
+/*--------------------------------------------------*/
+/* k5dcecreate - create a new DCE context           */
+
+int k5dcecreate(luid, luser, pname, krbtgt)
+   uid_t luid;
+   char *luser;
+   char *pname;
+   krb5_creds **krbtgt;
+{
+   
+    char *cp;
+    char *urealm;
+    char *username;
+    char *defrealm;
+    uid_t uid;
+
+    error_status_t st;
+    sec_login_handle_t lcontext = 0;
+    sec_login_auth_src_t auth_src = 0;
+    boolean32 reset_passwd = 0;
+    int lst;
+    dce_error_string_t  err_string;
+
+	setenv("KRB5CCNAME","",1); /* make sure it not misused */
+
+	uid = getuid();
+	DEEDEBUG2("uid=%d\n",uid);
+    
+	/* if run as root, change to user, so as to have the
+	 * cache created for the local user even if cross-cell
+	 * If run as a user, let standard file protection work.
+	 */
+
+	if (uid == 0) {
+		seteuid(luid);
+	}  
+
+	cp = strchr(pname,'@');
+	*cp = '\0';
+	urealm = ++cp;
+
+ DEEDEBUG2("basename=%s\n",cp);
+ DEEDEBUG2("realm=%s\n",urealm);
+
+    /* now build the username as a single string or a /.../cell/user
+     * if this is a cross cell
+     */
+
+	if ((username = malloc(7+strlen(pname)+strlen(urealm))) == 0) {
+         fprintf(stderr,"Malloc failed for username\n");
+         goto abort;
+    }
+    if (krb5_get_default_realm(&defrealm)) {
+        DEEDEBUG("krb5_get_default_realm failed\n");
+        goto abort;
+    }
+
+
+    if (!strcmp(urealm,defrealm)) {
+        strcpy(username,pname);
+    } else {
+        strcpy(username,"/.../");
+        strcat(username,urealm);
+        strcat(username,"/");
+        strcat(username,pname);
+    }
+
+    /*
+     * Setup a DCE login context
+     */
+
+    if (sec_login_setup_identity((unsigned_char_p_t)username, 
+				 (sec_login_external_tgt|sec_login_proxy_cred),
+				 &lcontext, &st)) {
+	/*
+	 * Add our TGT.
+	 */
+	  DEEDEBUG("Adding our new TGT\n");
+	  sec_login_krb5_add_cred(lcontext, *krbtgt, &st);
+	  if (st) {
+	    dce_error_inq_text(st, err_string, &lst);
+	    fprintf(stderr,
+				"Error while adding credentials for %s because %s\n", 
+				username, err_string);
+	    goto abort;
+	  }	
+	  DEEDEBUG("validating and certifying\n");
+	  /*
+	   * Now "validate" and certify the identity,
+	   *  usually we would pass a password here, but...
+	   * sec_login_valid_and_cert_ident
+	   * sec_login_validate_identity
+	   */
+
+	  if (sec_login_validate_identity(lcontext, 0, &reset_passwd,
+		 &auth_src, &st)) {
+	    DEEDEBUG2("validate_identity st=%d\n",st);
+	    if (st) {
+		  dce_error_inq_text(st, err_string, &lst);
+		  fprintf(stderr, "Validation error for %s because %s\n",
+				 username, err_string);
+		  goto abort;
+	    }
+		if (!sec_login_certify_identity(lcontext,&st)) {
+			dce_error_inq_text(st, err_string, &lst);
+			fprintf(stderr,
+			"Credentials not certified because %s\n",err_string);
+		}
+	    if (reset_passwd) {
+		 fprintf(stderr,
+                "Password must be changed for %s\n", username);
+	    }
+	    if (auth_src == sec_login_auth_src_local) {
+		fprintf(stderr,
+			 "Credentials obtained from local registry for %s\n", 
+			 username);
+	    }
+	    if (auth_src == sec_login_auth_src_overridden) {
+		  fprintf(stderr, "Validated %s from local override entry, no network credentials obtained\n", username);
+		  goto abort; 
+
+	    }
+	    /*
+	     * Actually create the cred files.
+	     */
+		DEEDEBUG("Ceating new cred files.\n");
+	    sec_login_set_context(lcontext, &st);
+	    if (st) {
+		  dce_error_inq_text(st, err_string, &lst);
+		  fprintf(stderr, 
+                "Unable to set context for %s because %s\n",
+		    username, err_string);
+		  goto abort;
+	    }
+
+        /*
+         * Now free up the local context and leave the 
+         * network context with its pag
+         */
+#if 0
+        sec_login_release_context(&lcontext, &st);
+        if (st) {
+          dce_error_inq_text(st, err_string, &lst);
+          fprintf(stderr,
+               "Unable to release context for %s because %s\n",
+            username, err_string);
+          goto abort;
+        }
+#endif
+	}
+	else {
+	  DEEDEBUG2("validate failed %d\n",st);
+	  dce_error_inq_text(st, err_string, &lst);
+	  fprintf(stderr,
+             "Unable to validate %s because %s\n", username, 
+			err_string);
+	  goto abort;
+	}
+  }
+  else {
+	dce_error_inq_text(st, err_string, &lst);
+	fprintf(stderr, 
+          "Unable to setup login entry for %s because %s\n",
+       username, err_string);
+	  goto abort;
+  }
+
+ done:
+    /* if we were root, get back to root */
+
+    DEEDEBUG2("sec_login_inq_pag %8.8x\n",
+             sec_login_inq_pag(lcontext, &st));
+
+    if (uid == 0) {
+      seteuid(0);
+    }  
+
+	DEEDEBUG("completed\n");
+	return(0);
+
+ abort:
+    if (uid == 0) {
+      seteuid(0);
+    }  
+
+    DEEDEBUG("Aborting\n");
+    return(2);
+}
+
+
+
+/*-------------------------------------------------*/
+main(argc, argv)
+  int argc;
+  char *argv[];
+{
+  int status;
+  extern int optind;
+  extern char *optarg;
+  int rv;
+
+  char *lusername = NULL;
+  char *pname = NULL;
+  int fflag = 0;
+  struct passwd *pw;
+  uid_t luid;
+  uid_t myuid;
+  char *ccname;
+  krb5_creds *tgt = NULL;
+
+#ifdef DEBUG
+  close(2);
+  open("/tmp/k5dce.debug",O_WRONLY|O_CREAT|O_APPEND);
+#endif
+
+  if (myuid = getuid()) {
+    DEEDEBUG2("UID = %d\n",myuid);
+    exit(33); /* must be root to run this, get out now */
+  }
+
+  while ((rv = getopt(argc,argv,"l:p:fs")) != -1) {
+    DEEDEBUG2("Arg = %c\n", rv);
+    switch(rv) {
+      case 'l':         /* user name */
+	lusername = optarg;
+	DEEDEBUG2("Optarg = %s\n", optarg);
+	break;
+      case 'p':         /* principal name */
+        pname = optarg; 
+	DEEDEBUG2("Optarg = %s\n", optarg);
+        break;
+      case 'f':         /* convert a forwarded TGT to a context */
+        fflag++;
+        break;
+      case 's':      /* old test parameter, ignore it */
+        break; 
+    }
+  }
+
+  setlocale(LC_ALL, "");
+  krb5_init_ets();
+  time(&now); /* set time to check expired tickets */
+
+  /* if lusername == NULL, Then user is passed as the USER= variable */ 
+
+  if (!lusername) {
+    lusername = getenv("USER");
+    if (!lusername) {
+      fprintf(stderr, "USER not in environment\n");
+      return(3);
+    }
+  }
+
+  if ((pw = getpwnam(lusername)) == NULL) {
+    fprintf(stderr, "Who are you?\n");
+    return(44);
+  }
+
+  luid = pw->pw_uid;
+
+  if (fflag) {  
+    status = k5dcecon(luid, lusername, pname); 
+  } else {
+    status = k5dcesession(luid, pname, &tgt, NULL, 0);
+  }
+ 
+  if (!status) {
+    printf("%s",getenv("KRB5CCNAME")); /* return via stdout to caller */
+    DEEDEBUG2("KRB5CCNAME=%s\n",getenv("KRB5CCNAME"));
+  }
+
+  DEEDEBUG2("Returning status %d\n",status);
+  return (status);
+}
diff --git a/crypto/heimdal/appl/dceutils/testpag.c b/crypto/heimdal/appl/dceutils/testpag.c
new file mode 100644
index 0000000..4613fba
--- /dev/null
+++ b/crypto/heimdal/appl/dceutils/testpag.c
@@ -0,0 +1,150 @@
+/* Test the k5dcepag routine by setting a pag, and 
+ * and execing a shell under this pag. 
+ * 
+ * This allows you to join a PAG which was created  
+ * earlier by some other means. 
+ * for example k5dcecon
+ * 
+ * Must be run as root for testing only. 
+ *
+ */
+
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#define POSIX_SETJMP
+#define POSIX_SIGNALS
+
+#ifdef POSIX_SIGNALS
+typedef struct sigaction handler;
+#define handler_init(H,F)       (sigemptyset(&(H).sa_mask), \
+                     (H).sa_flags=0, \
+                     (H).sa_handler=(F))
+#define handler_swap(S,NEW,OLD)     sigaction(S, &NEW, &OLD)
+#define handler_set(S,OLD)      sigaction(S, &OLD, NULL)
+#else
+typedef sigtype (*handler)();
+#define handler_init(H,F)       ((H) = (F))
+#define handler_swap(S,NEW,OLD)     ((OLD) = signal ((S), (NEW)))
+
+#define handler_set(S,OLD)      (signal ((S), (OLD)))
+#endif
+
+typedef void sigtype;
+
+/*
+ * We could include the dcedfs/syscall.h which should have these
+ * numbers, but it has extra baggage. So for
+ * simplicity sake now, we define these here.
+ */
+
+
+#define AFSCALL_SETPAG 2
+#define AFSCALL_GETPAG 11
+
+#if defined(sun)
+#define AFS_SYSCALL  72
+
+#elif defined(hpux)
+/* assume HPUX 10 +  or is it 50 */
+#define AFS_SYSCALL 326
+
+#elif defined(_AIX)
+#define DPAGAIX "dpagaix"
+/* #define DPAGAIX "/krb5/sbin/dpagaix" */
+
+#elif defined(sgi) || defined(_sgi)
+#define AFS_SYSCALL  206+1000
+
+#else
+#define AFS_SYSCALL (Unknown_DFS_AFS_SYSCALL)
+#endif
+
+static sigjmp_buf setpag_buf;
+
+static sigtype mysig()
+{
+  siglongjmp(setpag_buf, 1);
+}
+
+
+int  krb5_dfs_newpag(new_pag)
+  int new_pag;
+{
+  handler sa1, osa1;
+  handler sa2, osa2;
+  int pag = -1;
+
+  handler_init (sa1, mysig);
+  handler_init (sa2, mysig);
+  handler_swap (SIGSYS, sa1, osa1);
+  handler_swap (SIGSEGV, sa2, osa2);
+ 
+  if (sigsetjmp(setpag_buf, 1) == 0) {
+#if defined(_AIX)
+    int (*dpagaix)(int, int, int, int, int, int);
+
+    if (dpagaix = load(DPAGAIX, 0, 0)) 
+      pag = (*dpagaix)(AFSCALL_SETPAG, new_pag, 0, 0, 0, 0);
+#else
+    pag = syscall(AFS_SYSCALL,AFSCALL_SETPAG, new_pag, 0, 0, 0, 0);
+#endif
+    handler_set (SIGSYS, osa1);
+    handler_set (SIGSEGV, osa2);
+    return(pag);
+  }
+
+  fprintf(stderr,"Setpag failed with a system error\n");
+  /* syscall failed! return 0 */
+  handler_set (SIGSYS, osa1);
+  handler_set (SIGSEGV, osa2);
+  return(-1);
+}
+
+main(argc, argv)
+	int argc;
+	char *argv[];
+{
+  extern int optind;
+  extern char *optarg;
+  int rv;
+  int rc;
+  unsigned int pag;
+  unsigned int newpag = 0;
+  char ccname[256];
+  int nflag = 0;
+  
+  while((rv = getopt(argc,argv,"n:")) != -1) {
+    switch(rv) {
+     case 'n':
+       nflag++;
+       sscanf(optarg,"%8x",&newpag);
+       break;
+     default:
+       printf("Usage: k5dcepagt -n pag \n");
+       exit(1);
+    }
+  }
+
+  if (nflag) {
+    fprintf (stderr,"calling k5dcepag newpag=%8.8x\n",newpag);
+    pag = krb5_dfs_newpag(newpag);
+
+    fprintf (stderr,"PAG returned = %8.8x\n",pag);
+    if ((pag != 0) && (pag != -1)) {
+      sprintf (ccname,
+        "FILE:/opt/dcelocal/var/security/creds/dcecred_%8.8x", 
+        pag);
+      esetenv("KRB5CCNAME",ccname,1);
+      execl("/bin/csh","csh",0);
+    }
+    else {
+      fprintf(stderr," Not a good pag value\n");
+    }
+  }
+}
diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog
index 58dd9f8..226902f 100644
--- a/crypto/heimdal/appl/ftp/ChangeLog
+++ b/crypto/heimdal/appl/ftp/ChangeLog
@@ -1,3 +1,25 @@
+2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpd.c (do_store): call closefunc before claiming that
+	everything went ok, if the close fails the file might not have
+	been stored properly
+
+2001-03-26  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c, ftpd/popen.c: always use GLOB_LIMIT
+	* ftpd/popen.c (ftpd_popen): use GLOB_LIMIT if defined
+	* ftpd/ftpd.c (send_file_list): use GLOB_LIMIT if defined
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* ftp/cmds.c (setpeer): handle both service names and port numbers
+	for the second optional argument.  also make parsing more robust
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* ftp/security.c (sec_end): only clean app_data if there is any
+	(*): do realloc consistently
+
 2001-02-05  Assar Westerlund  <assar@sics.se>
 
 	* ftpd/popen.c (ftpd_popen): avoid overwriting the bounds of argv
diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in
index e25633c..d704ee8 100644
--- a/crypto/heimdal/appl/ftp/Makefile.in
+++ b/crypto/heimdal/appl/ftp/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 SUBDIRS = common ftp ftpd
@@ -205,9 +208,10 @@ DIST_COMMON =  ChangeLog Makefile.am Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 
 GZIP_ENV = --best
+DIST_SUBDIRS =  $(SUBDIRS)
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/Makefile
 
@@ -248,11 +252,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -298,6 +307,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in
index a46eff6..525c6bd 100644
--- a/crypto/heimdal/appl/ftp/common/Makefile.in
+++ b/crypto/heimdal/appl/ftp/common/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 noinst_LIBRARIES = libcommon.a
@@ -231,7 +234,7 @@ OBJECTS = $(am_libcommon_a_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/common/Makefile
 
@@ -305,6 +308,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in
index 1a28ad9..1986d3e 100644
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.in
+++ b/crypto/heimdal/appl/ftp/ftp/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = 
 
 bin_PROGRAMS = ftp
@@ -284,7 +287,7 @@ OBJECTS = $(am_ftp_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftp/Makefile
 
@@ -417,6 +420,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/ftp/ftp/cmds.c b/crypto/heimdal/appl/ftp/ftp/cmds.c
index c7a066d..3f1933e 100644
--- a/crypto/heimdal/appl/ftp/ftp/cmds.c
+++ b/crypto/heimdal/appl/ftp/ftp/cmds.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: cmds.c,v 1.41 2000/07/18 10:00:31 joda Exp $");
+RCSID("$Id: cmds.c,v 1.42 2001/02/15 04:17:09 assar Exp $");
 
 typedef void (*sighand)(int);
 
@@ -81,7 +81,7 @@ void
 setpeer(int argc, char **argv)
 {
 	char *host;
-	short port;
+	u_short port;
 	struct servent *sp;
 
 	if (connected) {
@@ -102,14 +102,23 @@ setpeer(int argc, char **argv)
 		errx(1, "You bastard. You removed ftp/tcp from services");
 	port = sp->s_port;
 	if (argc > 2) {
-		port = atoi(argv[2]);
-		if (port <= 0) {
-			printf("%s: bad port number-- %s\n", argv[1], argv[2]);
-			printf ("usage: %s host-name [port]\n", argv[0]);
-			code = -1;
-			return;
+		sp = getservbyname(argv[2], "tcp");
+		if (sp != NULL) {
+			port = sp->s_port;
+		} else {
+			char *ep;
+
+			port = strtol(argv[2], &ep, 0);
+			if (argv[2] == ep) {
+				printf("%s: bad port number-- %s\n",
+				       argv[1], argv[2]);
+				printf ("usage: %s host-name [port]\n",
+					argv[0]);
+				code = -1;
+				return;
+			}
+			port = htons(port);
 		}
-		port = htons(port);
 	}
 	host = hookup(argv[1], port);
 	if (host) {
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.cat1 b/crypto/heimdal/appl/ftp/ftp/ftp.cat1
new file mode 100644
index 0000000..66262de
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftp/ftp.cat1
@@ -0,0 +1,650 @@
+
+FTP(1)                       UNIX Reference Manual                      FTP(1)
+
+NNAAMMEE
+     ffttpp - ARPANET file transfer program
+
+SSYYNNOOPPSSIISS
+     ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     FFttpp is the user interface to the ARPANET standard File Transfer Protocol.
+     The program allows a user to transfer files to and from a remote network
+     site.
+
+     Modifications has been made so that it almost follows the ftpsec Internet
+     draft.
+
+     Options may be specified at the command line, or to the command inter-
+     preter.
+
+     --tt    Enables packet tracing.
+
+     --vv    Verbose option forces ffttpp to show all responses from the remote
+           server, as well as report on data transfer statistics.
+
+     --nn    Restrains ffttpp from attempting ``auto-login'' upon initial connec-
+           tion.  If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be-
+           low) file in the user's home directory for an entry describing an
+           account on the remote machine.  If no entry exists, ffttpp will prompt
+           for the remote machine login name (default is the user identity on
+           the local machine), and, if necessary, prompt for a password and an
+           account with which to login.
+
+     --ii    Turns off interactive prompting during multiple file transfers.
+
+     --pp    Turn on passive mode.
+
+     --dd    Enables debugging.
+
+     --gg    Disables file name globbing.
+
+     --ll    Disables command line editing.
+
+     The client host with which ffttpp is to communicate may be specified on the
+     command line.  If this is done, ffttpp will immediately attempt to establish
+     a connection to an FTP server on that host; otherwise, ffttpp will enter its
+     command interpreter and await instructions from the user.  When ffttpp is
+     awaiting commands from the user the prompt `ftp>' is provided to the us-
+     er.  The following commands are recognized by ffttpp:
+
+     !! [_c_o_m_m_a_n_d [_a_r_g_s]]
+                 Invoke an interactive shell on the local machine.  If there
+                 are arguments, the first is taken to be a command to execute
+                 directly, with the rest of the arguments as its arguments.
+
+     $$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s]
+                 Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff
+                 command.  Arguments are passed to the macro unglobbed.
+
+     aaccccoouunntt [_p_a_s_s_w_d]
+                 Supply a supplemental password required by a remote system
+                 for access to resources once a login has been successfully
+                 completed.  If no argument is included, the user will be
+
+
+                 prompted for an account password in a non-echoing input mode.
+
+     aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
+                 Append a local file to a file on the remote machine.  If
+                 _r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used
+                 in naming the remote file after being altered by any nnttrraannss
+                 or nnmmaapp setting.  File transfer uses the current settings for
+                 ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
+
+     aasscciiii       Set the file transfer ttyyppee to network ASCII. This is the de-
+                 fault type.
+
+     bbeellll        Arrange that a bell be sounded after each file transfer com-
+                 mand is completed.
+
+     bbiinnaarryy      Set the file transfer ttyyppee to support binary image transfer.
+
+     bbyyee         Terminate the FTP session with the remote server and exit
+                 ffttpp. An end of file will also terminate the session and exit.
+
+     ccaassee        Toggle remote computer file name case mapping during mmggeett
+                 commands.  When ccaassee is on (default is off), remote computer
+                 file names with all letters in upper case are written in the
+                 local directory with the letters mapped to lower case.
+
+     ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y
+                 Change the working directory on the remote machine to _r_e_m_o_t_e_-
+                 _d_i_r_e_c_t_o_r_y.
+
+     ccdduupp        Change the remote machine working directory to the parent of
+                 the current remote machine working directory.
+
+     cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e
+                 Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re-
+                 mote sytem to _m_o_d_e.
+
+     cclloossee       Terminate the FTP session with the remote server, and return
+                 to the command interpreter.  Any defined macros are erased.
+
+     ccrr          Toggle carriage return stripping during ascii type file re-
+                 trieval.  Records are denoted by a carriage return/linefeed
+                 sequence during ascii type file transfer.  When ccrr is on (the
+                 default), carriage returns are stripped from this sequence to
+                 conform with the UNIX single linefeed record delimiter.
+                 Records on non-UNIX remote systems may contain single line-
+                 feeds; when an ascii type transfer is made, these linefeeds
+                 may be distinguished from a record delimiter only when ccrr is
+                 off.
+
+     ddeelleettee _r_e_m_o_t_e_-_f_i_l_e
+                 Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine.
+
+     ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e]
+                 Toggle debugging mode.  If an optional _d_e_b_u_g_-_v_a_l_u_e is speci-
+                 fied it is used to set the debugging level.  When debugging
+                 is on, ffttpp prints each command sent to the remote machine,
+                 preceded by the string `-->'
+
+     ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
+                 Print a listing of the directory contents in the directory,
+                 _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in
+                 _l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt
+                 the user to verify that the last argument is indeed the tar-
+                 get local file for receiving ddiirr output.  If no directory is
+                 specified, the current working directory on the remote ma-
+                 chine is used.  If no local file is specified, or _l_o_c_a_l_-_f_i_l_e
+
+                 is --, output comes to the terminal.
+
+     ddiissccoonnnneecctt  A synonym for _c_l_o_s_e.
+
+     ffoorrmm _f_o_r_m_a_t
+                 Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is
+                 ``file''.
+
+     ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
+                 Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine.
+                 If the local file name is not specified, it is given the same
+                 name it has on the remote machine, subject to alteration by
+                 the current ccaassee, nnttrraannss, and nnmmaapp settings.  The current
+                 settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while
+                 transferring the file.
+
+     gglloobb        Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If
+                 globbing is turned off with gglloobb, the file name arguments are
+                 taken literally and not expanded.  Globbing for mmppuutt is done
+                 as in csh(1).  For mmddeelleettee and mmggeett, each remote file name is
+                 expanded separately on the remote machine and the lists are
+                 not merged.  Expansion of a directory name is likely to be
+                 different from expansion of the name of an ordinary file: the
+                 exact result depends on the foreign operating system and ftp
+                 server, and can be previewed by doing `mls remote-files -'.
+                 As a security measure, remotely globbed files that starts
+                 with `/' or contains `../', will not be automatically re-
+                 ceived. If you have interactive prompting turned off, these
+                 filenames will be ignored.  Note: mmggeett and mmppuutt are not meant
+                 to transfer entire directory subtrees of files.  That can be
+                 done by transferring a tar(1) archive of the subtree (in bi-
+                 nary mode).
+
+     hhaasshh        Toggle hash-sign (``#'') printing for each data block trans-
+                 ferred.  The size of a data block is 1024 bytes.
+
+     hheellpp [_c_o_m_m_a_n_d]
+                 Print an informative message about the meaning of _c_o_m_m_a_n_d. If
+                 no argument is given, ffttpp prints a list of the known com-
+                 mands.
+
+     iiddllee [_s_e_c_o_n_d_s]
+                 Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec-
+                 onds.  If _s_e_c_o_n_d_s is omitted, the current inactivity timer is
+                 printed.
+
+     llccdd [_d_i_r_e_c_t_o_r_y]
+                 Change the working directory on the local machine.  If no
+                 _d_i_r_e_c_t_o_r_y is specified, the user's home directory is used.
+
+     llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
+                 Print a listing of the contents of a directory on the remote
+                 machine.  The listing includes any system-dependent informa-
+                 tion that the server chooses to include; for example, most
+                 UNIX systems will produce output from the command `ls -l'.
+                 (See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified,
+                 the current working directory is used.  If interactive
+                 prompting is on, ffttpp will prompt the user to verify that the
+                 last argument is indeed the target local file for receiving
+                 llss output.  If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e
+                 is `--', the output is sent to the terminal.
+
+     mmaaccddeeff _m_a_c_r_o_-_n_a_m_e
+                 Define a macro.  Subsequent lines are stored as the macro
+                 _m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a
+                 file or carriage returns from the terminal) terminates macro
+                 input mode.  There is a limit of 16 macros and 4096 total
+                 characters in all defined macros.  Macros remain defined un-
+                 til a cclloossee command is executed.  The macro processor inter-
+                 prets `$' and `\' as special characters.  A `$' followed by a
+                 number (or numbers) is replaced by the corresponding argument
+                 on the macro invocation command line.  A `$' followed by an
+                 `i' signals that macro processor that the executing macro is
+                 to be looped.  On the first pass `$i' is replaced by the
+                 first argument on the macro invocation command line, on the
+                 second pass it is replaced by the second argument, and so on.
+                 A `\' followed by any character is replaced by that charac-
+                 ter.  Use the `\' to prevent special treatment of the `$'.
+
+     mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s]
+                 Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine.
+
+     mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
+                 Like ddiirr, except multiple remote files may be specified.  If
+                 interactive prompting is on, ffttpp will prompt the user to ver-
+                 ify that the last argument is indeed the target local file
+                 for receiving mmddiirr output.
+
+     mmggeett _r_e_m_o_t_e_-_f_i_l_e_s
+                 Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett
+                 for each file name thus produced.  See gglloobb for details on
+                 the filename expansion.  Resulting file names will then be
+                 processed according to ccaassee, nnttrraannss, and nnmmaapp settings.
+                 Files are transferred into the local working directory, which
+                 can be changed with `lcd directory'; new local directories
+                 can be created with `! mkdir directory'.
+
+     mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
+                 Make a directory on the remote machine.
+
+     mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
+                 Like nnlliisstt, except multiple remote files may be specified,
+                 and the _l_o_c_a_l_-_f_i_l_e must be specified.  If interactive prompt-
+                 ing is on, ffttpp will prompt the user to verify that the last
+                 argument is indeed the target local file for receiving mmllss
+                 output.
+
+     mmooddee [_m_o_d_e_-_n_a_m_e]
+                 Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is
+                 ``stream'' mode.
+
+     mmooddttiimmee _f_i_l_e_-_n_a_m_e
+                 Show the last modification time of the file on the remote ma-
+                 chine.
+
+     mmppuutt _l_o_c_a_l_-_f_i_l_e_s
+                 Expand wild cards in the list of local files given as argu-
+                 ments and do a ppuutt for each file in the resulting list.  See
+                 gglloobb for details of filename expansion.  Resulting file names
+                 will then be processed according to nnttrraannss and nnmmaapp settings.
+
+     nneewweerr _f_i_l_e_-_n_a_m_e
+                 Get the file only if the modification time of the remote file
+                 is more recent that the file on the current system.  If the
+                 file does not exist on the current system, the remote file is
+                 considered nneewweerr. Otherwise, this command is identical to
+                 _g_e_t.
+
+     nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
+                 Print a  list of the files in a directory on the remote ma-
+                 chine.  If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current
+                 working directory is used.  If interactive prompting is on,
+                 ffttpp will prompt the user to verify that the last argument is
+                 indeed the target local file for receiving nnlliisstt output.  If
+                 no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output
+                 is sent to the terminal.
+
+     nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n]
+                 Set or unset the filename mapping mechanism.  If no arguments
+                 are specified, the filename mapping mechanism is unset.  If
+                 arguments are specified, remote filenames are mapped during
+                 mmppuutt commands and ppuutt commands issued without a specified re-
+                 mote target filename.  If arguments are specified, local
+                 filenames are mapped during mmggeett commands and ggeett commands
+                 issued without a specified local target filename.  This com-
+                 mand is useful when connecting to a non-UNIX remote computer
+                 with different file naming conventions or practices.  The
+                 mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n.
+                 [_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may
+                 have already been processed according to the nnttrraannss and ccaassee
+                 settings).  Variable templating is accomplished by including
+                 the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to
+                 prevent this special treatment of the `$' character.  All
+                 other characters are treated literally, and are used to de-
+                 termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values.  For example,
+                 given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data",
+                 $1 would have the value "mydata", and $2 would have the value
+                 "data".  The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file-
+                 name.  The sequences `$1', `$2', ...., `$9' are replaced by
+                 any value resulting from the _i_n_p_a_t_t_e_r_n template.  The se-
+                 quence `$0' is replace by the original filename.  Additional-
+                 ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1
+                 is not a null string; otherwise it is replaced by _s_e_q_2. For
+                 example, the command
+
+                       nmap $1.$2.$3 [$1,$2].[$2,file]
+
+                 would yield the output filename "myfile.data" for input file-
+                 names "myfile.data" and "myfile.data.old", "myfile.file" for
+                 the input filename "myfile", and "myfile.myfile" for the in-
+                 put filename ".myfile".  Spaces may be included in
+                 _o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/  *$//" > $1'
+                 .  Use the `\' character to prevent special treatment of the
+                 `$','[','[', and `,' characters.
+
+     nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]]
+                 Set or unset the filename character translation mechanism.
+                 If no arguments are specified, the filename character trans-
+                 lation mechanism is unset.  If arguments are specified, char-
+                 acters in remote filenames are translated during mmppuutt com-
+                 mands and ppuutt commands issued without a specified remote tar-
+                 get filename.  If arguments are specified, characters in lo-
+                 cal filenames are translated during mmggeett commands and ggeett
+                 commands issued without a specified local target filename.
+                 This command is useful when connecting to a non-UNIX remote
+                 computer with different file naming conventions or practices.
+                 Characters in a filename matching a character in _i_n_c_h_a_r_s are
+                 replaced with the corresponding character in _o_u_t_c_h_a_r_s. If the
+                 character's position in _i_n_c_h_a_r_s is longer than the length of
+                 _o_u_t_c_h_a_r_s, the character is deleted from the file name.
+
+     ooppeenn _h_o_s_t [_p_o_r_t]
+                 Establish a connection to the specified _h_o_s_t FTP server.  An
+                 optional port number may be supplied, in which case, ffttpp will
+                 attempt to contact an FTP server at that port.  If the aauuttoo--
+                 llooggiinn option is on (default), ffttpp will also attempt to auto-
+
+                 matically log the user in to the FTP server (see below).
+
+     ppaassssiivvee     Toggle passive mode.  If passive mode is turned on (default
+                 is off), the ftp client will send a PASV command for all data
+                 connections instead of the usual PORT command.  The PASV com-
+                 mand requests that the remote server open a port for the data
+                 connection and return the address of that port.  The remote
+                 server listens on that port and the client connects to it.
+                 When using the more traditional PORT command, the client lis-
+                 tens on a port and sends that address to the remote server,
+                 who connects back to it.  Passive mode is useful when using
+                 ffttpp through a gateway router or host that controls the direc-
+                 tionality of traffic.  (Note that though ftp servers are re-
+                 quired to support the PASV command by RFC 1123, some do not.)
+
+     pprroommpptt      Toggle interactive prompting.  Interactive prompting occurs
+                 during multiple file transfers to allow the user to selec-
+                 tively retrieve or store files.  If prompting is turned off
+                 (default is on), any mmggeett or mmppuutt will transfer all files,
+                 and any mmddeelleettee will delete all files.
+
+     pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d
+                 Execute an ftp command on a secondary control connection.
+                 This command allows simultaneous connection to two remote ftp
+                 servers for transferring files between the two servers.  The
+                 first pprrooxxyy command should be an ooppeenn, to establish the sec-
+                 ondary control connection.  Enter the command "proxy ?" to
+                 see other ftp commands executable on the secondary connec-
+                 tion.  The following commands behave differently when pref-
+                 aced by pprrooxxyy: ooppeenn will not define new macros during the au-
+                 to-login process, cclloossee will not erase existing macro defini-
+                 tions, ggeett and mmggeett transfer files from the host on the pri-
+                 mary control connection to the host on the secondary control
+                 connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the
+                 host on the secondary control connection to the host on the
+                 primary control connection.  Third party file transfers de-
+                 pend upon support of the ftp protocol PASV command by the
+                 server on the secondary control connection.
+
+     ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
+                 Store a local file on the remote machine.  If _r_e_m_o_t_e_-_f_i_l_e is
+                 left unspecified, the local file name is used after process-
+                 ing according to any nnttrraannss or nnmmaapp settings in naming the
+                 remote file.  File transfer uses the current settings for
+                 ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
+
+     ppwwdd         Print the name of the current working directory on the remote
+                 machine.
+
+     qquuiitt        A synonym for bbyyee.
+
+     qquuoottee _a_r_g_1 _a_r_g_2 _._._.
+                 The arguments specified are sent, verbatim, to the remote FTP
+                 server.
+
+     rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
+                 A synonym for get.
+
+     rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
+                 Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is
+                 smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par-
+                 tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is
+                 continued from the apparent point of failure.  This command
+                 is useful when transferring very large files over networks
+
+
+                 that are prone to dropping connections.
+
+     rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e]
+                 Request help from the remote FTP server.  If a _c_o_m_m_a_n_d_-_n_a_m_e
+                 is specified it is supplied to the server as well.
+
+     rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e]
+                 With no arguments, show status of remote machine.  If _f_i_l_e_-
+                 _n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma-
+                 chine.
+
+     rreennaammee [_f_r_o_m] [_t_o]
+                 Rename the file _f_r_o_m on the remote machine, to the file _t_o.
+
+     rreesseett       Clear reply queue.  This command re-synchronizes command/re-
+                 ply sequencing with the remote ftp server.  Resynchronization
+                 may be necessary following a violation of the ftp protocol by
+                 the remote server.
+
+     rreessttaarrtt _m_a_r_k_e_r
+                 Restart the immediately following ggeett or ppuutt at the indicated
+                 _m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset into
+                 the file.
+
+     rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
+                 Delete a directory on the remote machine.
+
+     rruunniiqquuee     Toggle storing of files on the local system with unique file-
+                 names.  If a file already exists with a name equal to the
+                 target local filename for a ggeett or mmggeett command, a ".1" is
+                 appended to the name.  If the resulting name matches another
+                 existing file, a ".2" is appended to the original name.  If
+                 this process continues up to ".99", an error message is
+                 printed, and the transfer does not take place.  The generated
+                 unique filename will be reported.  Note that rruunniiqquuee will not
+                 affect local files generated from a shell command (see be-
+                 low).  The default value is off.
+
+     sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
+                 A synonym for put.
+
+     sseennddppoorrtt    Toggle the use of PORT commands.  By default, ffttpp will at-
+                 tempt to use a PORT command when establishing a connection
+                 for each data transfer.  The use of PORT commands can prevent
+                 delays when performing multiple file transfers.  If the PORT
+                 command fails, ffttpp will use the default data port.  When the
+                 use of PORT commands is disabled, no attempt will be made to
+                 use PORT commands for each data transfer.  This is useful for
+                 certain FTP implementations which do ignore PORT commands
+                 but, incorrectly, indicate they've been accepted.
+
+     ssiittee _a_r_g_1 _a_r_g_2 _._._.
+                 The arguments specified are sent, verbatim, to the remote FTP
+                 server as a SITE command.
+
+     ssiizzee _f_i_l_e_-_n_a_m_e
+                 Return size of _f_i_l_e_-_n_a_m_e on remote machine.
+
+     ssttaattuuss      Show the current status of ffttpp.
+
+     ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e]
+                 Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default
+                 ``stream'' structure is used.
+
+     ssuunniiqquuee     Toggle storing of files on remote machine under unique file
+                 names.  Remote ftp server must support ftp protocol STOU com-
+                 mand for successful completion.  The remote server will re-
+                 port unique name.  Default value is off.
+
+     ssyysstteemm      Show the type of operating system running on the remote ma-
+                 chine.
+
+     tteenneexx       Set the file transfer type to that needed to talk to TENEX
+                 machines.
+
+     ttrraaccee       Toggle packet tracing.
+
+     ttyyppee [_t_y_p_e_-_n_a_m_e]
+                 Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is speci-
+                 fied, the current type is printed.  The default type is net-
+                 work ASCII.
+
+     uummaasskk [_n_e_w_m_a_s_k]
+                 Set the default umask on the remote server to _n_e_w_m_a_s_k. If
+                 _n_e_w_m_a_s_k is omitted, the current umask is printed.
+
+     uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t]
+                 Identify yourself to the remote FTP server.  If the _p_a_s_s_w_o_r_d
+                 is not specified and the server requires it, ffttpp will prompt
+                 the user for it (after disabling local echo).  If an _a_c_c_o_u_n_t
+                 field is not specified, and the FTP server requires it, the
+                 user will be prompted for it.  If an _a_c_c_o_u_n_t field is speci-
+                 fied, an account command will be relayed to the remote server
+                 after the login sequence is completed if the remote server
+                 did not require it for logging in.  Unless ffttpp is invoked
+                 with ``auto-login'' disabled, this process is done automati-
+                 cally on initial connection to the FTP server.
+
+     vveerrbboossee     Toggle verbose mode.  In verbose mode, all responses from the
+                 FTP server are displayed to the user.  In addition, if ver-
+                 bose is on, when a file transfer completes, statistics re-
+                 garding the efficiency of the transfer are reported.  By de-
+                 fault, verbose is on.
+
+     ?? [_c_o_m_m_a_n_d]
+                 A synonym for help.
+
+     The following command can be used with ftpsec-aware servers.
+
+     pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e
+                 Set the data protection level to the requested level.
+
+     The following command can be used with ftp servers that has implemented
+     the KAUTH site command.
+
+     kkaauutthh [_p_r_i_n_c_i_p_a_l]
+                 Obtain remote tickets.
+
+     Command arguments which have embedded spaces may be quoted with quote `"'
+     marks.
+
+AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR
+     To abort a file transfer, use the terminal interrupt key (usually Ctrl-
+     C).  Sending transfers will be immediately halted.  Receiving transfers
+     will be halted by sending a ftp protocol ABOR command to the remote serv-
+     er, and discarding any further data received.  The speed at which this is
+     accomplished depends upon the remote server's support for ABOR process-
+     ing.  If the remote server does not support the ABOR command, an `ftp>'
+     prompt will not appear until the remote server has completed sending the
+     requested file.
+
+
+     The terminal interrupt key sequence will be ignored when ffttpp has complet-
+     ed any local processing and is awaiting a reply from the remote server.
+     A long delay in this mode may result from the ABOR processing described
+     above, or from unexpected behavior by the remote server, including viola-
+     tions of the ftp protocol.  If the delay results from unexpected remote
+     server behavior, the local ffttpp program must be killed by hand.
+
+FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS
+     Files specified as arguments to ffttpp commands are processed according to
+     the following rules.
+
+     1.   If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t
+          (for writing) is used.
+
+     2.   If the first character of the file name is `|', the remainder of the
+          argument is interpreted as a shell command.  FFttpp then forks a shell,
+          using popen(3) with the argument supplied, and reads (writes) from
+          the stdout (stdin).  If the shell command includes spaces, the argu-
+          ment must be quoted; e.g.  ``" ls -lt"''.  A particularly useful ex-
+          ample of this mechanism is: ``dir more''.
+
+     3.   Failing the above checks, if ``globbing'' is enabled, local file
+          names are expanded according to the rules used in the csh(1);  c.f.
+          the gglloobb command.  If the ffttpp command expects a single local file
+          (.e.g.  ppuutt), only the first filename generated by the "globbing"
+          operation is used.
+
+     4.   For mmggeett commands and ggeett commands with unspecified local file
+          names, the local filename is the remote filename, which may be al-
+          tered by a ccaassee, nnttrraannss, or nnmmaapp setting.  The resulting filename
+          may then be altered if rruunniiqquuee is on.
+
+     5.   For mmppuutt commands and ppuutt commands with unspecified remote file
+          names, the remote filename is the local filename, which may be al-
+          tered by a nnttrraannss or nnmmaapp setting.  The resulting filename may then
+          be altered by the remote server if ssuunniiqquuee is on.
+
+FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS
+     The FTP specification specifies many parameters which may affect a file
+     transfer.  The ttyyppee may be one of ``ascii'', ``image'' (binary),
+     ``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly).
+     FFttpp supports the ascii and image types of file transfer, plus local byte
+     size 8 for tteenneexx mode transfers.
+
+     FFttpp supports only the default values for the remaining file transfer pa-
+     rameters: mmooddee, ffoorrmm, and ssttrruucctt.
+
+TTHHEE ..nneettrrcc FFIILLEE
+     The _._n_e_t_r_c file contains login and initialization information used by the
+     auto-login process.  It resides in the user's home directory.  The fol-
+     lowing tokens are recognized; they may be separated by spaces, tabs, or
+     new-lines:
+
+     mmaacchhiinnee _n_a_m_e
+               Identify a remote machine _n_a_m_e. The auto-login process searches
+               the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote ma-
+               chine specified on the ffttpp command line or as an ooppeenn command
+               argument.  Once a match is made, the subsequent _._n_e_t_r_c tokens
+               are processed, stopping when the end of file is reached or an-
+               other mmaacchhiinnee or a ddeeffaauulltt token is encountered.
+
+     ddeeffaauulltt   This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches
+               any name.  There can be only one ddeeffaauulltt token, and it must be
+               after all mmaacchhiinnee tokens.  This is normally used as:
+
+
+                     default login anonymous password user@site
+
+               thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma-
+               chines not specified in _._n_e_t_r_c. This can be overridden by using
+               the --nn flag to disable auto-login.
+
+     llooggiinn _n_a_m_e
+               Identify a user on the remote machine.  If this token is pre-
+               sent, the auto-login process will initiate a login using the
+               specified _n_a_m_e.
+
+     ppaasssswwoorrdd _s_t_r_i_n_g
+               Supply a password.  If this token is present, the auto-login
+               process will supply the specified string if the remote server
+               requires a password as part of the login process.  Note that if
+               this token is present in the _._n_e_t_r_c file for any user other
+               than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the
+               _._n_e_t_r_c is readable by anyone besides the user.
+
+     aaccccoouunntt _s_t_r_i_n_g
+               Supply an additional account password.  If this token is pre-
+               sent, the auto-login process will supply the specified string
+               if the remote server requires an additional account password,
+               or the auto-login process will initiate an ACCT command if it
+               does not.
+
+     mmaaccddeeff _n_a_m_e
+               Define a macro.  This token functions like the ffttpp mmaaccddeeff com-
+               mand functions.  A macro is defined with the specified name;
+               its contents begin with the next _._n_e_t_r_c line and continue until
+               a null line (consecutive new-line characters) is encountered.
+               If a macro named iinniitt is defined, it is automatically executed
+               as the last step in the auto-login process.
+
+EENNVVIIRROONNMMEENNTT
+     FFttpp utilizes the following environment variables.
+
+     HOME        For default location of a _._n_e_t_r_c file, if one exists.
+
+     SHELL       For default shell.
+
+SSEEEE AALLSSOO
+     ftpd(8),  _R_F_C_2_2_2_8
+
+HHIISSTTOORRYY
+     The ffttpp command appeared in 4.2BSD.
+
+BBUUGGSS
+     Correct execution of many commands depends upon proper behavior by the
+     remote server.
+
+     An error in the treatment of carriage returns in the 4.2BSD ascii-mode
+     transfer code has been corrected.  This correction may result in incor-
+     rect transfers of binary files to and from 4.2BSD servers using the ascii
+     type.  Avoid this problem by using the binary image type.
+
+4.2 Berkeley Distribution       April 27, 1996                              10
diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c
index e1a4e14..3531579 100644
--- a/crypto/heimdal/appl/ftp/ftp/main.c
+++ b/crypto/heimdal/appl/ftp/ftp/main.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: main.c,v 1.30 2000/11/15 22:56:35 assar Exp $");
+RCSID("$Id: main.c,v 1.31 2001/02/20 01:44:43 assar Exp $");
 
 int
 main(int argc, char **argv)
@@ -46,7 +46,7 @@ main(int argc, char **argv)
 	char homedir[MaxPathLen];
 	struct servent *sp;
 
-	set_progname(argv[0]);
+	setprogname(argv[0]);
 
 	sp = getservbyname("ftp", "tcp");
 	if (sp == 0)
@@ -127,7 +127,7 @@ main(int argc, char **argv)
 		exit(0);
 	    signal(SIGINT, intr);
 	    signal(SIGPIPE, lostpeer);
-	    xargv[0] = (char*)__progname;
+	    xargv[0] = (char*)getprogname();
 	    xargv[1] = argv[0];
 	    xargv[2] = argv[1];
 	    xargv[3] = argv[2];
diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c
index ab3785a..a8fff1d 100644
--- a/crypto/heimdal/appl/ftp/ftp/security.c
+++ b/crypto/heimdal/appl/ftp/ftp/security.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -37,7 +37,7 @@
 #include "ftp_locl.h"
 #endif
 
-RCSID("$Id: security.c,v 1.17 2000/11/08 23:30:32 joda Exp $");
+RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $");
 
 static enum protection_level command_prot;
 static enum protection_level data_prot;
@@ -166,6 +166,7 @@ sec_get_data(int fd, struct buffer *buf, int level)
 {
     int len;
     int b;
+    void *tmp;
 
     b = block_read(fd, &len, sizeof(len));
     if (b == 0)
@@ -173,7 +174,10 @@ sec_get_data(int fd, struct buffer *buf, int level)
     else if (b < 0)
 	return -1;
     len = ntohl(len);
-    buf->data = realloc(buf->data, len);
+    tmp = realloc(buf->data, len);
+    if (tmp == NULL)
+	return -1;
+    buf->data = tmp;
     b = block_read(fd, buf->data, len);
     if (b == 0)
 	return 0;
@@ -424,9 +428,17 @@ void
 auth(char *auth_name)
 {
     int i;
+    void *tmp;
+
     for(i = 0; (mech = mechs[i]) != NULL; i++){
 	if(!strcasecmp(auth_name, mech->name)){
-	    app_data = realloc(app_data, mech->size);
+	    tmp = realloc(app_data, mech->size);
+	    if (tmp == NULL) {
+		reply(431, "Unable to accept %s at this time", mech->name);
+		return;
+	    }
+	    app_data = tmp;
+
 	    if(mech->init && (*mech->init)(app_data) != 0) {
 		reply(431, "Unable to accept %s at this time", mech->name);
 		return;
@@ -443,6 +455,7 @@ auth(char *auth_name)
 	}
     }
     free (app_data);
+    app_data = NULL;
     reply(504, "%s is unknown to me", auth_name);
 }
 
@@ -776,9 +789,11 @@ sec_end(void)
     if (mech != NULL) {
 	if(mech->end)
 	    (*mech->end)(app_data);
-	memset(app_data, 0, mech->size);
-	free(app_data);
-	app_data = NULL;
+	if (app_data != NULL) {
+	    memset(app_data, 0, mech->size);
+	    free(app_data);
+	    app_data = NULL;
+	}
     }
     sec_complete = 0;
     data_prot = (enum protection_level)0;
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
index a3fa628..cd67376 100644
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in
+++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = 
 
 libexec_PROGRAMS = ftpd
@@ -288,7 +291,7 @@ OBJECTS = $(am_ftpd_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x .y
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj .y
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile
 
@@ -462,6 +465,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
index 745090c..32d5002 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
@@ -40,7 +40,7 @@
 .Nm ftpd
 .Nd Internet File Transfer Protocol server
 .Sh SYNOPSIS
-.Nm ftpd
+.Nm
 .Op Fl a Ar authmode
 .Op Fl dilv
 .Op Fl g Ar umask
@@ -48,6 +48,8 @@
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
 .Op Fl u Ar default umask
+.Op Fl B | Fl -builtin-ls
+.Op Fl -good-chars= Ns Ar string
 .Sh DESCRIPTION
 .Nm Ftpd
 is the
@@ -128,6 +130,15 @@ seconds (the default is 15 minutes).
 Set the initial umask to something else than the default 027.
 .It Fl v
 Verbose mode.
+.It Xo
+.Fl B Ns ,
+.Fl -builtin-ls
+.Xc
+use built-in ls to list files
+.It Xo
+.Fl -good-chars= Ns Ar string
+.Xc
+allowed anonymous upload filename chars
 .El
 .Pp
 The file
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
index 4db5e9f..faf07ff 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
@@ -38,7 +38,7 @@
 #endif
 #include "getarg.h"
 
-RCSID("$Id: ftpd.c,v 1.153 2001/01/18 09:14:59 joda Exp $");
+RCSID("$Id: ftpd.c,v 1.157 2001/04/19 14:41:29 joda Exp $");
 
 static char version[] = "Version 6.00";
 
@@ -262,7 +262,7 @@ main(int argc, char **argv)
 
     int optind = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     /* detach from any tickets and tokens */
     {
@@ -1187,18 +1187,22 @@ do_store(char *name, char *mode, int unique)
 		goto done;
 	set_buffer_size(fileno(din), 1);
 	if (receive_data(din, fout) == 0) {
+	    if((*closefunc)(fout) < 0)
+		perror_reply(552, name);
+	    else {
 		if (unique)
 			reply(226, "Transfer complete (unique file name:%s).",
 			    name);
 		else
 			reply(226, "Transfer complete.");
-	}
+	    }
+	} else
+	    (*closefunc)(fout);
 	fclose(din);
 	data = -1;
 	pdata = -1;
 done:
 	LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
-	(*closefunc)(fout);
 }
 
 static FILE *
@@ -2161,7 +2165,7 @@ send_file_list(char *whichf)
   char buf[MaxPathLen];
 
   if (strpbrk(whichf, "~{[*?") != NULL) {
-    int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+    int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT;
 
     memset(&gl, 0, sizeof(gl));
     freeglob = 1;
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
new file mode 100644
index 0000000..d4af02e
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
@@ -0,0 +1,296 @@
+
+FTPD(8)                  UNIX System Manager's Manual                  FTPD(8)
+
+NNAAMMEE
+     ffttppdd - Internet File Transfer Protocol server
+
+SSYYNNOOPPSSIISS
+     ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
+     _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
+
+DDEESSCCRRIIPPTTIIOONN
+     FFttppdd is the Internet File Transfer Protocol server process.  The server
+     uses the TCP protocol and listens at the port specified in the ``ftp''
+     service specification; see services(5).
+
+     Available options:
+
+     --aa      Select the level of authentication required.  Kerberised login
+             can not be turned off. The default is to only allow kerberised
+             login.  Other possibilities can be turned on by giving a string
+             of comma separated flags as argument to --aa. Recognised flags are:
+
+             _p_l_a_i_n  Allow logging in with plaintext password. The password can
+                    be a(n) OTP or an ordinary password.
+
+             _o_t_p    Same as _p_l_a_i_n, but only OTP is allowed.
+
+             _f_t_p    Allow anonymous login.
+
+             The following combination modes exists for backwards compatibili-
+             ty:
+
+             _n_o_n_e   Same as _p_l_a_i_n_,_f_t_p.
+
+             _s_a_f_e   Same as _f_t_p.
+
+             _u_s_e_r   Ignored.
+
+     --dd      Debugging information is written to the syslog using LOG_FTP.
+
+     --gg      Anonymous users will get a umask of _u_m_a_s_k.
+
+     --ii      Open a socket and wait for a connection. This is mainly used for
+             debugging when ftpd isn't started by inetd.
+
+     --ll      Each successful and failed ftp(1) session is logged using syslog
+             with a facility of LOG_FTP.  If this option is specified twice,
+             the retrieve (get), store (put), append, delete, make directory,
+             remove directory and rename operations and their filename argu-
+             ments are also logged.
+
+     --pp      Use _p_o_r_t (a service name or number) instead of the default
+             _f_t_p_/_t_c_p.
+
+     --TT      A client may also request a different timeout period; the maximum
+             period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
+             The default limit is 2 hours.
+
+     --tt      The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
+             fault is 15 minutes).
+
+     --uu      Set the initial umask to something else than the default 027.
+
+
+
+     --vv      Verbose mode.
+
+     --BB, ----bbuuiillttiinn--llss
+             use built-in ls to list files
+
+     ----ggoooodd--cchhaarrss==_s_t_r_i_n_g
+             allowed anonymous upload filename chars
+
+     The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access.  If the file ex-
+     ists, ffttppdd displays it and exits.  If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
+     ffttppdd prints it before issuing the ``ready'' message.  If the file
+     _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
+
+     The ftp server currently supports the following ftp requests.  The case
+     of the requests is ignored.
+
+           Request    Description
+           ABOR       abort previous command
+           ACCT       specify account (ignored)
+           ALLO       allocate storage (vacuously)
+           APPE       append to a file
+           CDUP       change to parent of current working directory
+           CWD        change working directory
+           DELE       delete a file
+           HELP       give help information
+           LIST       give list files in a directory (``ls -lgA'')
+           MKD        make a directory
+           MDTM       show last modification time of file
+           MODE       specify data transfer _m_o_d_e
+           NLST       give name list of files in directory
+           NOOP       do nothing
+           PASS       specify password
+           PASV       prepare for server-to-server transfer
+           PORT       specify data connection port
+           PWD        print the current working directory
+           QUIT       terminate session
+           REST       restart incomplete transfer
+           RETR       retrieve a file
+           RMD        remove a directory
+           RNFR       specify rename-from file name
+           RNTO       specify rename-to file name
+           SITE       non-standard commands (see next section)
+           SIZE       return size of file
+           STAT       return status of server
+           STOR       store a file
+           STOU       store a file with a unique name
+           STRU       specify data transfer _s_t_r_u_c_t_u_r_e
+           SYST       show operating system type of server system
+           TYPE       specify data transfer _t_y_p_e
+           USER       specify user name
+           XCUP       change to parent of current working directory
+                      (deprecated)
+           XCWD       change working directory (deprecated)
+           XMKD       make a directory (deprecated)
+           XPWD       print the current working directory (deprecated)
+           XRMD       remove a directory (deprecated)
+
+     The following commands are specified by RFC2228.
+
+           AUTH       authentication/security mechanism
+           ADAT       authentication/security data
+           PROT       data channel protection level
+           PBSZ       protection buffer size
+           MIC        integrity protected command
+
+
+           CONF       confidentiality protected command
+           ENC        privacy protected command
+           CCC        clear command channel
+
+     The following non-standard or UNIX specific commands are supported by the
+     SITE request.
+
+           UMASK      change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
+           IDLE       set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
+           CHMOD      change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
+           FIND       quickly find a specific file with GNU locate(1).
+           HELP       give help information.
+
+     The following Kerberos related site commands are understood.
+
+           KAUTH      obtain remote tickets.
+           KLIST      show remote tickets
+
+     The remaining ftp requests specified in Internet RFC 959 are recognized,
+     but not implemented.  MDTM and SIZE are not specified in RFC 959, but
+     will appear in the next updated FTP RFC.
+
+     The ftp server will abort an active file transfer only when the ABOR com-
+     mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
+     "Synch" signal in the command Telnet stream, as described in Internet RFC
+     959.  If a STAT command is received during a data transfer, preceded by a
+     Telnet IP and Synch, transfer status will be returned.
+
+     FFttppdd interprets file names according to the ``globbing'' conventions used
+     by csh(1).  This allows users to utilize the metacharacters ``*?[]{}~''.
+
+     FFttppdd authenticates users according to these rules.
+
+           1.   If Kerberos authentication is used, the user must pass valid
+                tickets and the principal must be allowed to login as the re-
+                mote user.
+
+           2.   The login name must be in the password data base, and not have
+                a null password (if kerberos is used the password field is not
+                checked).  In this case a password must be provided by the
+                client before any file operations may be performed.  If the
+                user has an OTP key, the response from a successful USER com-
+                mand will include an OTP challenge. The client may choose to
+                respond with a PASS command giving either a standard password
+                or an OTP one-time password. The server will automatically de-
+                termine which type of password it has been given and attempt
+                to authenticate accordingly. See otp(1) for more information
+                on OTP authentication.
+
+           3.   The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
+
+           4.   The user must have a standard shell returned by
+                getusershell(3).
+
+           5.   If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
+                sion's root will be changed to the user's login directory by
+                chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
+                item).  However, the user must still supply a password.  This
+                feature is intended as a compromise between a fully anonymous
+                account and a fully privileged account.  The account should
+                also be set up as for an anonymous account.
+
+           6.   If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
+                account must be present in the password file (user ``ftp'').
+                In this case the user is allowed to log in by specifying any
+                password (by convention an email address for the user should
+                be used as the password).
+
+     In the last case, ffttppdd takes special measures to restrict the client's
+     access privileges.  The server performs a chroot(2) to the home directory
+     of the ``ftp'' user.  In order that system security is not breached, it
+     is recommended that the ``ftp'' subtree be constructed with care, consid-
+     er following these guidelines for anonymous ftp.
+
+     In general all files should be owned by ``root'', and have non-write per-
+     missions (644 or 755 depending on the kind of file). No files should be
+     owned or writable by ``ftp'' (possibly with exception for the
+     _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
+
+           _~_f_t_p      The ``ftp'' homedirectory should be owned by root.
+
+           _~_f_t_p_/_b_i_n  The directory for external programs (such as ls(1)).
+                     These programs must either be statically linked, or you
+                     must setup an environment for dynamic linking when run-
+                     ning chrooted.  These programs will be used if present:
+
+                           ls      Used when listing files.
+
+                           compress
+                                   When retrieving a filename that ends in _._Z,
+                                   and that file isn't present, ffttppdd will try
+                                   to find the filename without _._Z and com-
+                                   press it on the fly.
+
+                           gzip    Same as compress, just with files ending in
+                                   _._g_z.
+
+                           gtar    Enables retrieval of whole directories as
+                                   files ending in _._t_a_r. Can also be combined
+                                   with compression. You must use GNU Tar (or
+                                   some other that supports the --zz and --ZZ
+                                   flags).
+
+                           locate  Will enable ``fast find'' with the SSIITTEE
+                                   FFIINNDD command. You must also create a
+                                   _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
+
+           _~_f_t_p_/_e_t_c  If you put copies of the passwd(5) and group(5) files
+                     here, ls will be able to produce owner names rather than
+                     numbers. Remember to remove any passwords from these
+                     files.
+
+                     The file _m_o_t_d, if present, will be printed after a suc-
+                     cessful login.
+
+           _~_f_t_p_/_d_e_v  Put a copy of /dev/null(7) here.
+
+           _~_f_t_p_/_p_u_b  Traditional place to put whatever you want to make pub-
+                     lic.
+
+     If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
+     rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
+     ``ftp'' is member of group ``ftp''). The following restrictions apply to
+     anonymous users:
+
+     ++oo   Directories created will have mode 700.
+
+     ++oo   Uploaded files will be created with an umask of 777, if not changed
+         with the --gg option.
+
+     ++oo   These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
+
+         and SSIITTEE CCHHMMOODD.
+
+     ++oo   Filenames must start with an alpha-numeric character, and consist of
+         alpha-numeric characters or any of the following: + (plus), - (mi-
+         nus), = (equal), _ (underscore), . (period), and , (comma).
+
+FFIILLEESS
+     /etc/ftpusers    Access list for users.
+     /etc/ftpchroot   List of normal users who should be chroot'd.
+     /etc/ftpwelcome  Welcome notice.
+     /etc/motd        Welcome notice after login.
+     /etc/nologin     Displayed and access refused.
+     ~/.klogin        Login access for Kerberos.
+
+SSEEEE AALLSSOO
+     ftp(1),  otp(1),  getusershell(3),  ftpusers(5),  syslogd(8),
+
+SSTTAANNDDAARRDDSS
+     RRFFCC 995599   FTP PROTOCOL SPECIFICATION
+     RRFFCC 11993388  OTP Specification
+     RRFFCC 22222288  FTP Security Extensions.
+
+BBUUGGSS
+     The server must run as the super-user to create sockets with privileged
+     port numbers.  It maintains an effective user id of the logged in user,
+     reverting to the super-user only when binding addresses to sockets.  The
+     possible security holes have been extensively scrutinized, but are possi-
+     bly incomplete.
+
+HHIISSTTOORRYY
+     The ffttppdd command appeared in 4.2BSD.
+
+4.2 Berkeley Distribution       April 19, 1997                               5
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
index d10d15a..631f11b 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
@@ -1,4 +1,4 @@
-.\"	$Id: ftpusers.5,v 1.3 2001/01/11 16:16:26 assar Exp $
+.\"	$Id: ftpusers.5,v 1.4 2001/05/02 08:59:20 assar Exp $
 .\"
 .Dd May 7, 1997
 .Dt FTPUSERS 5
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5
new file mode 100644
index 0000000..d2ee3d3
--- /dev/null
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5
@@ -0,0 +1,27 @@
+
+FTPUSERS(5)                UNIX Programmer's Manual                FTPUSERS(5)
+
+NNAAMMEE
+     _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file
+
+DDEESSCCRRIIPPTTIIOONN
+     _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
+     FTP access. Each line contains a user, optionally followed by ``allow''
+     (anything but ``allow'' is ignored).  The semi-user ``*'' matches any us-
+     er.  Users that has an explicit ``allow'', or that does not match any
+     line, are allowed access. Anyone else is denied access.
+
+     Note that this is compatible with the old format, where this file con-
+     tained a list of users that should be denied access.
+
+EEXXAAMMPPLLEESS
+     This will deny anyone but ``foo'' and ``bar'' to use FTP:
+
+     foo allow
+     bar allow
+     *
+
+SSEEEE AALLSSOO
+     ftpd(8)
+
+ KTH-KRB                          May 7, 1997                                1
diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c
index d8a4996..52c8824 100644
--- a/crypto/heimdal/appl/ftp/ftpd/popen.c
+++ b/crypto/heimdal/appl/ftp/ftpd/popen.c
@@ -37,7 +37,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: popen.c,v 1.22 2001/02/05 07:51:51 assar Exp $");
+RCSID("$Id: popen.c,v 1.24 2001/03/26 11:41:02 assar Exp $");
 #endif
 
 #include <sys/types.h>
@@ -138,7 +138,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
 	/* glob each piece */
 	for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) {
 		glob_t gl;
-		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE
+		    | GLOB_LIMIT;
 
 		memset(&gl, 0, sizeof(gl));
 		if (no_glob || glob(argv[argc], flags, NULL, &gl))
diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in
index fe2a23b..16a599c 100644
--- a/crypto/heimdal/appl/kf/Makefile.in
+++ b/crypto/heimdal/appl/kf/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = kf
@@ -251,7 +254,7 @@ OBJECTS = $(am_kf_OBJECTS) $(am_kfd_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kf/Makefile
 
@@ -451,6 +454,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c
index 0800ce9..3288dae 100644
--- a/crypto/heimdal/appl/kf/kf.c
+++ b/crypto/heimdal/appl/kf/kf.c
@@ -32,7 +32,7 @@
  */
 
 #include "kf_locl.h"
-RCSID("$Id: kf.c,v 1.14 2000/12/31 07:31:06 assar Exp $");
+RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $");
 
 krb5_context context;
 static int help_flag;
@@ -71,7 +71,7 @@ client_setup(krb5_context *context, int *argc, char **argv)
     int port = 0;
     int status;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
  
     status = krb5_init_context (context);
     if (status)
diff --git a/crypto/heimdal/appl/kf/kf.cat1 b/crypto/heimdal/appl/kf/kf.cat1
new file mode 100644
index 0000000..b87ed85
--- /dev/null
+++ b/crypto/heimdal/appl/kf/kf.cat1
@@ -0,0 +1,46 @@
+
+KF(1)                        UNIX Reference Manual                       KF(1)
+
+NNAAMMEE
+     kkff - securly forward tickets
+
+SSYYNNOOPPSSIISS
+     kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e |
+     ----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh |
+     ----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._.
+
+DDEESSCCRRIIPPTTIIOONN
+     The kkff program forwards tickets to a remove host through an authenticated
+     and encrypted stream.  Options supported are:
+
+     --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
+             port to connect to
+
+     --ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n
+             remote login name
+
+     --cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e
+             remote cred cache
+
+     --FF, ----ffoorrwwaarrddaabbllee
+             forward forwardable credentials
+
+     --GG, ----nnoo--ffoorrwwaarrddaabbllee
+             do not forward forwardable credentials
+
+     --hh, ----hheellpp
+
+     ----vveerrssiioonn
+
+     kkff is useful when you do not want to enter your password on a remote host
+     but want to have your tickets one for example afs.
+
+     In order for kkff to work you will need to acquire your initial ticket with
+     forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee.
+
+     tteellnneett is able to forward ticket by itself.
+
+SSEEEE AALLSSOO
+     kinit(1),  telnet(1),  kfd(8)
+
+ Heimdal                         July 2, 2000                                1
diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c
index 3791579..6dc2666 100644
--- a/crypto/heimdal/appl/kf/kfd.c
+++ b/crypto/heimdal/appl/kf/kfd.c
@@ -32,7 +32,7 @@
  */
 
 #include "kf_locl.h"
-RCSID("$Id: kfd.c,v 1.8 2001/01/09 18:43:10 assar Exp $");
+RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $");
 
 krb5_context context;
 char krb5_tkfile[MAXPATHLEN];
@@ -315,7 +315,7 @@ main(int argc, char **argv)
     int port;
     int ret;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
     roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
     port = server_setup(&context, argc, argv);
     ret = doit (port, service);
diff --git a/crypto/heimdal/appl/kf/kfd.cat8 b/crypto/heimdal/appl/kf/kfd.cat8
new file mode 100644
index 0000000..396ffdc
--- /dev/null
+++ b/crypto/heimdal/appl/kf/kfd.cat8
@@ -0,0 +1,31 @@
+
+KFD(8)                   UNIX System Manager's Manual                   KFD(8)
+
+NNAAMMEE
+     kkffdd - receive forwarded tickets
+
+SSYYNNOOPPSSIISS
+     kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g]
+     [--hh | ----hheellpp] [----vveerrssiioonn]
+
+DDEESSCCRRIIPPTTIIOONN
+     This is the daemon for kf(1).  Supported options:
+
+     --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
+             port to listen to
+
+     --ii, ----iinneettdd
+             not started from inetd
+
+     --RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g
+             path to regpag binary
+
+EEXXAAMMPPLLEESS
+     Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
+
+     kf      stream  tcp     nowait  root    /usr/heimdal/libexec/kfd        kfd
+
+SSEEEE AALLSSOO
+     kf(1)
+
+ Heimdal                         July 2, 2000                                1
diff --git a/crypto/heimdal/appl/kx/ChangeLog b/crypto/heimdal/appl/kx/ChangeLog
new file mode 100644
index 0000000..3050e2e
--- /dev/null
+++ b/crypto/heimdal/appl/kx/ChangeLog
@@ -0,0 +1,317 @@
+2001-01-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* common.c: don't write to string constants
+
+2000-12-31  Assar Westerlund  <assar@sics.se>
+
+	* krb5.c (krb5_make_context): handle krb5_init_context failure
+	consistently
+
+2000-10-08  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (doit_passive): check that fds are not too large to select
+	on
+	* kx.c (doit_active): check that fds are not too large to select
+	on
+	* krb5.c (krb5_copy_encrypted): check that fds are not too large
+	to select on
+	* krb4.c (krb4_copy_encrypted): check that fds are not too large
+	to select on
+
+2000-06-10  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: use INSTALL_SCRIPT for installing rxterm, rxtelnet,
+	tenletxr
+
+2000-04-19  Assar Westerlund  <assar@sics.se>
+
+	* common.c: try hostname uncanonified if getaddrinfo() fails
+
+2000-02-06  Assar Westerlund  <assar@sics.se>
+
+	* kx.h: remove old prorotypes
+
+2000-01-08  Assar Westerlund  <assar@sics.se>
+
+	* common.c (match_local_auth): handle ai_canonname being set in
+	any of the addresses returnedby getaddrinfo.  glibc apparently
+	returns the reverse lookup of every address in ai_canonname.
+
+1999-12-28  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (main): call krb5_getportbyname with the default in
+ 	host-byte-order
+
+1999-12-17  Assar Westerlund  <assar@sics.se>
+
+	* common.c (match_local_auth): remove extra brace.  spotted by
+ 	Jakob Schlyter <jakob@cdg.chalmers.se>
+
+1999-12-16  Assar Westerlund  <assar@sics.se>
+
+	* common.c (match_local_auth): handle ai_canonname not being set
+
+1999-12-06  Assar Westerlund  <assar@sics.se>
+
+	* krb4.c (krb4_authenticate): the NAT address might not be the one
+	for the relevant realm, try anyway.
+	* kxd.c (recv_conn): type correctness
+	* kx.c (connect_host): typo
+
+1999-12-05  Assar Westerlund  <assar@sics.se>
+
+	* common.c (INADDR_LOOPBACK): remove.  now in roken.
+
+	* kxd.c (recv_conn): use getnameinfo_verified
+	* kxd.c (recv_conn): replace inaddr2str with getnameinfo
+
+1999-12-04  Assar Westerlund  <assar@sics.se>
+
+	* kx.c (connect_host): use getaddrinfo
+	* common.c (find_auth_cookie, match_local_auth): re-write to use
+	getaddrinfo
+
+1999-11-27  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (recv_conn): better errors when getting unrecognized data
+
+1999-11-25  Assar Westerlund  <assar@sics.se>
+
+	* krb4.c (krb4_authenticate): obtain the `local' address when
+	doing NAT.  also turn on passive mode.  From <thn@stacken.kth.se>
+	
+1999-11-18  Assar Westerlund  <assar@sics.se>
+
+	* krb5.c (krb5_destroy): free the correct part of the context
+	
+1999-11-02  Assar Westerlund  <assar@sics.se>
+
+	* kx.c (main): redo the v4/v5 selection for consistency.  -4 ->
+ 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
+
+1999-10-10  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am (CLEANFILES): add generated files so that they get
+ 	cleaned away
+
+1999-09-29  Assar Westerlund  <assar@sics.se>
+
+	* common.c (match_local_auth): only look for FamilyLocal (and
+ 	FamilyWild) cookies.  This will not work when we start talking tcp
+ 	to the local X-server but `connect_local_xsocket' and the rest of
+ 	the code doesn't handle it anyway and the old code could (and did)
+ 	pick up the wrong cookie sometimes.  If we have to match
+ 	FamilyInternet cookies, the search order has to be changed anyway
+
+1999-09-02  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (childhandler): watch for child `wait_on_pid' to die.
+	(recv_conn): set `wait_on_pid' instead of looping on waitpid here
+	also.  This should solve the problem of kxd looping which was
+ 	caused by the signal handler getting invoked before this waitpid
+ 	and reaping the child leaving this poor loop without any child
+
+1999-08-19  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (recv_conn): give better error message
+	(doit_active): don't die if fork gives EAGAIN
+
+1999-08-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kxd.c (recv_conn): call setjob on crays;
+	(doit_passive): if fork fails with EAGAIN, don't shutdown, just close
+	the connection re-implement `-t' flag
+
+1999-07-12  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: handle not building X programs
+
+1999-06-23  Assar Westerlund  <assar@sics.se>
+
+	* kx.c: conditionalize krb_enable_debug
+
+1999-06-20  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (main): hopefully do inetd confusion right
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* krb4.c (krb4_authenticate): get rid of a warning
+
+	* kx.h: const-pollution
+
+	* kx.c: use get_default_username and resulting const pollution
+
+	* context.c (context_set): const pollution
+
+1999-05-22  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (recv_conn): fix syslog messages
+	(main): fix inetd_flag thinko
+
+1999-05-21  Assar Westerlund  <assar@sics.se>
+
+	* kx.c (main): don't byte-swap the argument to krb5_getportbyname
+
+	* kx.c (main): try to use $USERNAME
+
+1999-05-10  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES*): update sources list
+	
+	* kx.c (main): forgot to conditionalize some KRB5 code
+	
+	* kxd.c (main): use getarg
+	(*): handle v4 and/or v5
+
+	* kx.h: update
+	
+	* kx.c (main): use getarg.
+	(*): handle v4 and/or v5
+
+	* common.c (do_enccopy, copy_encrypted): remove use
+	net_{read,write} instead of krb_net_{read,write}
+	(krb_get_int, krb_put_int): include fallback of these for when we
+	compile without krb4
+	
+	* Makefile.am (*_SOURCES): remove encdata, add krb[45].c,
+	context.c
+	(LDADD): add krb5
+
+	* krb4.c, krb5.c, context.c: new files
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (doit_passive): handle error code from
+ 	create_and_write_cookie
+
+	* kx.c (doit_active): handle error code from
+ 	create_and_write_cookie
+
+	* common.c (create_and_write_cookie): try to return better (and
+ 	correct) errors.  Based on a patch from Love <lha@e.kth.se>
+
+	* common.c (try_pie): more braces
+	(match_local_auth): new function
+	(find_auth_cookie): new function
+	(replace_cookie): don't just take the first auth cookie.  based on
+	patch from Ake Sandgren <ake@@cs.umu.se>
+
+Wed Apr  7 23:39:23 1999  Assar Westerlund  <assar@sics.se>
+	
+	* common.c (get_xsockets): init local variable to get rid of a gcc
+ 	warning
+
+Thu Apr  1 21:11:36 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.in: fix for writeauth.o
+
+Fri Mar 19 15:12:31 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* kx.c: add gcc-braces
+
+Thu Mar 18 11:18:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Thu Mar 11 14:58:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* writeauth.c: protoize
+
+	* common.c: fix some warnings
+
+Wed Mar 10 19:33:39 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* kxd.c: openlog -> roken_openlog
+
+Wed Feb  3 22:01:55 1999  Assar Westerlund  <assar@sics.se>
+
+	* rxtelnet.in: print out what telnet program we are running.  From
+ 	<nissej@pdc.kth.se>
+
+	* tenletxr.in: add --version, [-h | --help], -v
+
+	* rxterm.in: add --version, [-h | --help], -v
+
+	* rxtelnet.in: add --version, [-h | --help], -v
+
+	* Makefile.in (rxterm, rxtelnet, telnetxr): substitute VERSION and
+ 	PACKAGE
+
+	* rxtelnet.in: update usage string
+
+Fri Jan 22 23:51:05 1999  Assar Westerlund  <assar@sics.se>
+
+	* common.c (verify_and_remove_cookies): give back a meaningful
+ 	error message if we're using the wrong cookie
+
+Fri Dec 18 17:42:02 1998  Assar Westerlund  <assar@sics.se>
+
+	* common.c (replace_cookie): try to handle the case of not finding
+ 	any cookies
+
+Sun Nov 22 10:31:53 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Wed Nov 18 20:25:37 1998  Assar Westerlund  <assar@sics.se>
+
+	* rxtelnet.in: new argument -n for not starting any terminal
+ 	emulator
+
+	* kx.c (doit_passive): parse $DISPLAY correctly
+
+Fri Oct  2 06:34:51 1998  Assar Westerlund  <assar@sics.se>
+
+	* kx.c (doit_active): check DISPLAY to figure out what local
+ 	socket to connect to.  From Åke Sandgren <ake@cs.umu.se>
+
+Thu Oct  1 23:02:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* kx.h: case MAY_HAVE_X11_PIPES with Solaris
+
+Tue Sep 29 02:22:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* kx.c: fix from Ake Sandgren <ake@cs.umu.se>
+
+Mon Sep 28 18:04:03 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* common.c (try_pipe): return -1 if I_PUSH fails with ENOSYS
+
+Sat Sep 26 17:34:21 1998  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c: create sockets before setuid to handle Solaris' strange
+ 	permissions on /tmp/.X11-{unix,pipe}
+
+	* common.c (chown_xsockets): new function
+
+	* kx.h (chown_xsockets): new prototype
+
+Sun Aug 16 18:34:30 1998  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (doit_passive): conditionalize stream pipe code
+
+	* implement support for Solaris's named-pipe X transport
+
+Thu May 28 17:20:39 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c: fix for (compiler?) bug in solaris 2.4 bind
+
+	* kx.c: get_xsockets returns int, not unsigned
+
+Wed May 27 04:20:20 1998  Assar Westerlund  <assar@sics.se>
+
+	* kxd.c (doit): better error reporting
+
+Tue May 26 17:41:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* kx.c: use krb_enable_debug
+
+Mon May 25 05:22:18 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): remove encdata.c
+
+Fri May  1 07:16:36 1998  Assar Westerlund  <assar@sics.se>
+
+	* kx.c: unifdef -DHAVE_H_ERRNO
+
diff --git a/crypto/heimdal/appl/kx/Makefile.am b/crypto/heimdal/appl/kx/Makefile.am
new file mode 100644
index 0000000..ec3f249
--- /dev/null
+++ b/crypto/heimdal/appl/kx/Makefile.am
@@ -0,0 +1,73 @@
+# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+if HAVE_X
+
+bin_PROGRAMS = kx
+bin_SCRIPTS = rxterm rxtelnet tenletxr
+libexec_PROGRAMS = kxd
+
+else
+
+bin_PROGRAMS = 
+bin_SCRIPTS = 
+libexec_PROGRAMS = 
+
+endif
+
+CLEANFILES = rxterm rxtelnet tenletxr
+
+if NEED_WRITEAUTH
+XauWriteAuth_c = writeauth.c
+endif
+
+kx_SOURCES = \
+	kx.c \
+	kx.h \
+	common.c \
+	context.c \
+	krb4.c \
+	krb5.c \
+	$(XauWriteAuth_c)
+
+EXTRA_kx_SOURCES = writeauth.c
+
+kxd_SOURCES = \
+	kxd.c \
+	kx.h \
+	common.c \
+	context.c \
+	krb4.c \
+	krb5.c \
+	$(XauWriteAuth_c)
+
+EXTRA_kxd_SOURCES = writeauth.c
+
+EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
+
+man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
+
+rxterm: rxterm.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
+	chmod +x $@
+
+rxtelnet: rxtelnet.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
+	chmod +x $@
+
+tenletxr: tenletxr.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
+	chmod +x $@
+
+LDADD = \
+	$(LIB_kafs)				\
+	$(LIB_krb5) \
+	$(LIB_krb4)				\
+	$(LIB_des)	\
+	$(LIB_roken)				\
+	$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
diff --git a/crypto/heimdal/appl/kx/Makefile.in b/crypto/heimdal/appl/kx/Makefile.in
new file mode 100644
index 0000000..9d327ec
--- /dev/null
+++ b/crypto/heimdal/appl/kx/Makefile.in
@@ -0,0 +1,801 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
+
+@HAVE_X_TRUE@bin_PROGRAMS = @HAVE_X_TRUE@kx
+@HAVE_X_FALSE@bin_PROGRAMS = 
+@HAVE_X_TRUE@bin_SCRIPTS = @HAVE_X_TRUE@rxterm rxtelnet tenletxr
+@HAVE_X_FALSE@bin_SCRIPTS = 
+@HAVE_X_TRUE@libexec_PROGRAMS = @HAVE_X_TRUE@kxd
+@HAVE_X_FALSE@libexec_PROGRAMS = 
+
+CLEANFILES = rxterm rxtelnet tenletxr
+
+@NEED_WRITEAUTH_TRUE@XauWriteAuth_c = @NEED_WRITEAUTH_TRUE@writeauth.c
+
+kx_SOURCES = \
+	kx.c \
+	kx.h \
+	common.c \
+	context.c \
+	krb4.c \
+	krb5.c \
+	$(XauWriteAuth_c)
+
+
+EXTRA_kx_SOURCES = writeauth.c
+
+kxd_SOURCES = \
+	kxd.c \
+	kx.h \
+	common.c \
+	context.c \
+	krb4.c \
+	krb5.c \
+	$(XauWriteAuth_c)
+
+
+EXTRA_kxd_SOURCES = writeauth.c
+
+EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
+
+man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
+
+LDADD = \
+	$(LIB_kafs)				\
+	$(LIB_krb5) \
+	$(LIB_krb4)				\
+	$(LIB_des)	\
+	$(LIB_roken)				\
+	$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
+
+subdir = appl/kx
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+@HAVE_X_FALSE@bin_PROGRAMS = 
+@HAVE_X_FALSE@libexec_PROGRAMS = 
+PROGRAMS =  $(bin_PROGRAMS) $(libexec_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+@NEED_WRITEAUTH_FALSE@am_kx_OBJECTS =  kx.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT)
+@NEED_WRITEAUTH_TRUE@am_kx_OBJECTS =  kx.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT)
+kx_OBJECTS =  $(am_kx_OBJECTS)
+kx_LDADD = $(LDADD)
+@KRB4_FALSE@@KRB5_FALSE@kx_DEPENDENCIES = 
+@KRB4_FALSE@@KRB5_TRUE@kx_DEPENDENCIES =  \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@KRB4_TRUE@@KRB5_FALSE@kx_DEPENDENCIES =  \
+@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@KRB4_TRUE@@KRB5_TRUE@kx_DEPENDENCIES =  \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+kx_LDFLAGS = 
+@NEED_WRITEAUTH_FALSE@am_kxd_OBJECTS =  kxd.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT)
+@NEED_WRITEAUTH_TRUE@am_kxd_OBJECTS =  kxd.$(OBJEXT) common.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \
+@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT)
+kxd_OBJECTS =  $(am_kxd_OBJECTS)
+kxd_LDADD = $(LDADD)
+@KRB4_FALSE@@KRB5_FALSE@kxd_DEPENDENCIES = 
+@KRB4_FALSE@@KRB5_TRUE@kxd_DEPENDENCIES =  \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@KRB4_TRUE@@KRB5_FALSE@kxd_DEPENDENCIES =  \
+@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@KRB4_TRUE@@KRB5_TRUE@kxd_DEPENDENCIES =  \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+kxd_LDFLAGS = 
+SCRIPTS =  $(bin_SCRIPTS)
+
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) \
+$(EXTRA_kxd_SOURCES)
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+depcomp = 
+DIST_COMMON =  ChangeLog Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) $(EXTRA_kxd_SOURCES)
+OBJECTS = $(am_kx_OBJECTS) $(am_kxd_OBJECTS)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kx/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-binPROGRAMS:
+
+clean-binPROGRAMS:
+	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+distclean-binPROGRAMS:
+
+maintainer-clean-binPROGRAMS:
+
+install-binPROGRAMS: $(bin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-binPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+	  rm -f $(DESTDIR)$(bindir)/$$f; \
+	done
+
+mostlyclean-libexecPROGRAMS:
+
+clean-libexecPROGRAMS:
+	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+distclean-libexecPROGRAMS:
+
+maintainer-clean-libexecPROGRAMS:
+
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
+	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
+	done
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+kx$(EXEEXT): $(kx_OBJECTS) $(kx_DEPENDENCIES)
+	@rm -f kx$(EXEEXT)
+	$(LINK) $(kx_LDFLAGS) $(kx_OBJECTS) $(kx_LDADD) $(LIBS)
+
+kxd$(EXEEXT): $(kxd_OBJECTS) $(kxd_DEPENDENCIES)
+	@rm -f kxd$(EXEEXT)
+	$(LINK) $(kxd_LDFLAGS) $(kxd_OBJECTS) $(kxd_LDADD) $(LIBS)
+
+install-binSCRIPTS: $(bin_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	@list='$(bin_SCRIPTS)'; for p in $$list; do \
+	  f="`echo $$p|sed '$(transform)'`"; \
+	  if test -f $$p; then \
+	    echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f"; \
+	    $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f; \
+	  elif test -f $(srcdir)/$$p; then \
+	    echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f"; \
+	    $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-binSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_SCRIPTS)'; for p in $$list; do \
+	  f="`echo $$p|sed '$(transform)'`"; \
+	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+	  rm -f $(DESTDIR)$(bindir)/$$f; \
+	done
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+install-man1:
+	$(mkinstalldirs) $(DESTDIR)$(man1dir)
+	@list='$(man1_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
+	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
+	done
+
+uninstall-man1:
+	@list='$(man1_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
+	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
+	done
+
+install-man8:
+	$(mkinstalldirs) $(DESTDIR)$(man8dir)
+	@list='$(man8_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
+	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
+	done
+
+uninstall-man8:
+	@list='$(man8_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
+	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
+	done
+install-man: $(MANS)
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-man1 install-man8
+uninstall-man:
+	@$(NORMAL_UNINSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-man1 uninstall-man8
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
+		install-binSCRIPTS
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-man install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+		uninstall-binSCRIPTS uninstall-man
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) \
+		$(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 \
+		$(DESTDIR)$(mandir)/man8
+
+
+mostlyclean-generic:
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-binPROGRAMS mostlyclean-libexecPROGRAMS \
+		mostlyclean-compile mostlyclean-libtool \
+		mostlyclean-tags mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-binPROGRAMS clean-libexecPROGRAMS clean-compile \
+		clean-libtool clean-tags clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-binPROGRAMS distclean-libexecPROGRAMS \
+		distclean-compile distclean-libtool distclean-tags \
+		distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-binPROGRAMS \
+		maintainer-clean-libexecPROGRAMS \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-tags maintainer-clean-generic \
+		distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
+maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
+mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
+clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
+uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
+distclean-compile clean-compile maintainer-clean-compile \
+mostlyclean-libtool distclean-libtool clean-libtool \
+maintainer-clean-libtool uninstall-binSCRIPTS install-binSCRIPTS \
+install-man1 uninstall-man1 install-man8 uninstall-man8 install-man \
+uninstall-man tags mostlyclean-tags distclean-tags clean-tags \
+maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \
+check-am installcheck-am installcheck install-exec-am install-exec \
+install-data-local install-data-am install-data install-am install \
+uninstall-am uninstall all-local all-redirect all-am all install-strip \
+installdirs mostlyclean-generic distclean-generic clean-generic \
+maintainer-clean-generic clean mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+rxterm: rxterm.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
+	chmod +x $@
+
+rxtelnet: rxtelnet.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
+	chmod +x $@
+
+tenletxr: tenletxr.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
+	chmod +x $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/kx/common.c b/crypto/heimdal/appl/kx/common.c
new file mode 100644
index 0000000..0d23169
--- /dev/null
+++ b/crypto/heimdal/appl/kx/common.c
@@ -0,0 +1,794 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: common.c,v 1.62 2001/02/15 04:20:51 assar Exp $");
+
+char x_socket[MaxPathLen];
+
+u_int32_t display_num;
+char display[MaxPathLen];
+int display_size = sizeof(display);
+char xauthfile[MaxPathLen];
+int xauthfile_size = sizeof(xauthfile);
+u_char cookie[16];
+size_t cookie_len = sizeof(cookie);
+
+#ifndef X_UNIX_PATH
+#define X_UNIX_PATH "/tmp/.X11-unix/X"
+#endif
+
+#ifndef X_PIPE_PATH
+#define X_PIPE_PATH "/tmp/.X11-pipe/X"
+#endif
+
+/*
+ * Allocate a unix domain socket in `s' for display `dpy' and with
+ * filename `pattern'
+ *
+ * 0 if all is OK
+ * -1 if bind failed badly
+ * 1 if dpy is already used */
+
+static int
+try_socket (struct x_socket *s, int dpy, const char *pattern)
+{
+    struct sockaddr_un addr;
+    int fd;
+
+    fd = socket (AF_UNIX, SOCK_STREAM, 0);
+    if (fd < 0)
+	err (1, "socket AF_UNIX");
+    memset (&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    snprintf (addr.sun_path, sizeof(addr.sun_path), pattern, dpy);
+    if(bind(fd,
+	    (struct sockaddr *)&addr,
+	    sizeof(addr)) < 0) {
+	close (fd);
+	if (errno == EADDRINUSE ||
+	    errno == EACCES  /* Cray return EACCESS */
+#ifdef ENOTUNIQ
+	    || errno == ENOTUNIQ /* bug in Solaris 2.4 */
+#endif
+	    )
+	    return 1;
+	else
+	    return -1;
+    }
+    s->fd = fd;
+    s->pathname = strdup (addr.sun_path);
+    if (s->pathname == NULL)
+	errx (1, "strdup: out of memory");
+    s->flags = UNIX_SOCKET;
+    return 0;
+}
+
+#ifdef MAY_HAVE_X11_PIPES
+/*
+ * Allocate a stream (masqueraded as a named pipe)
+ *
+ * 0 if all is OK
+ * -1 if bind failed badly
+ * 1 if dpy is already used
+ */
+
+static int
+try_pipe (struct x_socket *s, int dpy, const char *pattern)
+{
+    char path[MAXPATHLEN];
+    int ret;
+    int fd;
+    int pipefd[2];
+    
+    snprintf (path, sizeof(path), pattern, dpy);
+    fd = open (path, O_WRONLY | O_CREAT | O_EXCL, 0600);
+    if (fd < 0) {
+	if (errno == EEXIST)
+	    return 1;
+	else
+	    return -1;
+    }
+
+    close (fd);
+
+    ret = pipe (pipefd);
+    if (ret < 0)
+	err (1, "pipe");
+
+    ret = ioctl (pipefd[1], I_PUSH, "connld");
+    if (ret < 0) {
+	if(errno == ENOSYS)
+	    return -1;
+	err (1, "ioctl I_PUSH");
+    }
+
+    ret = fattach (pipefd[1], path);
+    if (ret < 0)
+	err (1, "fattach %s", path);
+
+    s->fd  = pipefd[0];
+    close (pipefd[1]);
+    s->pathname = strdup (path);
+    if (s->pathname == NULL)
+	errx (1, "strdup: out of memory");
+    s->flags = STREAM_PIPE;
+    return 0;
+}
+#endif /* MAY_HAVE_X11_PIPES */
+
+/*
+ * Try to create a TCP socket in `s' corresponding to display `dpy'.
+ *
+ * 0 if all is OK
+ * -1 if bind failed badly
+ * 1 if dpy is already used
+ */
+
+static int
+try_tcp (struct x_socket *s, int dpy)
+{
+    struct sockaddr_in tcpaddr;
+    struct in_addr local;
+    int one = 1;
+    int fd;
+
+    memset(&local, 0, sizeof(local));
+    local.s_addr = htonl(INADDR_LOOPBACK);
+
+    fd = socket (AF_INET, SOCK_STREAM, 0);
+    if (fd < 0)
+	err (1, "socket AF_INET");
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+    setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+		sizeof(one));
+#endif
+    memset (&tcpaddr, 0, sizeof(tcpaddr));
+    tcpaddr.sin_family = AF_INET;
+    tcpaddr.sin_addr = local;
+    tcpaddr.sin_port = htons(6000 + dpy);
+    if (bind (fd, (struct sockaddr *)&tcpaddr,
+	      sizeof(tcpaddr)) < 0) {
+	close (fd);
+	if (errno == EADDRINUSE)
+	    return 1;
+	else
+	    return -1;
+    }
+    s->fd = fd;
+    s->pathname = NULL;
+    s->flags = TCP;
+    return 0;
+}
+
+/*
+ * The potential places to create unix sockets.
+ */
+
+static char *x_sockets[] = {
+X_UNIX_PATH "%u",
+"/var/X/.X11-unix/X" "%u",
+"/usr/spool/sockets/X11/" "%u",
+NULL
+};
+
+/*
+ * Dito for stream pipes.
+ */
+
+#ifdef MAY_HAVE_X11_PIPES
+static char *x_pipes[] = {
+X_PIPE_PATH "%u",
+"/var/X/.X11-pipe/X" "%u",
+NULL
+};
+#endif
+
+/*
+ * Create the directory corresponding to dirname of `path' or fail.
+ */
+
+static void
+try_mkdir (const char *path)
+{
+    char *dir;
+    char *p;
+    int oldmask;
+
+    if((dir = strdup (path)) == NULL)
+	errx (1, "strdup: out of memory");
+    p = strrchr (dir, '/');
+    if (p)
+	*p = '\0';
+
+    oldmask = umask(0);
+    mkdir (dir, 01777);
+    umask (oldmask);
+    free (dir);
+}
+
+/*
+ * Allocate a display, returning the number of sockets in `number' and
+ * all the corresponding sockets in `sockets'.  If `tcp_socket' is
+ * true, also allcoaet a TCP socket.
+ *
+ * The return value is the display allocated or -1 if an error occurred.
+ */
+
+int
+get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
+{
+     int dpy;
+     struct x_socket *s;
+     int n;
+     int i;
+
+     s = malloc (sizeof(*s) * 5);
+     if (s == NULL)
+	 errx (1, "malloc: out of memory");
+
+     try_mkdir (X_UNIX_PATH);
+     try_mkdir (X_PIPE_PATH);
+
+     for(dpy = 4; dpy < 256; ++dpy) {
+	 char **path;
+	 int tmp = 0;
+
+	 n = 0;
+	 for (path = x_sockets; *path; ++path) {
+	     tmp = try_socket (&s[n], dpy, *path);
+	     if (tmp == -1) {
+		 if (errno != ENOTDIR && errno != ENOENT)
+		     return -1;
+	     } else if (tmp == 1) {
+		 while(--n >= 0) {
+		     close (s[n].fd);
+		     free (s[n].pathname);
+		 }
+		 break;
+	     } else if (tmp == 0)
+		 ++n;
+	 }
+	 if (tmp == 1)
+	     continue;
+
+#ifdef MAY_HAVE_X11_PIPES
+	 for (path = x_pipes; *path; ++path) {
+	     tmp = try_pipe (&s[n], dpy, *path);
+	     if (tmp == -1) {
+		 if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS)
+		     return -1;
+	     } else if (tmp == 1) {
+		 while (--n >= 0) {
+		     close (s[n].fd);
+		     free (s[n].pathname);
+		 }
+		 break;
+	     } else if (tmp == 0)
+		 ++n;
+	 }
+
+	 if (tmp == 1)
+	     continue;
+#endif
+
+	 if (tcp_socket) {
+	     tmp = try_tcp (&s[n], dpy);
+	     if (tmp == -1)
+		 return -1;
+	     else if (tmp == 1) {
+		 while (--n >= 0) {
+		     close (s[n].fd);
+		     free (s[n].pathname);
+		 }
+		 break;
+	     } else if (tmp == 0)
+		 ++n;
+	 }
+	 break;
+     }
+     if (dpy == 256)
+	 errx (1, "no free x-servers");
+     for (i = 0; i < n; ++i)
+	 if (s[i].flags & LISTENP
+	     && listen (s[i].fd, SOMAXCONN) < 0)
+	     err (1, "listen %s", s[i].pathname ? s[i].pathname : "tcp");
+     *number = n;
+     *sockets = s;
+     return dpy;
+}
+
+/*
+ * Change owner on the `n' sockets in `sockets' to `uid', `gid'.
+ * Return 0 is succesful or -1 if an error occurred.
+ */
+
+int
+chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid)
+{
+    int i;
+
+    for (i = 0; i < n; ++i)
+	if (sockets[i].pathname != NULL)
+	    if (chown (sockets[i].pathname, uid, gid) < 0)
+		return -1;
+    return 0;
+}
+
+/*
+ * Connect to local display `dnr' with local transport.
+ * Return a file descriptor.
+ */
+
+int
+connect_local_xsocket (unsigned dnr)
+{
+     int fd;
+     struct sockaddr_un addr;
+     char **path;
+
+     for (path = x_sockets; *path; ++path) {
+	 fd = socket (AF_UNIX, SOCK_STREAM, 0);
+	 if (fd < 0)
+	     err (1, "socket AF_UNIX");
+	 memset (&addr, 0, sizeof(addr));
+	 addr.sun_family = AF_UNIX;
+	 snprintf (addr.sun_path, sizeof(addr.sun_path), *path, dnr);
+	 if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
+	     return fd;
+     }
+     err (1, "connecting to local display %u", dnr);
+}
+
+/*
+ * Create a cookie file with a random cookie for the localhost.  The
+ * file name will be stored in `xauthfile' (but not larger than
+ * `xauthfile_size'), and the cookie returned in `cookie', `cookie_sz'.
+ * Return 0 if succesful, or errno.
+ */
+
+int
+create_and_write_cookie (char *xauthfile,
+			 size_t xauthfile_size,
+			 u_char *cookie,
+			 size_t cookie_sz)
+{
+     Xauth auth;
+     char tmp[64];
+     int fd;
+     FILE *f;
+     char hostname[MaxHostNameLen];
+     struct in_addr loopback;
+     int saved_errno;
+
+     gethostname (hostname, sizeof(hostname));
+     loopback.s_addr = htonl(INADDR_LOOPBACK);
+     
+     auth.family = FamilyLocal;
+     auth.address = hostname;
+     auth.address_length = strlen(auth.address);
+     snprintf (tmp, sizeof(tmp), "%d", display_num);
+     auth.number_length = strlen(tmp);
+     auth.number = tmp;
+     auth.name = COOKIE_TYPE;
+     auth.name_length = strlen(auth.name);
+     auth.data_length = cookie_sz;
+     auth.data = (char*)cookie;
+#ifdef HAVE_OPENSSL_DES_H
+     krb5_generate_random_block (cookie, cookie_sz);
+#else
+     des_rand_data (cookie, cookie_sz);
+#endif
+
+     strlcpy(xauthfile, "/tmp/AXXXXXX", xauthfile_size);
+     fd = mkstemp(xauthfile);
+     if(fd < 0) {
+	 saved_errno = errno;
+	 syslog(LOG_ERR, "create_and_write_cookie: mkstemp: %m");
+         return saved_errno;
+     }
+     f = fdopen(fd, "r+");
+     if(f == NULL){
+	 saved_errno = errno;
+	 close(fd);
+	 return errno;
+     }
+     if(XauWriteAuth(f, &auth) == 0) {
+	 saved_errno = errno;
+	 fclose(f);
+	 return saved_errno;
+     }
+
+     /*
+      * I would like to write a cookie for localhost:n here, but some
+      * stupid code in libX11 will not look for cookies of that type,
+      * so we are forced to use FamilyWild instead.
+      */
+
+     auth.family  = FamilyWild;
+     auth.address_length = 0;
+
+#if 0 /* XXX */
+     auth.address = (char *)&loopback;
+     auth.address_length = sizeof(loopback);
+#endif
+
+     if (XauWriteAuth(f, &auth) == 0) {
+	 saved_errno = errno;
+	 fclose (f);
+	 return saved_errno;
+     }
+
+     if(fclose(f))
+	 return errno;
+     return 0;
+}
+
+/*
+ * Verify and remove cookies.  Read and parse a X-connection from
+ * `fd'. Check the cookie used is the same as in `cookie'.  Remove the
+ * cookie and copy the rest of it to `sock'.
+ * Expect cookies iff cookiesp.
+ * Return 0 iff ok.
+ *
+ * The protocol is as follows:
+ *
+ * C->S:	[Bl]				1
+ *		unused				1
+ *		protocol major version		2
+ *		protocol minor version		2
+ *		length of auth protocol name(n)	2
+ *		length of auth protocol data	2
+ *		unused				2
+ *		authorization protocol name	n
+ *		pad				pad(n)
+ *		authorization protocol data	d
+ *		pad				pad(d)
+ *
+ * S->C:	Failed
+ *		0				1
+ *		length of reason		1
+ *		protocol major version		2
+ *		protocol minor version		2
+ *		length in 4 bytes unit of
+ *		additional data (n+p)/4		2
+ *		reason				n
+ *		unused				p = pad(n)
+ */
+
+int
+verify_and_remove_cookies (int fd, int sock, int cookiesp)
+{
+     u_char beg[12];
+     int bigendianp;
+     unsigned n, d, npad, dpad;
+     char *protocol_name, *protocol_data;
+     u_char zeros[6] = {0, 0, 0, 0, 0, 0};
+     u_char refused[20] = {0, 10, 
+			   0, 0, /* protocol major version  */
+			   0, 0, /* protocol minor version */
+			   0, 0, /* length of additional data / 4 */
+			   'b', 'a', 'd', ' ', 'c', 'o', 'o', 'k', 'i', 'e',
+			   0, 0};
+
+     if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
+	  return 1;
+     if (net_write (sock, beg, 6) != 6)
+	  return 1;
+     bigendianp = beg[0] == 'B';
+     if (bigendianp) {
+	  n = (beg[6] << 8) | beg[7];
+	  d = (beg[8] << 8) | beg[9];
+     } else {
+	  n = (beg[7] << 8) | beg[6];
+	  d = (beg[9] << 8) | beg[8];
+     }
+     npad = (4 - (n % 4)) % 4;
+     dpad = (4 - (d % 4)) % 4;
+     protocol_name = malloc(n + npad);
+     if (n + npad != 0 && protocol_name == NULL)
+	 return 1;
+     protocol_data = malloc(d + dpad);
+     if (d + dpad != 0 && protocol_data == NULL) {
+	 free (protocol_name);
+	 return 1;
+     }
+     if (net_read (fd, protocol_name, n + npad) != n + npad)
+	 goto fail;
+     if (net_read (fd, protocol_data, d + dpad) != d + dpad)
+	 goto fail;
+     if (cookiesp) {
+	 if (strncmp (protocol_name, COOKIE_TYPE, strlen(COOKIE_TYPE)) != 0)
+	     goto refused;
+	 if (d != cookie_len ||
+	     memcmp (protocol_data, cookie, cookie_len) != 0)
+	     goto refused;
+     }
+     free (protocol_name);
+     free (protocol_data);
+     if (net_write (sock, zeros, 6) != 6)
+	  return 1;
+     return 0;
+refused:
+     refused[2] = beg[2];
+     refused[3] = beg[3];
+     refused[4] = beg[4];
+     refused[5] = beg[5];
+     if (bigendianp)
+	 refused[7] = 3;
+     else
+	 refused[6] = 3;
+
+     net_write (fd, refused, sizeof(refused));
+fail:
+     free (protocol_name);
+     free (protocol_data);
+     return 1;
+}
+
+/* 
+ * Return 0 iff `cookie' is compatible with the cookie for the
+ * localhost with name given in `ai' (or `hostname') and display
+ * number in `disp_nr'.
+ */
+
+static int
+match_local_auth (Xauth* auth,
+		  struct addrinfo *ai, const char *hostname, int disp_nr)
+{
+    int auth_disp;
+    char *tmp_disp;
+    struct addrinfo *a;
+    
+    tmp_disp = strndup (auth->number, auth->number_length);
+    if (tmp_disp == NULL)
+	return -1;
+    auth_disp = atoi(tmp_disp);
+    free (tmp_disp);
+    if (auth_disp != disp_nr)
+	return 1;
+    for (a = ai; a != NULL; a = a->ai_next) {
+	if ((auth->family == FamilyLocal
+	     || auth->family == FamilyWild)
+	    && a->ai_canonname != NULL
+	    && strncmp (auth->address,
+			a->ai_canonname,
+			auth->address_length) == 0)
+	    return 0;
+    }
+    if (hostname != NULL
+	&& (auth->family    == FamilyLocal
+	    || auth->family == FamilyWild)
+	&& strncmp (auth->address, hostname, auth->address_length) == 0)
+	return 0;
+    return 1;
+}
+
+/*
+ * Find `our' cookie from the cookie file `f' and return it or NULL.
+ */
+
+static Xauth*
+find_auth_cookie (FILE *f)
+{
+    Xauth *ret = NULL;
+    char local_hostname[MaxHostNameLen];
+    char *display = getenv("DISPLAY");
+    char d[MaxHostNameLen + 4];
+    char *colon;
+    struct addrinfo *ai;
+    struct addrinfo hints;
+    int disp;
+    int error;
+
+    if(display == NULL)
+	display = ":0";
+    strlcpy(d, display, sizeof(d));
+    display = d;
+    colon = strchr (display, ':');
+    if (colon == NULL)
+	disp = 0;
+    else {
+	*colon = '\0';
+	disp = atoi (colon + 1);
+    }
+    if (strcmp (display, "") == 0
+	|| strncmp (display, "unix", 4) == 0
+	|| strncmp (display, "localhost", 9) == 0) {
+	gethostname (local_hostname, sizeof(local_hostname));
+	display = local_hostname;
+    }
+    memset (&hints, 0, sizeof(hints));
+    hints.ai_flags    = AI_CANONNAME;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = IPPROTO_TCP;
+
+    error = getaddrinfo (display, NULL, &hints, &ai);
+    if (error)
+	ai = NULL;
+
+    for (; (ret = XauReadAuth (f)) != NULL; XauDisposeAuth(ret)) {
+	if (match_local_auth (ret, ai, display, disp) == 0) {
+	    if (ai != NULL)
+		freeaddrinfo (ai);
+	    return ret;
+	}
+    }
+    if (ai != NULL)
+	freeaddrinfo (ai);
+    return NULL;
+}
+
+/*
+ * Get rid of the cookie that we were sent and get the correct one
+ * from our own cookie file instead.
+ */
+
+int
+replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */
+{
+     u_char beg[12];
+     int bigendianp;
+     unsigned n, d, npad, dpad;
+     FILE *f;
+     u_char zeros[6] = {0, 0, 0, 0, 0, 0};
+
+     if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
+	  return 1;
+     if (net_write (xserver, beg, 6) != 6)
+	  return 1;
+     bigendianp = beg[0] == 'B';
+     if (bigendianp) {
+	  n = (beg[6] << 8) | beg[7];
+	  d = (beg[8] << 8) | beg[9];
+     } else {
+	  n = (beg[7] << 8) | beg[6];
+	  d = (beg[9] << 8) | beg[8];
+     }
+     if (n != 0 || d != 0)
+	  return 1;
+     f = fopen(filename, "r");
+     if (f != NULL) {
+	 Xauth *auth = find_auth_cookie (f);
+	 u_char len[6] = {0, 0, 0, 0, 0, 0};
+	 
+	 fclose (f);
+
+	 if (auth != NULL) {
+	     n = auth->name_length;
+	     d = auth->data_length;
+	 } else {
+	     n = 0;
+	     d = 0;
+	 }
+	 if (bigendianp) {
+	     len[0] = n >> 8;
+	     len[1] = n & 0xFF;
+	     len[2] = d >> 8;
+	     len[3] = d & 0xFF;
+	 } else {
+	     len[0] = n & 0xFF;
+	     len[1] = n >> 8;
+	     len[2] = d & 0xFF;
+	     len[3] = d >> 8;
+	 }
+	 if (net_write (xserver, len, 6) != 6) {
+	     XauDisposeAuth(auth);
+	     return 1;
+	 }
+	 if(n != 0 && net_write (xserver, auth->name, n) != n) {
+	     XauDisposeAuth(auth);
+	     return 1;
+	 }
+	 npad = (4 - (n % 4)) % 4;
+	 if (npad && net_write (xserver, zeros, npad) != npad) {
+	     XauDisposeAuth(auth);
+	     return 1;
+	 }
+	 if (d != 0 && net_write (xserver, auth->data, d) != d) {
+	     XauDisposeAuth(auth);
+	     return 1;
+	 }
+	 XauDisposeAuth(auth);
+	 dpad = (4 - (d % 4)) % 4;
+	 if (dpad && net_write (xserver, zeros, dpad) != dpad)
+	     return 1;
+     } else {
+	 if(net_write(xserver, zeros, 6) != 6)
+	     return 1;
+     }
+     return 0;
+}
+
+/*
+ * Some simple controls on the address and corresponding socket
+ */
+
+int
+suspicious_address (int sock, struct sockaddr_in addr)
+{
+    char data[40];
+    socklen_t len = sizeof(data);
+
+    return addr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
+#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
+	|| getsockopt (sock, IPPROTO_IP, IP_OPTIONS, data, &len) < 0
+	|| len != 0
+#endif
+    ;
+}
+
+/*
+ * This really sucks, but these functions are used and if we're not
+ * linking against libkrb they don't exist.  Using the heimdal storage
+ * functions will not work either cause we do not always link with
+ * libkrb5 either.
+ */
+
+#ifndef KRB4
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb)
+{
+    int i;
+    unsigned char *from = (unsigned char *)f;
+
+    *to = 0;
+    if(lsb){
+	for(i = size-1; i >= 0; i--)
+	    *to = (*to << 8) | from[i];
+    }else{
+	for(i = 0; i < size; i++)
+	    *to = (*to << 8) | from[i];
+    }
+    return size;
+}
+
+int
+krb_put_int(u_int32_t from, void *to, size_t rem, int size)
+{
+    int i;
+    unsigned char *p = (unsigned char *)to;
+
+    if (rem < size)
+	return -1;
+
+    for(i = size - 1; i >= 0; i--){
+	p[i] = from & 0xff;
+	from >>= 8;
+    }
+    return size;
+}
+
+#endif /* !KRB4 */
diff --git a/crypto/heimdal/appl/kx/context.c b/crypto/heimdal/appl/kx/context.c
new file mode 100644
index 0000000..bbc8da9
--- /dev/null
+++ b/crypto/heimdal/appl/kx/context.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: context.c,v 1.4 1999/12/02 16:58:32 joda Exp $");
+
+/*
+ * Set the common part of the context `kc'
+ */
+
+void
+context_set (kx_context *kc, const char *host, const char *user, int port,
+	     int debug_flag, int keepalive_flag, int tcp_flag)
+{
+    kc->host		= host;
+    kc->user		= user;
+    kc->port		= port;
+    kc->debug_flag	= debug_flag;
+    kc->keepalive_flag	= keepalive_flag;
+    kc->tcp_flag	= tcp_flag;
+}
+
+/*
+ * dispatch functions
+ */
+
+void
+context_destroy (kx_context *kc)
+{
+    (*kc->destroy)(kc);
+}
+
+int
+context_authenticate (kx_context *kc, int s)
+{
+    return (*kc->authenticate)(kc, s);
+}
+
+int
+context_userok (kx_context *kc, char *user)
+{
+    return (*kc->userok)(kc, user);
+}
+
+ssize_t
+kx_read (kx_context *kc, int fd, void *buf, size_t len)
+{
+    return (*kc->read)(kc, fd, buf, len);
+}
+
+ssize_t
+kx_write (kx_context *kc, int fd, const void *buf, size_t len)
+{
+    return (*kc->write)(kc, fd, buf, len);
+}
+
+int
+copy_encrypted (kx_context *kc, int fd1, int fd2)
+{
+    return (*kc->copy_encrypted)(kc, fd1, fd2);
+}
diff --git a/crypto/heimdal/appl/kx/krb4.c b/crypto/heimdal/appl/kx/krb4.c
new file mode 100644
index 0000000..07852c9
--- /dev/null
+++ b/crypto/heimdal/appl/kx/krb4.c
@@ -0,0 +1,361 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: krb4.c,v 1.8 2000/10/08 13:19:22 assar Exp $");
+
+#ifdef KRB4
+
+struct krb4_kx_context {
+    des_cblock key;
+    des_key_schedule schedule;
+    AUTH_DAT auth;
+};
+
+typedef struct krb4_kx_context krb4_kx_context;
+
+/*
+ * Destroy the krb4 context in `c'.
+ */
+
+static void
+krb4_destroy (kx_context *c)
+{
+    memset (c->data, 0, sizeof(krb4_kx_context));
+    free (c->data);
+}
+
+/*
+ * Read the authentication information from `s' and return 0 if
+ * succesful, else -1.
+ */
+
+static int
+krb4_authenticate (kx_context *kc, int s)
+{
+    CREDENTIALS cred;
+    KTEXT_ST text;
+    MSG_DAT msg;
+    int status;
+    krb4_kx_context *c = (krb4_kx_context *)kc->data;
+    const char *host = kc->host;
+
+#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
+    if (krb_get_config_bool("nat_in_use")) {
+	struct in_addr natAddr;
+
+	if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host),
+				     &natAddr) == KSUCCESS
+	    || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
+	    kc->thisaddr.sin_addr = natAddr;
+    }
+#endif
+
+    status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+			   (char *)host, krb_realmofhost (host),
+			   getpid(), &msg, &cred, c->schedule,
+			   &kc->thisaddr, &kc->thataddr, KX_VERSION);
+    if (status != KSUCCESS) {
+	warnx ("%s: %s\n", host, krb_get_err_text(status));
+	return -1;
+    }
+    memcpy (c->key, cred.session, sizeof(des_cblock));
+    return 0;
+}
+
+/*
+ * Read a krb4 priv packet from `fd' into `buf' (of size `len').
+ * Return the number of bytes read or 0 on EOF or -1 on error.
+ */
+
+static ssize_t
+krb4_read (kx_context *kc,
+	   int fd, void *buf, size_t len)
+{
+    unsigned char tmp[4];
+    ssize_t ret;
+    size_t l;
+    int status;
+    krb4_kx_context *c = (krb4_kx_context *)kc->data;
+    MSG_DAT msg;
+
+    ret = krb_net_read (fd, tmp, 4);
+    if (ret == 0)
+	return ret;
+    if (ret != 4)
+	return -1;
+    l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+    if (l > len)
+	return -1;
+    if (krb_net_read (fd, buf, l) != l)
+	return -1;
+    status = krb_rd_priv (buf, l, c->schedule, &c->key,
+			  &kc->thataddr, &kc->thisaddr, &msg);
+    if (status != RD_AP_OK) {
+	warnx ("krb4_read: %s", krb_get_err_text(status));
+	return -1;
+    }
+    memmove (buf, msg.app_data, msg.app_length);
+    return msg.app_length;
+}
+
+/*
+ * Write a krb4 priv packet on `fd' with the data in `buf, len'.
+ * Return len or -1 on error
+ */
+
+static ssize_t
+krb4_write(kx_context *kc,
+	   int fd, const void *buf, size_t len)
+{
+    void *outbuf;
+    krb4_kx_context *c = (krb4_kx_context *)kc->data;
+    int outlen;
+    unsigned char tmp[4];
+
+    outbuf = malloc (len + 30);
+    if (outbuf == NULL)
+	return -1;
+    outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key,
+			  &kc->thisaddr, &kc->thataddr);
+    if (outlen < 0) {
+	free (outbuf);
+	return -1;
+    }
+    tmp[0] = (outlen >> 24) & 0xFF;
+    tmp[1] = (outlen >> 16) & 0xFF;
+    tmp[2] = (outlen >>  8) & 0xFF;
+    tmp[3] = (outlen >>  0) & 0xFF;
+
+    if (krb_net_write (fd, tmp, 4) != 4 ||
+	krb_net_write (fd, outbuf, outlen) != outlen) {
+	free (outbuf);
+	return -1;
+    }
+    free (outbuf);
+    return len;
+}
+
+/*
+ * Copy data from `fd1' to `fd2', {en,de}crypting with cfb64
+ * with `mode' and state stored in `iv', `schedule', and `num'.
+ * Return -1 if error, 0 if eof, else 1
+ */
+
+static int
+do_enccopy (int fd1, int fd2, int mode, des_cblock *iv,
+	    des_key_schedule schedule, int *num)
+{
+     int ret;
+     u_char buf[BUFSIZ];
+
+     ret = read (fd1, buf, sizeof(buf));
+     if (ret == 0)
+	  return 0;
+     if (ret < 0) {
+	 warn ("read");
+	 return ret;
+     }
+#ifndef NOENCRYPTION
+     des_cfb64_encrypt (buf, buf, ret, schedule, iv,
+			num, mode);
+#endif
+     ret = krb_net_write (fd2, buf, ret);
+     if (ret < 0) {
+	 warn ("write");
+	 return ret;
+     }
+     return 1;
+}
+
+/*
+ * Copy data between fd1 and fd2, encrypting one way and decrypting
+ * the other.
+ */
+
+static int
+krb4_copy_encrypted (kx_context *kc,
+		     int fd1, int fd2)
+{
+    krb4_kx_context *c = (krb4_kx_context *)kc->data;
+    des_cblock iv1, iv2;
+    int num1 = 0, num2 = 0;
+
+    memcpy (iv1, c->key, sizeof(iv1));
+    memcpy (iv2, c->key, sizeof(iv2));
+    for (;;) {
+	fd_set fdset;
+	int ret;
+
+	if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
+	    warnx ("fd too large");
+	    return 1;
+	}
+
+	FD_ZERO(&fdset);
+	FD_SET(fd1, &fdset);
+	FD_SET(fd2, &fdset);
+
+	ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
+	if (ret < 0 && errno != EINTR) {
+	    warn ("select");
+	    return 1;
+	}
+	if (FD_ISSET(fd1, &fdset)) {
+	    ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, c->schedule, &num1);
+	    if (ret <= 0)
+		return ret;
+	}
+	if (FD_ISSET(fd2, &fdset)) {
+	    ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, c->schedule, &num2);
+	    if (ret <= 0)
+		return ret;
+	}
+    }
+}
+
+/*
+ * Return 0 if the user authenticated on `kc' is allowed to login as
+ * `user'.
+ */
+
+static int
+krb4_userok (kx_context *kc, char *user)
+{
+    krb4_kx_context *c = (krb4_kx_context *)kc->data;
+    char *tmp;
+
+    tmp = krb_unparse_name_long (c->auth.pname,
+				 c->auth.pinst,
+				 c->auth.prealm);
+    kc->user = strdup (tmp);
+    if (kc->user == NULL)
+	err (1, "malloc");
+
+
+    return kuserok (&c->auth, user);
+}
+
+/*
+ * Create an instance of an krb4 context.
+ */
+
+void
+krb4_make_context (kx_context *kc)
+{
+    kc->authenticate	= krb4_authenticate;
+    kc->userok		= krb4_userok;
+    kc->read		= krb4_read;
+    kc->write		= krb4_write;
+    kc->copy_encrypted	= krb4_copy_encrypted;
+    kc->destroy		= krb4_destroy;
+    kc->user		= NULL;
+    kc->data		= malloc(sizeof(krb4_kx_context));
+
+    if (kc->data == NULL)
+	err (1, "malloc");
+}
+
+/*
+ * Receive authentication information on `sock' (first four bytes
+ * in `buf').
+ */
+
+int
+recv_v4_auth (kx_context *kc, int sock, u_char *buf)
+{
+    int status;
+    KTEXT_ST ticket;
+    char instance[INST_SZ + 1];
+    char version[KRB_SENDAUTH_VLEN + 1];
+    krb4_kx_context *c;
+    AUTH_DAT auth;
+    des_key_schedule schedule;
+
+    if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
+	return -1;
+    if (net_read (sock, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
+	KRB_SENDAUTH_VLEN - 4) {
+	syslog (LOG_ERR, "read: %m");
+	exit (1);
+    }
+    if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) {
+	syslog (LOG_ERR, "unrecognized auth protocol: %.8s", buf);
+	exit (1);
+    }
+
+    k_getsockinst (sock, instance, sizeof(instance));
+    status = krb_recvauth (KOPT_IGNORE_PROTOCOL | KOPT_DO_MUTUAL,
+			   sock,
+			   &ticket,
+			   "rcmd",
+			   instance,
+			   &kc->thataddr,
+			   &kc->thisaddr,
+			   &auth,
+			   "",
+			   schedule,
+			   version);
+    if (status != KSUCCESS) {
+	syslog (LOG_ERR, "krb_recvauth: %s", krb_get_err_text(status));
+	exit (1);
+    }
+    if (strncmp (version, KX_VERSION, KRB_SENDAUTH_VLEN) != 0) {
+	 /* Try to be nice to old kx's */
+	 if (strncmp (version, KX_OLD_VERSION, KRB_SENDAUTH_VLEN) == 0) {
+	     char *old_errmsg = "\001Old version of kx. Please upgrade.";
+	     char user[64];
+
+	     syslog (LOG_ERR, "Old version client (%s)", version);
+
+	     krb_net_read (sock, user, sizeof(user));
+	     krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1);
+	     exit (1);
+	 } else {
+	     syslog (LOG_ERR, "bad version: %s", version);
+	     exit (1);
+	 }
+    }
+
+    krb4_make_context (kc);
+    c = (krb4_kx_context *)kc->data;
+
+    c->auth     = auth;
+    memcpy (c->key, &auth.session, sizeof(des_cblock));
+    memcpy (c->schedule, schedule, sizeof(schedule));
+
+    return 0;
+}
+
+#endif /* KRB4 */
diff --git a/crypto/heimdal/appl/kx/krb5.c b/crypto/heimdal/appl/kx/krb5.c
new file mode 100644
index 0000000..0b4a083
--- /dev/null
+++ b/crypto/heimdal/appl/kx/krb5.c
@@ -0,0 +1,421 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: krb5.c,v 1.7 2000/12/31 07:32:03 assar Exp $");
+
+#ifdef KRB5
+
+struct krb5_kx_context {
+    krb5_context context;
+    krb5_keyblock *keyblock;
+    krb5_crypto crypto;
+    krb5_principal client;
+};
+
+typedef struct krb5_kx_context krb5_kx_context;
+
+/*
+ * Destroy the krb5 context in `c'.
+ */
+
+static void
+krb5_destroy (kx_context *c)
+{
+    krb5_kx_context *kc = (krb5_kx_context *)c->data;
+
+    if (kc->keyblock)
+	krb5_free_keyblock (kc->context, kc->keyblock);
+    if (kc->crypto)
+	krb5_crypto_destroy (kc->context, kc->crypto);
+    if (kc->client)
+	krb5_free_principal (kc->context, kc->client);
+    if (kc->context)
+	krb5_free_context (kc->context);
+    free (kc);
+}
+
+/*
+ * Read the authentication information from `s' and return 0 if
+ * succesful, else -1.
+ */
+
+static int
+krb5_authenticate (kx_context *kc, int s)
+{
+    krb5_kx_context *c = (krb5_kx_context *)kc->data;
+    krb5_context context = c->context;
+    krb5_auth_context auth_context = NULL;
+    krb5_error_code ret;
+    krb5_principal server;
+    const char *host = kc->host;
+
+    ret = krb5_sname_to_principal (context,
+				   host, "host", KRB5_NT_SRV_HST, &server);
+    if (ret) {
+	warnx ("krb5_sname_to_principal: %s: %s", host,
+	       krb5_get_err_text(context, ret));
+	return 1;
+    }
+
+    ret = krb5_sendauth (context,
+			 &auth_context,
+			 &s,
+			 KX_VERSION,
+			 NULL,
+			 server,
+			 AP_OPTS_MUTUAL_REQUIRED,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL);
+    if (ret) {
+	warnx ("krb5_sendauth: %s: %s", host,
+	       krb5_get_err_text(context, ret));
+	return 1;
+    }
+
+    ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
+    if (ret) {
+	warnx ("krb5_auth_con_getkey: %s: %s", host,
+	       krb5_get_err_text(context, ret));
+	krb5_auth_con_free (context, auth_context);
+	return 1;
+    }
+    
+    ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
+    if (ret) {
+	warnx ("krb5_crypto_init: %s", krb5_get_err_text (context, ret));
+	krb5_auth_con_free (context, auth_context);
+	return 1;
+    }
+    return 0;
+}
+
+/*
+ * Read an encapsulated krb5 packet from `fd' into `buf' (of size
+ * `len').  Return the number of bytes read or 0 on EOF or -1 on
+ * error.
+ */
+
+static ssize_t
+krb5_read (kx_context *kc,
+	   int fd, void *buf, size_t len)
+{
+    krb5_kx_context *c = (krb5_kx_context *)kc->data;
+    krb5_context context = c->context;
+    size_t data_len, outer_len;
+    krb5_error_code ret;
+    unsigned char tmp[4];
+    krb5_data data;
+    int l;
+
+    l = krb5_net_read (context, &fd, tmp, 4);
+    if (l == 0)
+	return l;
+    if (l != 4)
+	return -1;
+    data_len  = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+    outer_len = krb5_get_wrapped_length (context, c->crypto, data_len);
+    if (outer_len > len)
+	return -1;
+    if (krb5_net_read (context, &fd, buf, outer_len) != outer_len)
+	return -1;
+
+    ret = krb5_decrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
+			buf, outer_len, &data);
+    if (ret) {
+	warnx ("krb5_decrypt: %s", krb5_get_err_text(context, ret));
+	return -1;
+    }
+    if (data_len > data.length) {
+	krb5_data_free (&data);
+	return -1;
+    }
+    memmove (buf, data.data, data_len);
+    krb5_data_free (&data);
+    return data_len;
+}
+
+/*
+ * Write an encapsulated krb5 packet on `fd' with the data in `buf,
+ * len'.  Return len or -1 on error.
+ */
+
+static ssize_t
+krb5_write(kx_context *kc,
+	   int fd, const void *buf, size_t len)
+{
+    krb5_kx_context *c = (krb5_kx_context *)kc->data;
+    krb5_context context = c->context;
+    krb5_data data;
+    krb5_error_code ret;
+    unsigned char tmp[4];
+    size_t outlen;
+
+    ret = krb5_encrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
+			(void *)buf, len, &data);
+    if (ret){
+	warnx ("krb5_write: %s", krb5_get_err_text (context, ret));
+	return -1;
+    }
+
+    outlen = data.length;
+    tmp[0] = (len >> 24) & 0xFF;
+    tmp[1] = (len >> 16) & 0xFF;
+    tmp[2] = (len >>  8) & 0xFF;
+    tmp[3] = (len >>  0) & 0xFF;
+
+    if (krb5_net_write (context, &fd, tmp, 4) != 4 ||
+	krb5_net_write (context, &fd, data.data, outlen) != outlen) {
+	krb5_data_free (&data);
+	return -1;
+    }
+    krb5_data_free (&data);
+    return len;
+}
+
+/*
+ * Copy from the unix socket `from_fd' encrypting to `to_fd'.
+ * Return 0, -1 or len.
+ */
+
+static int
+copy_out (kx_context *kc, int from_fd, int to_fd)
+{
+    char buf[32768];
+    ssize_t len;
+
+    len = read (from_fd, buf, sizeof(buf));
+    if (len == 0)
+	return 0;
+    if (len < 0) {
+	warn ("read");
+	return len;
+    }
+    return krb5_write (kc, to_fd, buf, len);
+}
+	
+/*
+ * Copy from the socket `from_fd' decrypting to `to_fd'.
+ * Return 0, -1 or len.
+ */
+
+static int
+copy_in (kx_context *kc, int from_fd, int to_fd)
+{
+    krb5_kx_context *c = (krb5_kx_context *)kc->data;
+    char buf[33000];		/* XXX */
+
+    ssize_t len;
+
+    len = krb5_read (kc, from_fd, buf, sizeof(buf));
+    if (len == 0)
+	return 0;
+    if (len < 0) {
+	warn ("krb5_read");
+	return len;
+    }
+
+    return krb5_net_write (c->context, &to_fd, buf, len);
+}
+
+/*
+ * Copy data between `fd1' and `fd2', encrypting in one direction and
+ * decrypting in the other.
+ */
+
+static int
+krb5_copy_encrypted (kx_context *kc, int fd1, int fd2)
+{
+    for (;;) {
+	fd_set fdset;
+	int ret;
+
+	if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
+	    warnx ("fd too large");
+	    return 1;
+	}
+
+	FD_ZERO(&fdset);
+	FD_SET(fd1, &fdset);
+	FD_SET(fd2, &fdset);
+
+	ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
+	if (ret < 0 && errno != EINTR) {
+	    warn ("select");
+	    return 1;
+	}
+	if (FD_ISSET(fd1, &fdset)) {
+	    ret = copy_out (kc, fd1, fd2);
+	    if (ret <= 0)
+		return ret;
+	}
+	if (FD_ISSET(fd2, &fdset)) {
+	    ret = copy_in (kc, fd2, fd1);
+	    if (ret <= 0)
+		return ret;
+	}
+    }
+}
+
+/*
+ * Return 0 if the user authenticated on `kc' is allowed to login as
+ * `user'.
+ */
+
+static int
+krb5_userok (kx_context *kc, char *user)
+{
+    krb5_kx_context *c = (krb5_kx_context *)kc->data;
+    krb5_context context = c->context;
+    krb5_error_code ret;
+    char *tmp;
+
+    ret = krb5_unparse_name (context, c->client, &tmp);
+    if (ret)
+	krb5_err (context, 1, ret, "krb5_unparse_name");
+    kc->user = tmp;
+
+    return !krb5_kuserok (context, c->client, user);
+}
+
+/*
+ * Create an instance of an krb5 context.
+ */
+
+void
+krb5_make_context (kx_context *kc)
+{
+    krb5_kx_context *c;
+    krb5_error_code ret;
+
+    kc->authenticate	= krb5_authenticate;
+    kc->userok		= krb5_userok;
+    kc->read		= krb5_read;
+    kc->write		= krb5_write;
+    kc->copy_encrypted	= krb5_copy_encrypted;
+    kc->destroy		= krb5_destroy;
+    kc->user		= NULL;
+    kc->data		= malloc(sizeof(krb5_kx_context));
+
+    if (kc->data == NULL)
+	err (1, "malloc");
+    memset (kc->data, 0, sizeof(krb5_kx_context));
+    c = (krb5_kx_context *)kc->data;
+    ret = krb5_init_context (&c->context);
+    if (ret)
+	errx (1, "krb5_init_context failed: %d", ret);
+}
+
+/*
+ * Receive authentication information on `sock' (first four bytes
+ * in `buf').
+ */
+
+int
+recv_v5_auth (kx_context *kc, int sock, u_char *buf)
+{
+    u_int32_t len;
+    krb5_error_code ret;
+    krb5_kx_context *c;
+    krb5_context context;
+    krb5_principal server;
+    krb5_auth_context auth_context = NULL;
+    krb5_ticket *ticket;
+
+    if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
+	return 1;
+    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
+    if (net_read(sock, buf, len) != len) {
+	syslog (LOG_ERR, "read: %m");
+	exit (1);
+    }
+    if (len != sizeof(KRB5_SENDAUTH_VERSION)
+	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) {
+	syslog (LOG_ERR, "bad sendauth version: %.8s", buf);
+	exit (1);
+    }
+
+    krb5_make_context (kc);
+    c = (krb5_kx_context *)kc->data;
+    context = c->context;
+
+    ret = krb5_sock_to_principal (context, sock, "host",
+				  KRB5_NT_SRV_HST, &server);
+    if (ret) {
+	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
+		krb5_get_err_text (context, ret));
+	exit (1);
+    }
+
+    ret = krb5_recvauth (context,
+			 &auth_context,
+			 &sock,
+			 KX_VERSION,
+			 server,
+			 KRB5_RECVAUTH_IGNORE_VERSION,
+			 NULL,
+			 &ticket);
+    krb5_free_principal (context, server);
+    if (ret) {
+	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
+		krb5_get_err_text (context, ret));
+	exit (1);
+    }
+
+    ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
+    if (ret) {
+	syslog (LOG_ERR, "krb5_auth_con_getkey: %s",
+		krb5_get_err_text (context, ret));
+	exit (1);
+    }
+
+    ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
+    if (ret) {
+	syslog (LOG_ERR, "krb5_crypto_init: %s",
+		krb5_get_err_text (context, ret));
+	exit (1);
+    }
+
+    c->client = ticket->client;
+    ticket->client = NULL;
+    krb5_free_ticket (context, ticket);
+
+    return 0;
+}
+
+#endif /* KRB5 */
diff --git a/crypto/heimdal/appl/kx/kx.1 b/crypto/heimdal/appl/kx/kx.1
new file mode 100644
index 0000000..fe621d8
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.1
@@ -0,0 +1,62 @@
+.\" $Id: kx.1,v 1.7 1997/09/01 15:59:07 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt KX 1
+.Os KTH-KRB
+.Sh NAME
+.Nm kx
+.Nd
+securely forward X conections
+.Sh SYNOPSIS
+.Ar kx
+.Op Fl l Ar username
+.Op Fl k
+.Op Fl d
+.Op Fl t
+.Op Fl p Ar port
+.Op Fl P
+.Ar host
+.Sh DESCRIPTION
+The
+.Nm
+program forwards a X connection from a remote client to a local screen
+through an authenticated and encrypted stream.  Options supported by
+.Nm kx :
+.Bl -tag -width Ds
+.It Fl l
+Log in on remote the host as user
+.Ar username .
+.It Fl k
+Do not enable keep-alives on the TCP connections.
+.It Fl d
+Do not fork. This is mainly useful for debugging.
+.It Fl t
+Listen not only on a UNIX-domain socket but on a TCP socket as well.
+.It Fl p
+Use the port
+.Ar port .
+.It Fl P
+Force passive mode.
+.El
+.Pp
+This program is used by
+.Nm rxtelnet
+and
+.Nm rxterm
+and you should not need to run it directly.
+.Pp
+It connects to a
+.Nm kxd
+on the host
+.Ar host
+and then will relay the traffic from the remote X clients to the local
+server.  When started, it prints the display and Xauthority-file to be
+used on host
+.Ar host
+and then goes to the background, waiting for connections from the
+remote
+.Nm kxd.
+.Sh SEE ALSO
+.Xr rxtelnet 1 ,
+.Xr rxterm 1 ,
+.Xr kxd 8
diff --git a/crypto/heimdal/appl/kx/kx.c b/crypto/heimdal/appl/kx/kx.c
new file mode 100644
index 0000000..63e1595
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.c
@@ -0,0 +1,765 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: kx.c,v 1.68 2001/02/20 01:44:45 assar Exp $");
+
+static int nchild;
+static int donep;
+
+/*
+ * Signal handler that justs waits for the children when they die.
+ */
+
+static RETSIGTYPE
+childhandler (int sig)
+{
+     pid_t pid;
+     int status;
+
+     do { 
+	 pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
+	 if (pid > 0 && (WIFEXITED(status) || WIFSIGNALED(status)))
+	     if (--nchild == 0 && donep)
+		 exit (0);
+     } while(pid > 0);
+     signal (SIGCHLD, childhandler);
+     SIGRETURN(0);
+}
+
+/*
+ * Handler for SIGUSR1.
+ * This signal means that we should wait until there are no children
+ * left and then exit.
+ */
+
+static RETSIGTYPE
+usr1handler (int sig)
+{
+    donep = 1;
+
+    SIGRETURN(0);
+}
+
+/*
+ * Almost the same as for SIGUSR1, except we should exit immediately
+ * if there are no active children.
+ */
+
+static RETSIGTYPE
+usr2handler (int sig)
+{
+    donep = 1;
+    if (nchild == 0)
+	exit (0);
+
+    SIGRETURN(0);
+}
+
+/*
+ * Establish authenticated connection.  Return socket or -1.
+ */
+
+static int
+connect_host (kx_context *kc)
+{
+    struct addrinfo *ai, *a;
+    struct addrinfo hints;
+    int error;
+    char portstr[NI_MAXSERV];
+    socklen_t addrlen;
+    int s;
+    struct sockaddr_storage thisaddr_ss;
+    struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
+
+    memset (&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = IPPROTO_TCP;
+
+    snprintf (portstr, sizeof(portstr), "%u", ntohs(kc->port));
+
+    error = getaddrinfo (kc->host, portstr, &hints, &ai);
+    if (error) {
+	warnx ("%s: %s", kc->host, gai_strerror(error));
+	return -1;
+    }
+    
+    for (a = ai; a != NULL; a = a->ai_next) {
+	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+	if (s < 0)
+	    continue;
+	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+	    warn ("connect(%s)", kc->host);
+	    close (s);
+	    continue;
+	}
+	break;
+    }
+
+    if (a == NULL) {
+	freeaddrinfo (ai);
+	return -1;
+    }
+
+    addrlen = a->ai_addrlen;
+    if (getsockname (s, thisaddr, &addrlen) < 0 ||
+	addrlen != a->ai_addrlen)
+	err(1, "getsockname(%s)", kc->host);
+    memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr));
+    memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr));
+    freeaddrinfo (ai);
+    if ((*kc->authenticate)(kc, s))
+	return -1;
+    return s;
+}
+
+/*
+ * Get rid of the cookie that we were sent and get the correct one
+ * from our own cookie file instead and then just copy data in both
+ * directions.
+ */
+
+static int
+passive_session (int xserver, int fd, kx_context *kc)
+{
+    if (replace_cookie (xserver, fd, XauFileName(), 1))
+	return 1;
+    else
+	return copy_encrypted (kc, xserver, fd);
+}
+
+static int
+active_session (int xserver, int fd, kx_context *kc)
+{
+    if (verify_and_remove_cookies (xserver, fd, 1))
+	return 1;
+    else
+	return copy_encrypted (kc, xserver, fd);
+}
+
+/*
+ * fork (unless debugp) and print the output that will be used by the
+ * script to capture the display, xauth cookie and pid.
+ */
+
+static void
+status_output (int debugp)
+{
+    if(debugp)
+	printf ("%u\t%s\t%s\n", (unsigned)getpid(), display, xauthfile);
+    else {
+	pid_t pid;
+	
+	pid = fork();
+	if (pid < 0) {
+	    err(1, "fork");
+	} else if (pid > 0) {
+	    printf ("%u\t%s\t%s\n", (unsigned)pid, display, xauthfile);
+	    exit (0);
+	} else {
+	    fclose(stdout);
+	}
+    }
+}
+
+/*
+ * Obtain an authenticated connection on `kc'.  Send a kx message
+ * saying we are `kc->user' and want to use passive mode.  Wait for
+ * answer on that connection and fork of a child for every new
+ * connection we have to make.
+ */
+
+static int
+doit_passive (kx_context *kc)
+{
+     int otherside;
+     u_char msg[1024], *p;
+     int len;
+     u_int32_t tmp;
+     const char *host = kc->host;
+
+     otherside = connect_host (kc);
+
+     if (otherside < 0)
+	 return 1;
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+     if (kc->keepalive_flag) {
+	 int one = 1;
+
+	 setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+		     sizeof(one));
+     }
+#endif
+
+     p = msg;
+     *p++ = INIT;
+     len = strlen(kc->user);
+     p += KRB_PUT_INT (len, p, sizeof(msg) - 1, 4);
+     memcpy(p, kc->user, len);
+     p += len;
+     *p++ = PASSIVE | (kc->keepalive_flag ? KEEP_ALIVE : 0);
+     if (kx_write (kc, otherside, msg, p - msg) != p - msg)
+	 err (1, "write to %s", host);
+     len = kx_read (kc, otherside, msg, sizeof(msg));
+     if (len <= 0)
+	 errx (1,
+	       "error reading initial message from %s: "
+	       "this probably means it's using an old version.",
+	       host);
+     p = (u_char *)msg;
+     if (*p == ERROR) {
+	 p++;
+	 p += krb_get_int (p, &tmp, 4, 0);
+	 errx (1, "%s: %.*s", host, (int)tmp, p);
+     } else if (*p != ACK) {
+	 errx (1, "%s: strange msg %d", host, *p);
+     } else
+	 p++;
+     p += krb_get_int (p, &tmp, 4, 0);
+     memcpy(display, p, tmp);
+     display[tmp] = '\0';
+     p += tmp;
+
+     p += krb_get_int (p, &tmp, 4, 0);
+     memcpy(xauthfile, p, tmp);
+     xauthfile[tmp] = '\0';
+     p += tmp;
+
+     status_output (kc->debug_flag);
+     for (;;) {
+	 pid_t child;
+
+	 len = kx_read (kc, otherside, msg, sizeof(msg));
+	 if (len < 0)
+	     err (1, "read from %s", host);
+	 else if (len == 0)
+	     return 0;
+
+	 p = (u_char *)msg;
+	 if (*p == ERROR) {
+	     p++;
+	     p += krb_get_int (p, &tmp, 4, 0);
+	     errx (1, "%s: %.*s", host, (int)tmp, p);
+	 } else if(*p != NEW_CONN) {
+	     errx (1, "%s: strange msg %d", host, *p);
+	 } else {
+	     p++;
+	     p += krb_get_int (p, &tmp, 4, 0);
+	 }
+	 
+	 ++nchild;
+	 child = fork ();
+	 if (child < 0) {
+	     warn("fork");
+	     continue;
+	 } else if (child == 0) {
+	     struct sockaddr_in addr;
+	     int fd;
+	     int xserver;
+
+	     addr = kc->thataddr;
+	     close (otherside);
+
+	     addr.sin_port = htons(tmp);
+	     fd = socket (AF_INET, SOCK_STREAM, 0);
+	     if (fd < 0)
+		 err(1, "socket");
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+	     {
+		 int one = 1;
+
+		 setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+			     sizeof(one));
+	     }
+#endif
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+	     if (kc->keepalive_flag) {
+		 int one = 1;
+
+		 setsockopt (fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+			     sizeof(one));
+	     }
+#endif
+
+	     if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+		 err(1, "connect(%s)", host);
+	     {
+		 int d = 0;
+		 char *s;
+
+		 s = getenv ("DISPLAY");
+		 if (s != NULL) {
+		     s = strchr (s, ':');
+		     if (s != NULL)
+			 d = atoi (s + 1);
+		 }
+
+		 xserver = connect_local_xsocket (d);
+		 if (xserver < 0)
+		     return 1;
+	     }
+	     return passive_session (xserver, fd, kc);
+	 } else {
+	 }
+     }
+}
+
+/*
+ * Allocate a local pseudo-xserver and wait for connections 
+ */
+
+static int
+doit_active (kx_context *kc)
+{
+    int otherside;
+    int nsockets;
+    struct x_socket *sockets;
+    u_char msg[1024], *p;
+    int len = strlen(kc->user);
+    int tmp, tmp2;
+    char *s;
+    int i;
+    size_t rem;
+    u_int32_t other_port;
+    int error;
+    const char *host = kc->host;
+
+    otherside = connect_host (kc);
+    if (otherside < 0)
+	return 1;
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+    if (kc->keepalive_flag) {
+	int one = 1;
+
+	setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+		    sizeof(one));
+    }
+#endif
+    p = msg;
+    rem = sizeof(msg);
+    *p++ = INIT;
+    --rem;
+    len = strlen(kc->user);
+    tmp = KRB_PUT_INT (len, p, rem, 4);
+    if (tmp < 0)
+	return 1;
+    p += tmp;
+    rem -= tmp;
+    memcpy(p, kc->user, len);
+    p += len;
+    rem -= len;
+    *p++ = (kc->keepalive_flag ? KEEP_ALIVE : 0);
+    --rem;
+
+    s = getenv("DISPLAY");
+    if (s == NULL || (s = strchr(s, ':')) == NULL) 
+	s = ":0";
+    len = strlen (s);
+    tmp = KRB_PUT_INT (len, p, rem, 4);
+    if (tmp < 0)
+	return 1;
+    rem -= tmp;
+    p += tmp;
+    memcpy (p, s, len);
+    p += len;
+    rem -= len;
+
+    s = getenv("XAUTHORITY");
+    if (s == NULL)
+	s = "";
+    len = strlen (s);
+    tmp = KRB_PUT_INT (len, p, rem, 4);
+    if (tmp < 0)
+	return 1;
+    p += len;
+    rem -= len;
+    memcpy (p, s, len);
+    p += len;
+    rem -= len;
+
+    if (kx_write (kc, otherside, msg, p - msg) != p - msg)
+	err (1, "write to %s", host);
+
+    len = kx_read (kc, otherside, msg, sizeof(msg));
+    if (len < 0)
+	err (1, "read from %s", host);
+    p = (u_char *)msg;
+    if (*p == ERROR) {
+	u_int32_t u32;
+
+	p++;
+	p += krb_get_int (p, &u32, 4, 0);
+	errx (1, "%s: %.*s", host, (int)u32, p);
+    } else if (*p != ACK) {
+	errx (1, "%s: strange msg %d", host, *p);
+    } else
+	p++;
+
+    tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag);
+    if (tmp2 < 0)
+	return 1;
+    display_num = tmp2;
+    if (kc->tcp_flag)
+	snprintf (display, display_size, "localhost:%u", display_num);
+    else
+	snprintf (display, display_size, ":%u", display_num);
+    error = create_and_write_cookie (xauthfile, xauthfile_size,
+				     cookie, cookie_len);
+    if (error) {
+	warnx ("failed creating cookie file: %s", strerror(error));
+	return 1;
+    }
+    status_output (kc->debug_flag);
+    for (;;) {
+	fd_set fdset;
+	pid_t child;
+	int fd, thisfd = -1;
+	socklen_t zero = 0;
+
+	FD_ZERO(&fdset);
+	for (i = 0; i < nsockets; ++i) {
+	    if (sockets[i].fd >= FD_SETSIZE) 
+		errx (1, "fd too large");
+	    FD_SET(sockets[i].fd, &fdset);
+	}
+	if (select(FD_SETSIZE, &fdset, NULL, NULL, NULL) <= 0)
+	    continue;
+	for (i = 0; i < nsockets; ++i)
+	    if (FD_ISSET(sockets[i].fd, &fdset)) {
+		thisfd = sockets[i].fd;
+		break;
+	    }
+	fd = accept (thisfd, NULL, &zero);
+	if (fd < 0) {
+	    if (errno == EINTR)
+		continue;
+	    else
+		err(1, "accept");
+	}
+
+	p = msg;
+	*p++ = NEW_CONN;
+	if (kx_write (kc, otherside, msg, p - msg) != p - msg)
+	    err (1, "write to %s", host);
+	len = kx_read (kc, otherside, msg, sizeof(msg));
+	if (len < 0)
+	    err (1, "read from %s", host);
+	p = (u_char *)msg;
+	if (*p == ERROR) {
+	    u_int32_t val;
+
+	    p++;
+	    p += krb_get_int (p, &val, 4, 0);
+	    errx (1, "%s: %.*s", host, (int)val, p);
+	} else if (*p != NEW_CONN) {
+	    errx (1, "%s: strange msg %d", host, *p);
+	} else {
+	    p++;
+	    p += krb_get_int (p, &other_port, 4, 0);
+	}
+
+	++nchild;
+	child = fork ();
+	if (child < 0) {
+	    warn("fork");
+	    continue;
+	} else if (child == 0) {
+	    int s;
+	    struct sockaddr_in addr;
+
+	    for (i = 0; i < nsockets; ++i)
+		close (sockets[i].fd);
+
+	    addr = kc->thataddr;
+	    close (otherside);
+
+	    addr.sin_port = htons(other_port);
+	    s = socket (AF_INET, SOCK_STREAM, 0);
+	    if (s < 0)
+		err(1, "socket");
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+	    {
+		int one = 1;
+
+		setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+			    sizeof(one));
+	    }
+#endif
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+	    if (kc->keepalive_flag) {
+		int one = 1;
+
+		setsockopt (s, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+			    sizeof(one));
+	    }
+#endif
+
+	    if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+		err(1, "connect");
+
+	    return active_session (fd, s, kc);
+	} else {
+	    close (fd);
+	}
+    }
+}
+
+/*
+ * Should we interpret `disp' as this being a passive call?
+ */
+
+static int
+check_for_passive (const char *disp)
+{
+    char local_hostname[MaxHostNameLen];
+
+    gethostname (local_hostname, sizeof(local_hostname));
+
+    return disp != NULL &&
+	(*disp == ':'
+	 || strncmp(disp, "unix", 4) == 0
+	 || strncmp(disp, "localhost", 9) == 0
+	 || strncmp(disp, local_hostname, strlen(local_hostname)) == 0);
+}
+
+/*
+ * Set up signal handlers and then call the functions.
+ */
+
+static int
+doit (kx_context *kc, int passive_flag)
+{
+    signal (SIGCHLD, childhandler);
+    signal (SIGUSR1, usr1handler);
+    signal (SIGUSR2, usr2handler);
+    if (passive_flag)
+	return doit_passive (kc);
+    else
+	return doit_active  (kc);
+}
+
+#ifdef KRB4
+
+/*
+ * Start a v4-authenticatated kx connection.
+ */
+
+static int
+doit_v4 (const char *host, int port, const char *user, 
+	 int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
+{
+    int ret;
+    kx_context context;
+
+    krb4_make_context (&context);
+    context_set (&context,
+		 host, user, port, debug_flag, keepalive_flag, tcp_flag);
+
+    ret = doit (&context, passive_flag);
+    context_destroy (&context);
+    return ret;
+}
+#endif /* KRB4 */
+
+#ifdef KRB5
+
+/*
+ * Start a v5-authenticatated kx connection.
+ */
+
+static int
+doit_v5 (const char *host, int port, const char *user,
+	 int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
+{
+    int ret;
+    kx_context context;
+
+    krb5_make_context (&context);
+    context_set (&context,
+		 host, user, port, debug_flag, keepalive_flag, tcp_flag);
+
+    ret = doit (&context, passive_flag);
+    context_destroy (&context);
+    return ret;
+}
+#endif /* KRB5 */
+
+/*
+ * Variables set from the arguments
+ */
+
+#ifdef KRB4
+static int use_v4		= -1;
+#ifdef HAVE_KRB_ENABLE_DEBUG
+static int krb_debug_flag	= 0;
+#endif /* HAVE_KRB_ENABLE_DEBUG */
+#endif /* KRB4 */
+#ifdef KRB5
+static int use_v5		= -1;
+#endif
+static char *port_str		= NULL;
+static const char *user		= NULL;
+static int tcp_flag		= 0;
+static int passive_flag		= 0;
+static int keepalive_flag	= 1;
+static int debug_flag		= 0;
+static int version_flag		= 0;
+static int help_flag		= 0;
+
+struct getargs args[] = {
+#ifdef KRB4
+    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
+      NULL },
+#ifdef HAVE_KRB_ENABLE_DEBUG
+    { "krb4-debug", 'D', arg_flag,	&krb_debug_flag,
+      "enable krb4 debugging" },
+#endif /* HAVE_KRB_ENABLE_DEBUG */
+#endif /* KRB4 */
+#ifdef KRB5
+    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
+      NULL },
+#endif
+    { "port",	'p', arg_string,	&port_str,	"Use this port",
+      "number-of-service" },
+    { "user",	'l', arg_string,	&user,		"Run as this user",
+      NULL },
+    { "tcp",	't', arg_flag,		&tcp_flag,
+      "Use a TCP connection for X11" },
+    { "passive", 'P', arg_flag,		&passive_flag,
+      "Force a passive connection" },
+    { "keepalive", 'k', arg_negative_flag, &keepalive_flag,
+      "disable keep-alives" },
+    { "debug",	'd',	arg_flag,	&debug_flag,
+      "Enable debug information" },
+    { "version", 0,  arg_flag,		&version_flag,	"Print version",
+      NULL },
+    { "help",	 0,  arg_flag,		&help_flag,	NULL,
+      NULL }
+};
+
+static void
+usage(int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "host");
+    exit (ret);
+}
+
+/*
+ * kx - forward an x-connection over a kerberos-encrypted channel.
+ */
+
+int
+main(int argc, char **argv)
+{
+    int port	= 0;
+    int optind	= 0;
+    int ret	= 1;
+    char *host	= NULL;
+
+    setprogname (argv[0]);
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		&optind))
+	usage (1);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag) {
+	print_version (NULL);
+	return 0;
+    }
+
+    if (optind != argc - 1)
+	usage (1);
+
+    host = argv[optind];
+
+    if (port_str) {
+	struct servent *s = roken_getservbyname (port_str, "tcp");
+
+	if (s)
+	    port = s->s_port;
+	else {
+	    char *ptr;
+
+	    port = strtol (port_str, &ptr, 10);
+	    if (port == 0 && ptr == port_str)
+		errx (1, "Bad port `%s'", port_str);
+	    port = htons(port);
+	}
+    }
+
+    if (user == NULL) {
+	user = get_default_username ();
+	if (user == NULL)
+	    errx (1, "who are you?");
+    }
+
+    if (!passive_flag)
+	passive_flag = check_for_passive (getenv("DISPLAY"));
+
+#if defined(HAVE_KERNEL_ENABLE_DEBUG)
+    if (krb_debug_flag)
+	krb_enable_debug ();
+#endif
+
+#if defined(KRB4) && defined(KRB5)
+    if(use_v4 == -1 && use_v5 == 1)
+	use_v4 = 0;
+    if(use_v5 == -1 && use_v4 == 1)
+	use_v5 = 0;
+#endif    
+
+#ifdef KRB5
+    if (ret && use_v5) {
+	if (port == 0)
+	    port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
+	ret = doit_v5 (host, port, user,
+		       passive_flag, debug_flag, keepalive_flag, tcp_flag);
+    }
+#endif
+#ifdef KRB4
+    if (ret && use_v4) {
+	if (port == 0)
+	    port = k_getportbyname("kx", "tcp", htons(KX_PORT));
+	ret = doit_v4 (host, port, user, 
+		       passive_flag, debug_flag, keepalive_flag, tcp_flag);
+    }
+#endif
+    return ret;
+}
diff --git a/crypto/heimdal/appl/kx/kx.cat1 b/crypto/heimdal/appl/kx/kx.cat1
new file mode 100644
index 0000000..ce22926
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.cat1
@@ -0,0 +1,39 @@
+
+KX(1)                        UNIX Reference Manual                       KX(1)
+
+NNAAMMEE
+     kkxx - securely forward X conections
+
+SSYYNNOOPPSSIISS
+     _k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t
+
+DDEESSCCRRIIPPTTIIOONN
+     The kkxx program forwards a X connection from a remote client to a local
+     screen through an authenticated and encrypted stream.  Options supported
+     by kkxx:
+
+     --ll      Log in on remote the host as user _u_s_e_r_n_a_m_e.
+
+     --kk      Do not enable keep-alives on the TCP connections.
+
+     --dd      Do not fork. This is mainly useful for debugging.
+
+     --tt      Listen not only on a UNIX-domain socket but on a TCP socket as
+             well.
+
+     --pp      Use the port _p_o_r_t.
+
+     --PP      Force passive mode.
+
+     This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to
+     run it directly.
+
+     It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic
+     from the remote X clients to the local server.  When started, it prints
+     the display and Xauthority-file to be used on host _h_o_s_t and then goes to
+     the background, waiting for connections from the remote kkxxdd..
+
+SSEEEE AALLSSOO
+     rxtelnet(1),  rxterm(1),  kxd(8)
+
+ KTH-KRB                      September 27, 1996                             1
diff --git a/crypto/heimdal/appl/kx/kx.h b/crypto/heimdal/appl/kx/kx.h
new file mode 100644
index 0000000..fdda414
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kx.h
@@ -0,0 +1,259 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kx.h,v 1.38 2000/02/06 05:52:03 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+#include <X11/X.h>
+#include <X11/Xlib.h>
+#include <X11/Xauth.h>
+
+#ifdef HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif
+
+/* as far as we know, this is only used with later versions of Slowlaris */
+#if SunOS >= 50 && defined(HAVE_SYS_STROPTS_H) && defined(HAVE_FATTACH) && defined(I_PUSH)
+#define MAY_HAVE_X11_PIPES
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#ifdef KRB4
+#include <krb.h>
+#include <prot.h>
+#endif
+#ifdef KRB5
+#include <krb5.h>
+#endif
+
+#include <err.h>
+#include <getarg.h>
+#include <roken.h>
+
+struct x_socket {
+    char *pathname;
+    int fd;
+    enum {
+	LISTENP     = 0x80,
+	TCP         = LISTENP | 1,
+	UNIX_SOCKET = LISTENP | 2,
+	STREAM_PIPE = 3
+    } flags;
+};
+
+extern char x_socket[];
+extern u_int32_t display_num;
+extern char display[];
+extern int display_size;
+extern char xauthfile[];
+extern int xauthfile_size;
+extern u_char cookie[];
+extern size_t cookie_len;
+
+int get_xsockets (int *number, struct x_socket **sockets, int tcpp);
+int chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid);
+
+int connect_local_xsocket (unsigned dnr);
+int create_and_write_cookie (char *xauthfile,
+			     size_t size,
+			     u_char *cookie,
+			     size_t sz);
+int verify_and_remove_cookies (int fd, int sock, int cookiesp);
+int replace_cookie(int xserver, int fd, char *filename, int cookiesp);
+
+int suspicious_address (int sock, struct sockaddr_in addr);
+
+#define KX_PORT 2111
+
+#define KX_OLD_VERSION "KXSERV.1"
+#define KX_VERSION "KXSERV.2"
+
+#define COOKIE_TYPE "MIT-MAGIC-COOKIE-1"
+
+enum { INIT = 0, ACK = 1, NEW_CONN = 2, ERROR = 3 };
+
+enum kx_flags { PASSIVE = 1, KEEP_ALIVE = 2 };
+
+typedef enum kx_flags kx_flags;
+
+struct kx_context {
+    int (*authenticate)(struct kx_context *kc, int s);
+    int (*userok)(struct kx_context *kc, char *user);
+    ssize_t (*read)(struct kx_context *kc,
+		    int fd, void *buf, size_t len);
+    ssize_t (*write)(struct kx_context *kc,
+		     int fd, const void *buf, size_t len);
+    int (*copy_encrypted)(struct kx_context *kc,
+			  int fd1, int fd2);
+    void (*destroy)(struct kx_context *kc);
+    const char *host;
+    const char *user;
+    int port;
+    int debug_flag;
+    int keepalive_flag;
+    int tcp_flag;
+    struct sockaddr_in thisaddr, thataddr;
+    void *data;
+};
+
+typedef struct kx_context kx_context;
+
+void
+context_set (kx_context *kc, const char *host, const char *user, int port,
+	     int debug_flag, int keepalive_flag, int tcp_flag);
+
+void
+context_destroy (kx_context *kc);
+
+int
+context_authenticate (kx_context *kc, int s);
+
+int
+context_userok (kx_context *kc, char *user);
+
+ssize_t
+kx_read (kx_context *kc, int fd, void *buf, size_t len);
+
+ssize_t
+kx_write (kx_context *kc, int fd, const void *buf, size_t len);
+
+int
+copy_encrypted (kx_context *kc, int fd1, int fd2);
+
+#ifdef KRB4
+
+void
+krb4_make_context (kx_context *c);
+
+int
+recv_v4_auth (kx_context *kc, int sock, u_char *buf);
+
+#endif
+
+#ifdef KRB5
+
+void
+krb5_make_context (kx_context *c);
+
+int
+recv_v5_auth (kx_context *kc, int sock, u_char *buf);
+
+#endif
+
+void
+fatal (kx_context *kc, int fd, char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 4)))
+#endif
+;
+
+#ifndef KRB4
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb);
+
+int
+krb_put_int(u_int32_t from, void *to, size_t rem, int size);
+
+#endif
diff --git a/crypto/heimdal/appl/kx/kxd.8 b/crypto/heimdal/appl/kx/kxd.8
new file mode 100644
index 0000000..04b7db5
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kxd.8
@@ -0,0 +1,53 @@
+.\" $Id: kxd.8,v 1.5 2001/01/11 16:16:26 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt KXD 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kxd
+.Nd
+securely forward X conections
+.Sh SYNOPSIS
+.Ar kxd
+.Op Fl t
+.Op Fl i
+.Op Fl p Ar port
+.Sh DESCRIPTION
+This is the daemon for
+.Nm kx .
+.Pp
+Options supported by
+.Nm kxd :
+.Bl -tag -width Ds
+.It Fl t
+TCP.  Normally
+.Nm kxd
+will only listen for X connections on a UNIX socket, but some machines
+(for example, Cray) have X libraries that are not able to use UNIX
+sockets and thus you need to use TCP to talk to the pseudo-xserver
+created by
+.Nm kxd.
+This option decreases the security significantly and should only be
+used when it is necessary and you have considered the consequences of
+doing so.
+.It Fl i
+Interactive.  Do not expect to be started by
+.Nm inetd,
+but allocate and listen to the socket yourself.  Handy for testing
+and debugging.
+.It Fl p
+Port.  Listen on the port
+.Ar port .
+Only usable with
+.Fl i .
+.El
+.Sh EXAMPLES
+Put the following in
+.Pa /etc/inetd.conf :
+.Bd -literal
+kx	stream	tcp	nowait	root	/usr/athena/libexec/kxd	kxd
+.Ed
+.Sh SEE ALSO
+.Xr kx 1 ,
+.Xr rxtelnet 1 ,
+.Xr rxterm 1
diff --git a/crypto/heimdal/appl/kx/kxd.c b/crypto/heimdal/appl/kx/kxd.c
new file mode 100644
index 0000000..65f6165
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kxd.c
@@ -0,0 +1,754 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kx.h"
+
+RCSID("$Id: kxd.c,v 1.69 2001/02/20 01:44:45 assar Exp $");
+
+static pid_t wait_on_pid = -1;
+static int   done        = 0;
+
+/*
+ * Signal handler that justs waits for the children when they die.
+ */
+
+static RETSIGTYPE
+childhandler (int sig)
+{
+     pid_t pid;
+     int status;
+
+     do { 
+       pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
+       if (pid > 0 && pid == wait_on_pid)
+	   done = 1;
+     } while(pid > 0);
+     signal (SIGCHLD, childhandler);
+     SIGRETURN(0);
+}
+
+/*
+ * Print the error message `format' and `...' on fd and die.
+ */
+
+void
+fatal (kx_context *kc, int fd, char *format, ...)
+{
+    u_char msg[1024];
+    u_char *p;
+    va_list args;
+    int len;
+
+    va_start(args, format);
+    p = msg;
+    *p++ = ERROR;
+    vsnprintf ((char *)p + 4, sizeof(msg) - 5, format, args);
+    syslog (LOG_ERR, "%s", (char *)p + 4);
+    len = strlen ((char *)p + 4);
+    p += KRB_PUT_INT (len, p, 4, 4);
+    p += len;
+    kx_write (kc, fd, msg, p - msg);
+    va_end(args);
+    exit (1);
+}
+
+/*
+ * Remove all sockets and cookie files.
+ */
+
+static void
+cleanup(int nsockets, struct x_socket *sockets)
+{
+    int i;
+
+    if(xauthfile[0])
+	unlink(xauthfile);
+    for (i = 0; i < nsockets; ++i) {
+	if (sockets[i].pathname != NULL) {
+	    unlink (sockets[i].pathname);
+	    free (sockets[i].pathname);
+	}
+    }
+}
+
+/*
+ * Prepare to receive a connection on `sock'.
+ */
+
+static int
+recv_conn (int sock, kx_context *kc,
+	   int *dispnr, int *nsockets, struct x_socket **sockets,
+	   int tcp_flag)
+{
+     u_char msg[1024], *p;
+     char user[256];
+     socklen_t addrlen;
+     struct passwd *passwd;
+     struct sockaddr_in thisaddr, thataddr;
+     char remotehost[MaxHostNameLen];
+     char remoteaddr[INET6_ADDRSTRLEN];
+     int ret = 1;
+     int flags;
+     int len;
+     u_int32_t tmp32;
+
+     addrlen = sizeof(thisaddr);
+     if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thisaddr)) {
+	 syslog (LOG_ERR, "getsockname: %m");
+	 exit (1);
+     }
+     addrlen = sizeof(thataddr);
+     if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thataddr)) {
+	 syslog (LOG_ERR, "getpeername: %m");
+	 exit (1);
+     }
+
+     kc->thisaddr = thisaddr;
+     kc->thataddr = thataddr;
+
+     getnameinfo_verified ((struct sockaddr *)&thataddr, addrlen,
+			   remotehost, sizeof(remotehost),
+			   NULL, 0, 0);
+
+     if (net_read (sock, msg, 4) != 4) {
+	 syslog (LOG_ERR, "read: %m");
+	 exit (1);
+     }
+
+#ifdef KRB5
+     if (ret && recv_v5_auth (kc, sock, msg) == 0)
+	 ret = 0;
+#endif
+#ifdef KRB4
+     if (ret && recv_v4_auth (kc, sock, msg) == 0)
+	 ret = 0;
+#endif
+     if (ret) {
+	 syslog (LOG_ERR, "unrecognized auth protocol: %x %x %x %x",
+		 msg[0], msg[1], msg[2], msg[3]);
+	 exit (1);
+     }
+
+     len = kx_read (kc, sock, msg, sizeof(msg));
+     if (len < 0) {
+	 syslog (LOG_ERR, "kx_read failed");
+	 exit (1);
+     }
+     p = (u_char *)msg;
+     if (*p != INIT)
+	 fatal(kc, sock, "Bad message");
+     p++;
+     p += krb_get_int (p, &tmp32, 4, 0);
+     len = min(sizeof(user), tmp32);
+     memcpy (user, p, len);
+     p += tmp32;
+     user[len] = '\0';
+
+     passwd = k_getpwnam (user);
+     if (passwd == NULL)
+	 fatal (kc, sock, "cannot find uid for %s", user);
+
+     if (context_userok (kc, user) != 0)
+	 fatal (kc, sock, "%s not allowed to login as %s",
+		kc->user, user);
+
+     flags = *p++;
+
+     if (flags & PASSIVE) {
+	 pid_t pid;
+	 int tmp;
+
+	 tmp = get_xsockets (nsockets, sockets, tcp_flag);
+	 if (tmp < 0) {
+	     fatal (kc, sock, "Cannot create X socket(s): %s",
+		    strerror(errno));
+	 }
+	 *dispnr = tmp;
+
+	 if (chown_xsockets (*nsockets, *sockets,
+			    passwd->pw_uid, passwd->pw_gid)) {
+	     cleanup (*nsockets, *sockets);
+	     fatal (kc, sock, "Cannot chown sockets: %s",
+		    strerror(errno));
+	 }
+
+	 pid = fork();
+	 if (pid == -1) {
+	     cleanup (*nsockets, *sockets);
+	     fatal (kc, sock, "fork: %s", strerror(errno));
+	 } else if (pid != 0) {
+	     wait_on_pid = pid;
+	     while (!done)
+		 pause ();
+	     cleanup (*nsockets, *sockets);
+	     exit (0);
+	 }
+     }
+
+     if (setgid (passwd->pw_gid) ||
+	 initgroups(passwd->pw_name, passwd->pw_gid) ||
+#ifdef HAVE_GETUDBNAM /* XXX this happens on crays */
+	 setjob(passwd->pw_uid, 0) == -1 ||
+#endif
+	 setuid(passwd->pw_uid)) {
+	 syslog(LOG_ERR, "setting uid/groups: %m");
+	 fatal (kc, sock, "cannot set uid");
+     }
+     inet_ntop (thataddr.sin_family,
+		&thataddr.sin_addr, remoteaddr, sizeof(remoteaddr));
+
+     syslog (LOG_INFO, "from %s(%s): %s -> %s",
+	     remotehost, remoteaddr,
+	     kc->user, user);
+     umask(077);
+     if (!(flags & PASSIVE)) {
+	 p += krb_get_int (p, &tmp32, 4, 0);
+	 len = min(tmp32, display_size);
+	 memcpy (display, p, len);
+	 display[len] = '\0';
+	 p += tmp32;
+	 p += krb_get_int (p, &tmp32, 4, 0);
+	 len = min(tmp32, xauthfile_size);
+	 memcpy (xauthfile, p, len);
+	 xauthfile[len] = '\0';
+	 p += tmp32;
+     }
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+     if (flags & KEEP_ALIVE) {
+	 int one = 1;
+
+	 setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+		     sizeof(one));
+     }
+#endif
+     return flags;
+}
+
+/*
+ *
+ */
+
+static int
+passive_session (kx_context *kc, int fd, int sock, int cookiesp)
+{
+    if (verify_and_remove_cookies (fd, sock, cookiesp))
+	return 1;
+    else
+	return copy_encrypted (kc, fd, sock);
+}
+
+/*
+ *
+ */
+
+static int
+active_session (kx_context *kc, int fd, int sock, int cookiesp)
+{
+    fd = connect_local_xsocket(0);
+
+    if (replace_cookie (fd, sock, xauthfile, cookiesp))
+	return 1;
+    else
+	return copy_encrypted (kc, fd, sock);
+}
+
+/*
+ * Handle a new connection.
+ */
+
+static int
+doit_conn (kx_context *kc,
+	   int fd, int meta_sock, int flags, int cookiesp)
+{
+    int sock, sock2;
+    struct sockaddr_in addr;
+    struct sockaddr_in thisaddr;
+    socklen_t addrlen;
+    u_char msg[1024], *p;
+
+    sock = socket (AF_INET, SOCK_STREAM, 0);
+    if (sock < 0) {
+	syslog (LOG_ERR, "socket: %m");
+	return 1;
+    }
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+    {
+	int one = 1;
+	setsockopt (sock, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one));
+    }
+#endif
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+     if (flags & KEEP_ALIVE) {
+	 int one = 1;
+
+	 setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
+		     sizeof(one));
+     }
+#endif
+    memset (&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+	syslog (LOG_ERR, "bind: %m");
+	return 1;
+    }
+    addrlen = sizeof(addr);
+    if (getsockname (sock, (struct sockaddr *)&addr, &addrlen) < 0) {
+	syslog (LOG_ERR, "getsockname: %m");
+	return 1;
+    }
+    if (listen (sock, SOMAXCONN) < 0) {
+	syslog (LOG_ERR, "listen: %m");
+	return 1;
+    }
+    p = msg;
+    *p++ = NEW_CONN;
+    p += KRB_PUT_INT (ntohs(addr.sin_port), p, 4, 4);
+
+    if (kx_write (kc, meta_sock, msg, p - msg) < 0) {
+	syslog (LOG_ERR, "write: %m");
+	return 1;
+    }
+
+    addrlen = sizeof(thisaddr);
+    sock2 = accept (sock, (struct sockaddr *)&thisaddr, &addrlen);
+    if (sock2 < 0) {
+	syslog (LOG_ERR, "accept: %m");
+	return 1;
+    }
+    close (sock);
+    close (meta_sock);
+
+    if (flags & PASSIVE)
+	return passive_session (kc, fd, sock2, cookiesp);
+    else
+	return active_session (kc, fd, sock2, cookiesp);
+}
+
+/*
+ *  Is the current user the owner of the console?
+ */
+
+static void
+check_user_console (kx_context *kc, int fd)
+{
+     struct stat sb;
+
+     if (stat ("/dev/console", &sb) < 0)
+	 fatal (kc, fd, "Cannot stat /dev/console: %s", strerror(errno));
+     if (getuid() != sb.st_uid)
+	 fatal (kc, fd, "Permission denied");
+}
+
+/* close down the new connection with a reasonable error message */
+static void
+close_connection(int fd, const char *message)
+{
+    char buf[264]; /* max message */
+    char *p;
+    int lsb = 0;
+    size_t mlen;
+
+    mlen = strlen(message);
+    if(mlen > 255)
+	mlen = 255;
+    
+    /* read first part of connection packet, to get byte order */
+    if(read(fd, buf, 6) != 6) {
+	close(fd);
+	return;
+    }
+    if(buf[0] == 0x6c)
+	lsb++;
+    p = buf;
+    *p++ = 0;				/* failed */
+    *p++ = mlen;			/* length of message */
+    p += 4;				/* skip protocol version */
+    p += 2;				/* skip additional length */
+    memcpy(p, message, mlen);		/* copy message */
+    p += mlen;
+    while((p - buf) % 4)		/* pad to multiple of 4 bytes */
+	*p++ = 0;
+	
+    /* now fill in length of additional data */
+    if(lsb) { 
+	buf[6] = (p - buf - 8) / 4;
+	buf[7] = 0;
+    }else{
+	buf[6] = 0;
+	buf[7] = (p - buf - 8) / 4;
+    }
+    write(fd, buf, p - buf);
+    close(fd);
+}
+
+
+/*
+ * Handle a passive session on `sock'
+ */
+
+static int
+doit_passive (kx_context *kc,
+	      int sock,
+	      int flags,
+	      int dispnr,
+	      int nsockets,
+	      struct x_socket *sockets,
+	      int tcp_flag)
+{
+    int tmp;
+    int len;
+    size_t rem;
+    u_char msg[1024], *p;
+    int error;
+
+    display_num = dispnr;
+    if (tcp_flag)
+	snprintf (display, display_size, "localhost:%u", display_num);
+    else
+	snprintf (display, display_size, ":%u", display_num);
+    error = create_and_write_cookie (xauthfile, xauthfile_size, 
+				     cookie, cookie_len);
+    if (error) {
+	cleanup(nsockets, sockets);
+	fatal (kc, sock, "Cookie-creation failed: %s", strerror(error));
+	return 1;
+    }
+
+    p = msg;
+    rem = sizeof(msg);
+    *p++ = ACK;
+    --rem;
+
+    len = strlen (display);
+    tmp = KRB_PUT_INT (len, p, rem, 4);
+    if (tmp < 0 || rem < len + 4) {
+	syslog (LOG_ERR, "doit: buffer too small");
+	cleanup(nsockets, sockets);
+	return 1;
+    }
+    p += tmp;
+    rem -= tmp;
+
+    memcpy (p, display, len);
+    p += len;
+    rem -= len;
+
+    len = strlen (xauthfile);
+    tmp = KRB_PUT_INT (len, p, rem, 4);
+    if (tmp < 0 || rem < len + 4) {
+	syslog (LOG_ERR, "doit: buffer too small");
+	cleanup(nsockets, sockets);
+	return 1;
+    }
+    p += tmp;
+    rem -= tmp;
+
+    memcpy (p, xauthfile, len);
+    p += len;
+    rem -= len;
+	  
+    if(kx_write (kc, sock, msg, p - msg) < 0) {
+	syslog (LOG_ERR, "write: %m");
+	cleanup(nsockets, sockets);
+	return 1;
+    }
+    for (;;) {
+	pid_t child;
+	int fd = -1;
+	fd_set fds;
+	int i;
+	int ret;
+	int cookiesp = TRUE;
+	       
+	FD_ZERO(&fds);
+	if (sock >= FD_SETSIZE) {
+	    syslog (LOG_ERR, "fd too large");
+	    cleanup(nsockets, sockets);
+	    return 1;
+	}
+
+	FD_SET(sock, &fds);
+	for (i = 0; i < nsockets; ++i) {
+	    if (sockets[i].fd >= FD_SETSIZE) {
+		syslog (LOG_ERR, "fd too large");
+		cleanup(nsockets, sockets);
+		return 1;
+	    }
+	    FD_SET(sockets[i].fd, &fds);
+	}
+	ret = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
+	if(ret <= 0)
+	    continue;
+	if(FD_ISSET(sock, &fds)){
+	    /* there are no processes left on the remote side
+	     */
+	    cleanup(nsockets, sockets);
+	    exit(0);
+	} else if(ret) {
+	    for (i = 0; i < nsockets; ++i) {
+		if (FD_ISSET(sockets[i].fd, &fds)) {
+		    if (sockets[i].flags == TCP) {
+			struct sockaddr_in peer;
+			socklen_t len = sizeof(peer);
+
+			fd = accept (sockets[i].fd,
+				     (struct sockaddr *)&peer,
+				     &len);
+			if (fd < 0 && errno != EINTR)
+			    syslog (LOG_ERR, "accept: %m");
+
+			/* XXX */
+			if (fd >= 0 && suspicious_address (fd, peer)) {
+			    close (fd);
+			    fd = -1;
+			    errno = EINTR;
+			}
+		    } else if(sockets[i].flags == UNIX_SOCKET) {
+			socklen_t zero = 0;
+
+			fd = accept (sockets[i].fd, NULL, &zero);
+
+			if (fd < 0 && errno != EINTR)
+			    syslog (LOG_ERR, "accept: %m");
+#ifdef MAY_HAVE_X11_PIPES
+		    } else if(sockets[i].flags == STREAM_PIPE) {
+			/*
+			 * this code tries to handle the
+			 * send fd-over-pipe stuff for
+			 * solaris
+			 */
+
+			struct strrecvfd strrecvfd;
+
+			ret = ioctl (sockets[i].fd,
+				     I_RECVFD, &strrecvfd);
+			if (ret < 0 && errno != EINTR) {
+			    syslog (LOG_ERR, "ioctl I_RECVFD: %m");
+			}
+
+			/* XXX */
+			if (ret == 0) {
+			    if (strrecvfd.uid != getuid()) {
+				close (strrecvfd.fd);
+				fd = -1;
+				errno = EINTR;
+			    } else {
+				fd = strrecvfd.fd;
+				cookiesp = FALSE;
+			    }
+			}
+#endif /* MAY_HAVE_X11_PIPES */
+		    } else
+			abort ();
+		    break;
+		}
+	    }
+	}
+	if (fd < 0) {
+	    if (errno == EINTR)
+		continue;
+	    else
+		return 1;
+	}
+
+	child = fork ();
+	if (child < 0) {
+	    syslog (LOG_ERR, "fork: %m");
+	    if(errno != EAGAIN)
+		return 1;
+	    close_connection(fd, strerror(errno));
+	} else if (child == 0) {
+	    for (i = 0; i < nsockets; ++i)
+		close (sockets[i].fd);
+	    return doit_conn (kc, fd, sock, flags, cookiesp);
+	} else {
+	    close (fd);
+	}
+    }
+}
+
+/*
+ * Handle an active session on `sock'
+ */
+
+static int
+doit_active (kx_context *kc,
+	     int sock,
+	     int flags,
+	     int tcp_flag)
+{
+    u_char msg[1024], *p;
+
+    check_user_console (kc, sock);
+
+    p = msg;
+    *p++ = ACK;
+	  
+    if(kx_write (kc, sock, msg, p - msg) < 0) {
+	syslog (LOG_ERR, "write: %m");
+	return 1;
+    }
+    for (;;) {
+	pid_t child;
+	int len;
+	      
+	len = kx_read (kc, sock, msg, sizeof(msg));
+	if (len < 0) {
+	    syslog (LOG_ERR, "read: %m");
+	    return 1;
+	}
+	p = (u_char *)msg;
+	if (*p != NEW_CONN) {
+	    syslog (LOG_ERR, "bad_message: %d", *p);
+	    return 1;
+	}
+
+	child = fork ();
+	if (child < 0) {
+	    syslog (LOG_ERR, "fork: %m");
+	    if (errno != EAGAIN)
+		return 1;
+	} else if (child == 0) {
+	    return doit_conn (kc, sock, sock, flags, 1);
+	} else {
+	}
+    }
+}
+
+/*
+ * Receive a connection on `sock' and process it.
+ */
+
+static int
+doit(int sock, int tcp_flag)
+{
+    int ret;
+    kx_context context;
+    int dispnr;
+    int nsockets;
+    struct x_socket *sockets;
+    int flags;
+
+    flags = recv_conn (sock, &context, &dispnr, &nsockets, &sockets, tcp_flag);
+
+    if (flags & PASSIVE)
+	ret = doit_passive (&context, sock, flags, dispnr,
+			    nsockets, sockets, tcp_flag);
+    else
+	ret = doit_active (&context, sock, flags, tcp_flag);
+    context_destroy (&context);
+    return ret;
+}
+
+static char *port_str		= NULL;
+static int inetd_flag		= 1;
+static int tcp_flag		= 0;
+static int version_flag		= 0;
+static int help_flag		= 0;
+
+struct getargs args[] = {
+    { "inetd",		'i',	arg_negative_flag,	&inetd_flag,
+      "Not started from inetd" },
+    { "tcp",		't',	arg_flag,	&tcp_flag,	"Use TCP" },
+    { "port",		'p',	arg_string,	&port_str,	"Use this port",
+      "port" },
+    { "version",	0, 	arg_flag,		&version_flag },
+    { "help",		0, 	arg_flag,		&help_flag }
+};
+
+static void
+usage(int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "host");
+    exit (ret);
+}
+
+/*
+ * kxd - receive a forwarded X conncection
+ */
+
+int
+main (int argc, char **argv)
+{
+    int port;
+    int optind = 0;
+
+    setprogname (argv[0]);
+    roken_openlog ("kxd", LOG_ODELAY | LOG_PID, LOG_DAEMON);
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		&optind))
+	usage (1);
+
+    if (help_flag)
+	usage (0);
+
+    if (version_flag) {
+	print_version (NULL);
+	return 0;
+    }
+
+    if(port_str) {
+	struct servent *s = roken_getservbyname (port_str, "tcp");
+
+	if (s)
+	    port = s->s_port;
+	else {
+	    char *ptr;
+
+	    port = strtol (port_str, &ptr, 10);
+	    if (port == 0 && ptr == port_str)
+		errx (1, "bad port `%s'", port_str);
+	    port = htons(port);
+	}
+    } else {
+#if defined(KRB5)
+	port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
+#elif defined(KRB4)
+	port = k_getportbyname ("kx", "tcp", htons(KX_PORT));
+#else
+#error define KRB4 or KRB5
+#endif
+    }
+
+    if (!inetd_flag)
+	mini_inetd (port);
+
+     signal (SIGCHLD, childhandler);
+     return doit(STDIN_FILENO, tcp_flag);
+}
diff --git a/crypto/heimdal/appl/kx/kxd.cat8 b/crypto/heimdal/appl/kx/kxd.cat8
new file mode 100644
index 0000000..e033cee
--- /dev/null
+++ b/crypto/heimdal/appl/kx/kxd.cat8
@@ -0,0 +1,37 @@
+
+KXD(8)                   UNIX System Manager's Manual                   KXD(8)
+
+NNAAMMEE
+     kkxxdd - securely forward X conections
+
+SSYYNNOOPPSSIISS
+     _k_x_d [--tt] [--ii] [--pp _p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     This is the daemon for kkxx.
+
+     Options supported by kkxxdd:
+
+     --tt      TCP.  Normally kkxxdd will only listen for X connections on a UNIX
+             socket, but some machines (for example, Cray) have X libraries
+             that are not able to use UNIX sockets and thus you need to use
+             TCP to talk to the pseudo-xserver created by kkxxdd.. This option de-
+             creases the security significantly and should only be used when
+             it is necessary and you have considered the consequences of doing
+             so.
+
+     --ii      Interactive.  Do not expect to be started by iinneettdd,, but allocate
+             and listen to the socket yourself.  Handy for testing and debug-
+             ging.
+
+     --pp      Port.  Listen on the port _p_o_r_t. Only usable with --ii.
+
+EEXXAAMMPPLLEESS
+     Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
+
+     kx      stream  tcp     nowait  root    /usr/athena/libexec/kxd kxd
+
+SSEEEE AALLSSOO
+     kx(1),  rxtelnet(1),  rxterm(1)
+
+ KTH-KRB                      September 27, 1996                             1
diff --git a/crypto/heimdal/appl/kx/rxtelnet.1 b/crypto/heimdal/appl/kx/rxtelnet.1
new file mode 100644
index 0000000..7c37a7a
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxtelnet.1
@@ -0,0 +1,80 @@
+.\" $Id: rxtelnet.1,v 1.6 2001/01/11 16:16:26 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt RXTELNET 1
+.Os KTH_KRB
+.Sh NAME
+.Nm rxtelnet
+.Nd
+start a telnet and forward X-connections.
+.Sh SYNOPSIS
+.Nm rxtelnet
+.Op Fl l Ar username
+.Op Fl k
+.Op Fl t Ar telnet_args
+.Op Fl x Ar xterm_args
+.Op Fl w Ar term_emulator
+.Op Fl n
+.Ar host
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+program starts a
+.Nm xterm
+window with a telnet to host
+.Ar host .
+From this window you will also be able to run X clients that will be
+able to connect securily to your X server. If
+.Ar port
+is given, that port will be used instead of the default.
+.Pp
+The supported options are:
+.Bl -tag -width Ds
+.It Fl l
+Log in on the remote host as user
+.Ar username
+.It Fl k
+Disables keep-alives
+.It Fl t
+Send
+.Ar telnet_args
+as arguments to
+.Nm telnet
+.It Fl x
+Send
+.Ar xterm_args
+as arguments to
+.Nm xterm
+.It Fl w
+Use
+.Ar term_emulator
+instead of xterm.
+.It Fl n
+Do not start any terminal emulator.
+.El
+.Sh EXAMPLE
+To login from host
+.Va foo
+(where your display is)
+to host
+.Va bar ,
+you might do the following.
+.Bl -enum
+.It
+On foo: 
+.Nm
+.Va bar
+.It
+You will get a new window with a
+.Nm telnet
+to
+.Va bar .
+In this window you will be able to start X clients.
+.El
+.Sh SEE ALSO
+.Xr rxterm 1 ,
+.Xr tenletxr 1 ,
+.Xr kx 1 ,
+.Xr kxd 8 ,
+.Xr telnet 1
diff --git a/crypto/heimdal/appl/kx/rxtelnet.cat1 b/crypto/heimdal/appl/kx/rxtelnet.cat1
new file mode 100644
index 0000000..ad3f420
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxtelnet.cat1
@@ -0,0 +1,43 @@
+
+RXTELNET(1)                  UNIX Reference Manual                 RXTELNET(1)
+
+NNAAMMEE
+     rrxxtteellnneett - start a telnet and forward X-connections.
+
+SSYYNNOOPPSSIISS
+     rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
+              _t_e_r_m___e_m_u_l_a_t_o_r] [--nn] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t.
+     From this window you will also be able to run X clients that will be able
+     to connect securily to your X server. If _p_o_r_t is given, that port will be
+     used instead of the default.
+
+     The supported options are:
+
+     --ll      Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+     --kk      Disables keep-alives
+
+     --tt      Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett
+
+     --xx      Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
+
+     --ww      Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
+
+     --nn      Do not start any terminal emulator.
+
+EEXXAAMMPPLLEE
+     To login from host _f_o_o (where your display is) to host _b_a_r, you might do
+     the following.
+
+     1.   On foo: rrxxtteellnneett _b_a_r
+
+     2.   You will get a new window with a tteellnneett to _b_a_r. In this window you
+          will be able to start X clients.
+
+SSEEEE AALLSSOO
+     rxterm(1),  tenletxr(1),  kx(1),  kxd(8),  telnet(1)
+
+ KTH_KRB                      September 27, 1996                             1
diff --git a/crypto/heimdal/appl/kx/rxtelnet.in b/crypto/heimdal/appl/kx/rxtelnet.in
new file mode 100644
index 0000000..233f10b
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxtelnet.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# $Id: rxtelnet.in,v 1.26 1999/02/04 21:19:50 assar Exp $
+#
+usage="Usage: $0 [-l username] [-k] [-t args_to_telnet] [-x args_to_xterm] [-w term_emulator] [-n] [-v] [-h | --help] [--version] host [port]"
+term=
+kx_args=-P
+while true
+do
+  case $1 in
+  -l) telnet_args="${telnet_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
+  -t) telnet_args="${telnet_args} $2 "; shift 2;;
+  -x) xterm_args="${xterm_args} $2 "; shift 2;;
+  -k) kx_args="${kx_args} -k"; shift;;
+  -n) term=none; shift;;
+  -w) term=$2; shift 2;;
+  --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
+  -h) echo $usage; exit 0;;
+  --help) echo $usage; exit 0;;
+  -v) set -x; verb=1; shift;;
+  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+  *) break;;
+  esac
+done
+if test $# -lt 1; then
+  echo $usage
+  exit 1
+fi
+host=$1
+port=$2
+title="${title}${host}"
+bindir=%bindir%
+pdc_trams=`dirname $0`
+PATH=$pdc_trams:$bindir:$PATH
+export PATH
+set -- `kx $kx_args $host`
+if test $# -ne 3; then
+  exit 1
+fi
+screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
+pid=$1
+disp=${2}${screen}
+auth=$3
+oldifs=$IFS
+IFS=:
+set -- $PATH
+IFS=$oldifs
+if test -z "$term"; then
+  for j in xterm dtterm aixterm dxterm hpterm; do
+    for i in $*; do
+      test -n "$i" || i="."
+      if test -x $i/$j; then
+	term=$j; break 2
+      fi
+    done
+  done
+fi
+test "$verb" && echo "Telnet command used is `type telnet`."
+if test -n "$term" -a "$term" != "none"; then
+  ($term -title $title -n $title $xterm_args -e env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port; kill -USR2 $pid) &
+else
+  env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port
+  kill -USR2 $pid
+fi
diff --git a/crypto/heimdal/appl/kx/rxterm.1 b/crypto/heimdal/appl/kx/rxterm.1
new file mode 100644
index 0000000..e8dd0c8
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxterm.1
@@ -0,0 +1,77 @@
+.\" $Id: rxterm.1,v 1.4 1997/06/03 00:58:23 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt RXTERM 1
+.Os KTH_KRB
+.Sh NAME
+.Nm rxterm
+.Nd
+start a secure remote xterm
+.Sh SYNOPSIS
+.Nm rxterm
+.Op Fl l Ar username
+.Op Fl k
+.Op Fl r Ar rsh_args
+.Op Fl x Ar xterm_args
+.Op Fl w Ar term_emulator
+.Ar host
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+program starts a
+.Nm xterm
+window on host
+.Ar host .
+From this window you will also be able to run X clients that will be
+able to connect securily to your X server. If
+.Ar port
+is given, that port will be used instead of the default.
+.Pp
+The supported options are:
+.Bl -tag -width Ds
+.It Fl l
+Log in on the remote host as user
+.Ar username
+.It Fl k
+Disable keep-alives
+.It Fl r
+Send
+.Ar rsh_args
+as arguments to
+.Nm rsh
+.It Fl x
+Send
+.Ar xterm_args
+as arguments to
+.Nm xterm
+.It Fl w
+Use
+.Ar term_emulator
+instead of xterm.
+.El
+.Sh EXAMPLE
+To login from host
+.Va foo
+(where your display is)
+to host
+.Va bar ,
+you might do the following.
+.Bl -enum
+.It
+On foo: 
+.Nm
+.Va bar
+.It
+You will get a new window running an
+.Nm xterm
+on host
+.Va bar .
+In this window you will be able to start X clients.
+.El
+.Sh SEE ALSO
+.Xr rxtelnet 1 ,
+.Xr tenletxr 1 ,
+.Xr kx 1 ,
+.Xr kxd 8 ,
+.Xr rsh 1
diff --git a/crypto/heimdal/appl/kx/rxterm.cat1 b/crypto/heimdal/appl/kx/rxterm.cat1
new file mode 100644
index 0000000..56eec66
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxterm.cat1
@@ -0,0 +1,41 @@
+
+RXTERM(1)                    UNIX Reference Manual                   RXTERM(1)
+
+NNAAMMEE
+     rrxxtteerrmm - start a secure remote xterm
+
+SSYYNNOOPPSSIISS
+     rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
+            _t_e_r_m___e_m_u_l_a_t_o_r] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t. From this window
+     you will also be able to run X clients that will be able to connect se-
+     curily to your X server. If _p_o_r_t is given, that port will be used instead
+     of the default.
+
+     The supported options are:
+
+     --ll      Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+     --kk      Disable keep-alives
+
+     --rr      Send _r_s_h___a_r_g_s as arguments to rrsshh
+
+     --xx      Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
+
+     --ww      Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
+
+EEXXAAMMPPLLEE
+     To login from host _f_o_o (where your display is) to host _b_a_r, you might do
+     the following.
+
+     1.   On foo: rrxxtteerrmm _b_a_r
+
+     2.   You will get a new window running an xxtteerrmm on host _b_a_r. In this win-
+          dow you will be able to start X clients.
+
+SSEEEE AALLSSOO
+     rxtelnet(1),  tenletxr(1),  kx(1),  kxd(8),  rsh(1)
+
+ KTH_KRB                      September 27, 1996                             1
diff --git a/crypto/heimdal/appl/kx/rxterm.in b/crypto/heimdal/appl/kx/rxterm.in
new file mode 100644
index 0000000..dab3645
--- /dev/null
+++ b/crypto/heimdal/appl/kx/rxterm.in
@@ -0,0 +1,41 @@
+#!/bin/sh
+# $Id: rxterm.in,v 1.20 1999/02/04 09:29:49 assar Exp $
+#
+usage="Usage: $0 [-l username] [-k] [-r rsh_args] [-x xterm_args] [-w term_emulator] [-v] [-h | --help] [--version] host"
+term=xterm
+while true
+do
+  case $1 in
+  -l) rsh_args="${rsh_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
+  -r) rsh_args="${rsh_args} $2 "; shift 2;;
+  -x) xterm_args="${xterm_args} $2 "; shift 2;;
+  -k) kx_args="${kx_args} -k"; shift;;
+  -w) term=$2; shift 2;;
+  --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
+  -h) echo $usage; exit 0;;
+  --help) echo $usage; exit 0;;
+  -v) set -x; shift;;
+  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+  *) break;;
+  esac
+done
+if test $# -lt 1; then
+  echo "Usage: $0 host [arguments to $term]"
+  exit 1
+fi
+host=$1
+title="${title}${host}"
+bindir=%bindir%
+pdc_trams=`dirname $0`
+PATH=$pdc_trams:$bindir:$PATH
+export PATH
+set -- `kx $kx_args $host`
+if test $# -ne 3; then
+  exit 1
+fi
+screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
+pid=$1
+disp=${2}${screen}
+auth=$3
+kill -USR1 $pid
+rsh -n $rsh_args $host "/bin/sh -c 'DISPLAY=$disp XAUTHORITY=$auth $term -T $title -n $title $xterm_args </dev/null >/dev/null 2>/dev/null &'"
diff --git a/crypto/heimdal/appl/kx/tenletxr.1 b/crypto/heimdal/appl/kx/tenletxr.1
new file mode 100644
index 0000000..ae7c858
--- /dev/null
+++ b/crypto/heimdal/appl/kx/tenletxr.1
@@ -0,0 +1,61 @@
+.\" $Id: tenletxr.1,v 1.2 1997/03/31 03:43:33 assar Exp $
+.\"
+.Dd March 31, 1997
+.Dt TENLETXR 1
+.Os KTH_KRB
+.Sh NAME
+.Nm tenletxr
+.Nd
+forward X-connections backwards.
+.Sh SYNOPSIS
+.Nm tenletxr
+.Op Fl l Ar username
+.Op Fl k
+.Ar host
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+program
+enables forwarding of X-connections from this machine to host
+.Ar host .
+If
+.Ar port
+is given, that port will be used instead of the default.
+.Pp
+The supported options are:
+.Bl -tag -width Ds
+.It Fl l
+Log in on the remote host as user
+.Ar username
+.It Fl k
+Disables keep-alives.
+.El
+.Sh EXAMPLE
+To login from host
+.Va foo
+to host
+.Va bar
+(where your display is),
+you might do the following.
+.Bl -enum
+.It
+On foo: 
+.Nm
+.Va bar
+.It
+You will get a new shell where you will be able to start X clients
+that will show their windows on
+.Va bar .
+.El
+.Sh BUGS
+It currently checks if you have permission to run it by checking if
+you own
+.Pa /dev/console
+on the remote host.
+.Sh SEE ALSO
+.Xr rxtelnet 1 ,
+.Xr rxterm 1 ,
+.Xr kx 1 ,
+.Xr kxd 8 ,
+.Xr telnet 1
diff --git a/crypto/heimdal/appl/kx/tenletxr.cat1 b/crypto/heimdal/appl/kx/tenletxr.cat1
new file mode 100644
index 0000000..c1714e7
--- /dev/null
+++ b/crypto/heimdal/appl/kx/tenletxr.cat1
@@ -0,0 +1,37 @@
+
+TENLETXR(1)                  UNIX Reference Manual                 TENLETXR(1)
+
+NNAAMMEE
+     tteennlleettxxrr - forward X-connections backwards.
+
+SSYYNNOOPPSSIISS
+     tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     The tteennlleettxxrr program enables forwarding of X-connections from this ma-
+     chine to host _h_o_s_t. If _p_o_r_t is given, that port will be used instead of
+     the default.
+
+     The supported options are:
+
+     --ll      Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+     --kk      Disables keep-alives.
+
+EEXXAAMMPPLLEE
+     To login from host _f_o_o to host _b_a_r (where your display is), you might do
+     the following.
+
+     1.   On foo: tteennlleettxxrr _b_a_r
+
+     2.   You will get a new shell where you will be able to start X clients
+          that will show their windows on _b_a_r.
+
+BBUUGGSS
+     It currently checks if you have permission to run it by checking if you
+     own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host.
+
+SSEEEE AALLSSOO
+     rxtelnet(1),  rxterm(1),  kx(1),  kxd(8),  telnet(1)
+
+ KTH_KRB                        March 31, 1997                               1
diff --git a/crypto/heimdal/appl/kx/tenletxr.in b/crypto/heimdal/appl/kx/tenletxr.in
new file mode 100644
index 0000000..5c05dc9
--- /dev/null
+++ b/crypto/heimdal/appl/kx/tenletxr.in
@@ -0,0 +1,37 @@
+#!/bin/sh
+# $Id: tenletxr.in,v 1.3 1999/02/04 09:29:59 assar Exp $
+#
+usage="Usage: $0 [-l username] [-k] [-v] [-h | --help] [--version] host [port]"
+while true
+do
+  case $1 in
+  -l) kx_args="${kx_args} -l $2"; shift 2;;
+  -k) kx_args="${kx_args} -k"; shift;;
+  --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
+  -h) echo $usage; exit 0;;
+  --help) echo $usage; exit 0;;
+  -v) set -x; shift;;
+  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
+  *) break;;
+  esac
+done
+if test $# -lt 1; then
+  echo $usage
+  exit 1
+fi
+host=$1
+port=$2
+bindir=%bindir%
+pdc_trams=`dirname $0`
+PATH=$pdc_trams:$bindir:$PATH
+export PATH
+set -- `kx $kx_args $host`
+if test $# -ne 3; then
+  exit 1
+fi
+screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
+pid=$1
+disp=${2}${screen}
+auth=$3
+env DISPLAY=$disp XAUTHORITY=$auth $SHELL
+kill -USR2 $pid
diff --git a/crypto/heimdal/appl/kx/writeauth.c b/crypto/heimdal/appl/kx/writeauth.c
new file mode 100644
index 0000000..11dc72d
--- /dev/null
+++ b/crypto/heimdal/appl/kx/writeauth.c
@@ -0,0 +1,73 @@
+/* $XConsortium: AuWrite.c,v 1.6 94/04/17 20:15:45 gildea Exp $ */
+
+/*
+
+Copyright (c) 1988  X Consortium
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of the X Consortium shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from the X Consortium.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: writeauth.c,v 1.4 1999/05/12 17:59:44 assar Exp $");
+#endif
+
+#include <X11/Xauth.h>
+
+static int
+write_short (unsigned short s, FILE *file)
+{
+    unsigned char   file_short[2];
+
+    file_short[0] = (s & (unsigned)0xff00) >> 8;
+    file_short[1] = s & 0xff;
+    if (fwrite (file_short, sizeof (file_short), 1, file) != 1)
+	return 0;
+    return 1;
+}
+
+static int
+write_counted_string (unsigned short count, char *string, FILE *file)
+{
+    if (write_short (count, file) == 0)
+	return 0;
+    if (fwrite (string, (int) sizeof (char), (int) count, file) != count)
+	return 0;
+    return 1;
+}
+
+int
+XauWriteAuth (FILE *auth_file, Xauth *auth)
+{
+    if (write_short (auth->family, auth_file) == 0)
+	return 0;
+    if (write_counted_string (auth->address_length, auth->address, auth_file) == 0)
+	return 0;
+    if (write_counted_string (auth->number_length, auth->number, auth_file) == 0)
+	return 0;
+    if (write_counted_string (auth->name_length, auth->name, auth_file) == 0)
+	return 0;
+    if (write_counted_string (auth->data_length, auth->data, auth_file) == 0)
+	return 0;
+    return 1;
+}
diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog
index fc9f7554..15d01be 100644
--- a/crypto/heimdal/appl/login/ChangeLog
+++ b/crypto/heimdal/appl/login/ChangeLog
@@ -1,3 +1,8 @@
+2001-02-08  Assar Westerlund  <assar@sics.se>
+
+	* utmp_login.c, utmpx_login.c: try to write a useful string as
+	host in utmp, using the same algoritm as telnetd
+
 2001-01-29  Assar Westerlund  <assar@sics.se>
 
 	* login.c: remove some krb5_free_context that might happen at
diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in
index ba353de..64f94b3 100644
--- a/crypto/heimdal/appl/login/Makefile.in
+++ b/crypto/heimdal/appl/login/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = login
@@ -260,7 +263,7 @@ OBJECTS = $(am_login_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/login/Makefile
 
@@ -352,6 +355,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c
index 2ada921..7cd405b 100644
--- a/crypto/heimdal/appl/login/login.c
+++ b/crypto/heimdal/appl/login/login.c
@@ -39,7 +39,7 @@
 #include <sys/capability.h>
 #endif
 
-RCSID("$Id: login.c,v 1.46 2001/01/29 02:18:03 assar Exp $");
+RCSID("$Id: login.c,v 1.47 2001/02/20 01:44:45 assar Exp $");
 
 static int login_timeout = 60;
 
@@ -650,7 +650,7 @@ main(int argc, char **argv)
     int ask = 1;
     struct sigaction sa;
     
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
 #ifdef KRB5
     {
diff --git a/crypto/heimdal/appl/login/login_protos.h b/crypto/heimdal/appl/login/login_protos.h
index e19a598..4bb8207 100644
--- a/crypto/heimdal/appl/login/login_protos.h
+++ b/crypto/heimdal/appl/login/login_protos.h
@@ -64,6 +64,12 @@ read_string __P((
 	int echo));
 
 void
+shrink_hostname __P((
+	const char *hostname,
+	char *dst,
+	size_t dst_sz));
+
+void
 stty_default __P((void));
 
 void
diff --git a/crypto/heimdal/appl/login/osfc2.c b/crypto/heimdal/appl/login/osfc2.c
index 5d4d087..056484c 100644
--- a/crypto/heimdal/appl/login/osfc2.c
+++ b/crypto/heimdal/appl/login/osfc2.c
@@ -32,7 +32,7 @@
  */
 
 #include "login_locl.h"
-RCSID("$Id: osfc2.c,v 1.3 1999/12/02 17:04:56 joda Exp $");
+RCSID("$Id: osfc2.c,v 1.4 2001/02/20 01:44:46 assar Exp $");
 
 int
 do_osfc2_magic(uid_t uid)
@@ -42,7 +42,7 @@ do_osfc2_magic(uid_t uid)
     char *argv[2];
     
     /* fake */
-    argv[0] = (char*)__progname;
+    argv[0] = (char*)getprogname();
     argv[1] = NULL;
     set_auth_parameters(1, argv);
     
diff --git a/crypto/heimdal/appl/login/utmp_login.c b/crypto/heimdal/appl/login/utmp_login.c
index b584326b..0be6cdb 100644
--- a/crypto/heimdal/appl/login/utmp_login.c
+++ b/crypto/heimdal/appl/login/utmp_login.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,49 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: utmp_login.c,v 1.17 1999/12/02 17:04:56 joda Exp $");
+RCSID("$Id: utmp_login.c,v 1.18 2001/02/08 16:08:26 assar Exp $");
+
+/* try to put something useful from hostname into dst, dst_sz:
+ * full name, first component or address */
+
+void
+shrink_hostname (const char *hostname,
+		 char *dst, size_t dst_sz)
+{
+    char local_hostname[MaxHostNameLen];
+    char *ld, *hd;
+    int ret;
+    struct addrinfo *ai;
+
+    if (strlen(hostname) < dst_sz) {
+	strlcpy (dst, hostname, dst_sz);
+	return;
+    }
+    gethostname (local_hostname, sizeof(local_hostname));
+    hd = strchr (hostname, '.');
+    ld = strchr (local_hostname, '.');
+    if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0
+	&& hd - hostname < dst_sz) {
+	strlcpy (dst, hostname, dst_sz);
+	dst[hd - hostname] = '\0';
+	return;
+    }
+
+    ret = getaddrinfo (hostname, NULL, NULL, &ai);
+    if (ret) {
+	strncpy (dst, hostname, dst_sz);
+	return;
+    }
+    ret = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+		       dst, dst_sz,
+		       NULL, 0,
+		       NI_NUMERICHOST);
+    freeaddrinfo (ai);
+    if (ret) {
+	strncpy (dst, hostname, dst_sz);
+	return;
+    }
+}
 
 void
 prepare_utmp (struct utmp *utmp, char *tty, 
@@ -60,7 +102,7 @@ prepare_utmp (struct utmp *utmp, char *tty,
 # endif
 
 # ifdef HAVE_STRUCT_UTMP_UT_HOST
-    strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
+    shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host));
 # endif
 
 # ifdef HAVE_STRUCT_UTMP_UT_TYPE
diff --git a/crypto/heimdal/appl/login/utmpx_login.c b/crypto/heimdal/appl/login/utmpx_login.c
index 745d64c..46d7f15 100644
--- a/crypto/heimdal/appl/login/utmpx_login.c
+++ b/crypto/heimdal/appl/login/utmpx_login.c
@@ -2,7 +2,7 @@
 
 #include "login_locl.h"
 
-RCSID("$Id: utmpx_login.c,v 1.24 1999/08/04 17:03:15 assar Exp $");
+RCSID("$Id: utmpx_login.c,v 1.25 2001/02/08 16:08:47 assar Exp $");
 
 /* utmpx_login - update utmp and wtmp after login */
 
@@ -21,7 +21,7 @@ utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host)
     strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
 #endif
     strncpy(ut->ut_user, user, sizeof(ut->ut_user));
-    strncpy(ut->ut_host, host, sizeof(ut->ut_host));
+    shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host));
 #ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
     ut->ut_syslen = strlen(host) + 1;
     if (ut->ut_syslen > sizeof(ut->ut_host))
diff --git a/crypto/heimdal/appl/otp/ChangeLog b/crypto/heimdal/appl/otp/ChangeLog
new file mode 100644
index 0000000..cffff9e
--- /dev/null
+++ b/crypto/heimdal/appl/otp/ChangeLog
@@ -0,0 +1,40 @@
+2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
+
+	* otpprint.1: sort parameters and close a list
+
+	* otp.1: sort parameters and close a list
+
+1999-09-14  Assar Westerlund  <assar@sics.se>
+
+	* otp.c (verify_user_otp): check return value from
+ 	des_read_pw_string
+
+Thu Apr  1 16:51:07 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* otpprint.c: use getarg
+
+	* otp.c: use getarg
+
+Thu Mar 18 12:08:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Thu Mar  4 19:45:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: DESTDIR
+
+Sat Feb 27 19:44:25 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add
+
+Sun Nov 22 10:32:50 1998  Assar Westerlund  <assar@sics.se>
+
+	* otpprint.c: more braces
+
+	* Makefile.in (WFLAGS): set
+
+Sun Dec 21 09:31:30 1997  Assar Westerlund  <assar@sics.se>
+
+	* otp.c (renew): don't set the OTP if the reading of the string
+ 	fails.
+
diff --git a/crypto/heimdal/appl/otp/Makefile.am b/crypto/heimdal/appl/otp/Makefile.am
new file mode 100644
index 0000000..0597a73
--- /dev/null
+++ b/crypto/heimdal/appl/otp/Makefile.am
@@ -0,0 +1,16 @@
+# $Id: Makefile.am,v 1.9 2000/11/15 22:51:09 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+bin_PROGRAMS = otp otpprint
+bin_SUIDS = otp
+otp_SOURCES = otp.c otp_locl.h
+otpprint_SOURCES = otpprint.c otp_locl.h
+
+man_MANS = otp.1  otpprint.1
+
+LDADD = \
+	$(top_builddir)/lib/otp/libotp.la \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(DBLIB)
diff --git a/crypto/heimdal/appl/otp/Makefile.in b/crypto/heimdal/appl/otp/Makefile.in
new file mode 100644
index 0000000..7c576b8
--- /dev/null
+++ b/crypto/heimdal/appl/otp/Makefile.in
@@ -0,0 +1,628 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.9 2000/11/15 22:51:09 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+bin_PROGRAMS = otp otpprint
+bin_SUIDS = otp
+otp_SOURCES = otp.c otp_locl.h
+otpprint_SOURCES = otpprint.c otp_locl.h
+
+man_MANS = otp.1  otpprint.1
+
+LDADD = \
+	$(top_builddir)/lib/otp/libotp.la \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(DBLIB)
+
+subdir = appl/otp
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+bin_PROGRAMS =  otp$(EXEEXT) otpprint$(EXEEXT)
+PROGRAMS =  $(bin_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+am_otp_OBJECTS =  otp.$(OBJEXT)
+otp_OBJECTS =  $(am_otp_OBJECTS)
+otp_LDADD = $(LDADD)
+otp_DEPENDENCIES =  $(top_builddir)/lib/otp/libotp.la
+otp_LDFLAGS = 
+am_otpprint_OBJECTS =  otpprint.$(OBJEXT)
+otpprint_OBJECTS =  $(am_otpprint_OBJECTS)
+otpprint_LDADD = $(LDADD)
+otpprint_DEPENDENCIES =  $(top_builddir)/lib/otp/libotp.la
+otpprint_LDFLAGS = 
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  $(otp_SOURCES) $(otpprint_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+depcomp = 
+DIST_COMMON =  ChangeLog Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
+OBJECTS = $(am_otp_OBJECTS) $(am_otpprint_OBJECTS)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/otp/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-binPROGRAMS:
+
+clean-binPROGRAMS:
+	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+distclean-binPROGRAMS:
+
+maintainer-clean-binPROGRAMS:
+
+install-binPROGRAMS: $(bin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-binPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+	  rm -f $(DESTDIR)$(bindir)/$$f; \
+	done
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+otp$(EXEEXT): $(otp_OBJECTS) $(otp_DEPENDENCIES)
+	@rm -f otp$(EXEEXT)
+	$(LINK) $(otp_LDFLAGS) $(otp_OBJECTS) $(otp_LDADD) $(LIBS)
+
+otpprint$(EXEEXT): $(otpprint_OBJECTS) $(otpprint_DEPENDENCIES)
+	@rm -f otpprint$(EXEEXT)
+	$(LINK) $(otpprint_LDFLAGS) $(otpprint_OBJECTS) $(otpprint_LDADD) $(LIBS)
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+install-man1:
+	$(mkinstalldirs) $(DESTDIR)$(man1dir)
+	@list='$(man1_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
+	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
+	done
+
+uninstall-man1:
+	@list='$(man1_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
+	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
+	done
+install-man: $(MANS)
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-man1
+uninstall-man:
+	@$(NORMAL_UNINSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-man1
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-binPROGRAMS
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-man install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-binPROGRAMS mostlyclean-compile \
+		mostlyclean-libtool mostlyclean-tags \
+		mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-binPROGRAMS clean-compile clean-libtool clean-tags \
+		clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-binPROGRAMS distclean-compile distclean-libtool \
+		distclean-tags distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-binPROGRAMS \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-tags maintainer-clean-generic \
+		distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
+maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
+mostlyclean-compile distclean-compile clean-compile \
+maintainer-clean-compile mostlyclean-libtool distclean-libtool \
+clean-libtool maintainer-clean-libtool install-man1 uninstall-man1 \
+install-man uninstall-man tags mostlyclean-tags distclean-tags \
+clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \
+check-local check check-am installcheck-am installcheck install-exec-am \
+install-exec install-data-local install-data-am install-data install-am \
+install uninstall-am uninstall all-local all-redirect all-am all \
+install-strip installdirs mostlyclean-generic distclean-generic \
+clean-generic maintainer-clean-generic clean mostlyclean distclean \
+maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/otp/otp.1 b/crypto/heimdal/appl/otp/otp.1
new file mode 100644
index 0000000..473a4b0
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otp.1
@@ -0,0 +1,60 @@
+.\" $Id: otp.1,v 1.2 2000/11/29 18:18:22 joda Exp $
+.\"
+.Dd November 17, 1996
+.Dt OTP 1
+.Os KTH-KRB
+.Sh NAME
+.Nm otp
+.Nd
+manages one-time passwords
+.Sh SYNOPSIS
+.Nm otp
+.Op Fl dhlor
+.Op Fl f Ar algorithm
+.Op Fl u Ar user
+.Ar sequence-number
+.Ar seed
+.Sh DESCRIPTION
+The
+.Nm
+program initializes and updates your current series of one-time
+passwords (OTPs).
+.Pp
+Use this to set a new series of one-time passwords.  Only perform this
+on the console or over an encrypted link as you will have to supply
+your pass-phrase.  The other two parameters are
+.Ar sequence-number
+and
+.Ar seed .
+.Pp
+Options are:
+.Bl -tag -width Ds
+.It Fl d
+To delete a one-time password.
+.It Fl f
+Choose a different
+.Ar algorithm
+from the default md5.  Pick any of: md4, md5, and sha.
+.It Fl h
+For getting a help message.
+.It Fl l
+List the current table of one-time passwords.
+.It Fl o
+To open (unlock) the otp-entry for a user.
+.It Fl r
+To renew a one-time password series.  This operation can be performed
+over an potentially eavesdropped link because you do not supply the
+pass-phrase.  First you need to supply the current one-time password
+and then the new one corresponding to the supplied
+.Ar sequence-number
+and
+.Ar seed .
+.It Fl u
+To choose a different
+.Ar user
+to set one-time passwords for.  This only works when running
+.Nm
+as root.
+.El
+.Sh SEE ALSO
+.Xr otpprint 1
diff --git a/crypto/heimdal/appl/otp/otp.c b/crypto/heimdal/appl/otp/otp.c
new file mode 100644
index 0000000..66de4e0
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otp.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "otp_locl.h"
+#include <getarg.h>
+
+RCSID("$Id: otp.c,v 1.33 2001/02/20 01:44:46 assar Exp $");
+
+static int listp;
+static int deletep;
+static int openp;
+static int renewp;
+static char* alg_string;
+static char *user;
+static int version_flag;
+static int help_flag;
+
+struct getargs args[] = {
+    { "list", 'l', arg_flag, &listp, "list OTP status" },
+    { "delete", 'd', arg_flag, &deletep, "delete OTP" },
+    { "open", 'o', arg_flag, &openp, "open a locked OTP" },
+    { "renew", 'r', arg_flag, &renewp, "securely renew OTP" },
+    { "hash", 'f', arg_string, &alg_string, 
+      "hash algorithm (md4, md5, or sha)", "algorithm"},
+    { "user", 'u', arg_string, &user, 
+      "user other than current user (root only)", "user" },
+    { "version", 0, arg_flag, &version_flag },
+    { "help", 'h', arg_flag, &help_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "[num seed]");
+    exit(code);
+}
+
+/* 
+ * Renew the OTP for a user. 
+ * The pass-phrase is not required (RFC 1938/8.0)
+ */
+
+static int
+renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
+{
+    OtpContext newctx, *ctx;
+    char prompt[128];
+    char pw[64];
+    void *dbm;
+    int ret;
+
+    newctx.alg = alg;
+    newctx.user = user;
+    newctx.n = atoi (argv[0]);
+    strlcpy (newctx.seed, argv[1], sizeof(newctx.seed));
+    strlwr(newctx.seed);
+    snprintf (prompt, sizeof(prompt),
+	      "[ otp-%s %u %s ]",
+	      newctx.alg->name,
+	      newctx.n, 
+	      newctx.seed);
+    if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
+	otp_parse (newctx.key, pw, alg) == 0) {
+	ctx = &newctx;
+	ret = 0;
+    } else
+	return 1;
+
+    dbm = otp_db_open ();
+    if (dbm == NULL) {
+	warnx ("otp_db_open failed");
+	return 1;
+    }
+    otp_put (dbm, ctx);
+    otp_db_close (dbm);
+    return ret;
+}
+
+/*
+ * Return 0 if the user could enter the next OTP.
+ * I would rather have returned !=0 but it's shell-like here around.
+ */
+
+static int 
+verify_user_otp(char *username)
+{
+    OtpContext ctx;
+    char passwd[OTP_MAX_PASSPHRASE + 1];
+    char prompt[128], ss[256];
+
+    if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) {
+	warnx("no otp challenge found for %s", username);
+	return 1; 
+    }
+
+    snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
+    if(des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0))
+	return 1;
+    return otp_verify_user (&ctx, passwd);
+}
+
+/* 
+ * Set the OTP for a user
+ */
+
+static int
+set (int argc, char **argv, OtpAlgorithm *alg, char *user)
+{
+    void *db;
+    OtpContext ctx;
+    char pw[OTP_MAX_PASSPHRASE + 1];
+    int ret;
+    int i;
+
+    ctx.alg = alg;
+    ctx.user = strdup (user);
+    if (ctx.user == NULL)
+	err (1, "out of memory");
+
+    ctx.n = atoi (argv[0]);
+    strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
+    strlwr(ctx.seed);
+    do {
+	if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
+	    return 1;
+	if (strlen (pw) < OTP_MIN_PASSPHRASE)
+	    printf ("Too short pass-phrase.  Use at least %d characters\n",
+		    OTP_MIN_PASSPHRASE);
+    } while(strlen(pw) < OTP_MIN_PASSPHRASE);
+    ctx.alg->init (ctx.key, pw, ctx.seed);
+    for (i = 0; i < ctx.n; ++i)
+	ctx.alg->next (ctx.key);
+    db = otp_db_open ();
+    if(db == NULL) {
+	free (ctx.user);
+	err (1, "otp_db_open failed");
+    }
+    ret = otp_put (db, &ctx);
+    otp_db_close (db);
+    free (ctx.user);
+    return ret;
+}
+
+/*
+ * Delete otp of user from the database
+ */
+
+static int
+delete_otp (int argc, char **argv, char *user)
+{
+    void *db;
+    OtpContext ctx;
+    int ret;
+
+    db = otp_db_open ();
+    if(db == NULL)
+	errx (1, "otp_db_open failed");
+
+    ctx.user = user;
+    ret = otp_delete(db, &ctx);
+    otp_db_close (db);
+    return ret;
+}
+
+/* 
+ * Tell whether the user has an otp
+ */
+
+static int
+has_an_otp(char *user)
+{
+    void *db;
+    OtpContext ctx;
+    int ret;
+
+    db = otp_db_open ();
+    if(db == NULL) {
+	warnx ("otp_db_open failed");
+	return 0; /* if no db no otp! */
+    }
+  
+    ctx.user = user;
+    ret = otp_simple_get(db, &ctx); 
+
+    otp_db_close (db);
+    return !ret;
+}
+
+/*
+ * Get and print out the otp entry for some user
+ */
+
+static void
+print_otp_entry_for_name (void *db, char *user)
+{
+    OtpContext ctx;
+
+    ctx.user = user;
+    if (!otp_simple_get(db, &ctx)) {
+	fprintf(stdout,
+		"%s\totp-%s %d %s",
+		ctx.user, ctx.alg->name, ctx.n, ctx.seed);
+	if (ctx.lock_time)
+	    fprintf(stdout,
+		    "\tlocked since %s",
+		    ctime(&ctx.lock_time));
+	else
+	    fprintf(stdout, "\n");
+    }
+}
+
+static int
+open_otp (int argc, char **argv, char *user)
+{
+    void *db;
+    OtpContext ctx;
+    int ret;
+
+    db = otp_db_open ();
+    if (db == NULL)
+	errx (1, "otp_db_open failed");
+  
+    ctx.user = user;
+    ret = otp_simple_get (db, &ctx);
+    if (ret == 0)
+	ret = otp_put (db, &ctx);
+    otp_db_close (db);
+    return ret;
+}
+
+/*
+ * Print otp entries for one or all users
+ */
+
+static int
+list_otps (int argc, char **argv, char *user)
+{
+    void *db;
+    struct passwd *pw;
+
+    db = otp_db_open ();
+    if(db == NULL)
+	errx (1, "otp_db_open failed");
+
+    if (user)
+	print_otp_entry_for_name(db, user);
+    else
+	/* scans all users... so as to get a deterministic order */
+	while ((pw = getpwent()))
+	    print_otp_entry_for_name(db, pw->pw_name);
+
+    otp_db_close (db);
+    return 0;
+}
+
+int
+main (int argc, char **argv)
+{
+    int defaultp = 0;
+    int uid = getuid();
+    OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
+    int optind = 0;
+  
+    setprogname (argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    if(deletep && uid != 0)
+	errx (1, "Only root can delete OTPs");
+    if(alg_string) {
+	alg = otp_find_alg (alg_string);
+	if (alg == NULL)
+	    errx (1, "Unknown algorithm: %s", alg_string);
+    }
+    if (user && uid != 0)
+	errx (1, "Only root can use `-u'");
+    argc -= optind;
+    argv += optind;
+
+    if (!(listp || deletep || renewp || openp))
+	defaultp = 1;
+
+    if ( listp + deletep + renewp + defaultp + openp != 1) 
+	usage(1); /* one of -d or -l or -r or none */
+
+    if(deletep || openp || listp) {
+	if(argc != 0)
+	    errx(1, "delete, open, and list requires no arguments\n");
+    } else {
+	if(argc != 2)
+	    errx(1, "setup, and renew requires `num', and `seed'");
+    }
+    if (listp)
+	return list_otps (argc, argv, user);
+
+    if (user == NULL) {
+	struct passwd *pwd;
+
+	pwd = k_getpwuid(uid);
+	if (pwd == NULL)
+	    err (1, "You don't exist");
+	user = pwd->pw_name;
+    }
+  
+    /*
+     * users other that root must provide the next OTP to update the sequence.
+     * it avoids someone to use a pending session to change an OTP sequence.
+     * see RFC 1938/8.0.
+     */
+    if (uid != 0 && (defaultp || renewp)) {
+	if (!has_an_otp(user)) {
+	    errx (1, "Only root can set an initial OTP");
+	} else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */
+	    if (verify_user_otp(user) != 0) {
+		errx (1, "User authentification failed");
+	    }
+	}
+    }
+
+    if (deletep)
+	return delete_otp (argc, argv, user);
+    else if (renewp)
+	return renew (argc, argv, alg, user);
+    else if (openp)
+	return open_otp (argc, argv, user);
+    else
+	return set (argc, argv, alg, user);
+}
diff --git a/crypto/heimdal/appl/otp/otp.cat1 b/crypto/heimdal/appl/otp/otp.cat1
new file mode 100644
index 0000000..588bcc2
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otp.cat1
@@ -0,0 +1,43 @@
+
+OTP(1)                       UNIX Reference Manual                      OTP(1)
+
+NNAAMMEE
+     oottpp - manages one-time passwords
+
+SSYYNNOOPPSSIISS
+     oottpp [--ddhhlloorr] [--ff _a_l_g_o_r_i_t_h_m] [--uu _u_s_e_r] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
+
+DDEESSCCRRIIPPTTIIOONN
+     The oottpp program initializes and updates your current series of one-time
+     passwords (OTPs).
+
+     Use this to set a new series of one-time passwords.  Only perform this on
+     the console or over an encrypted link as you will have to supply your
+     pass-phrase.  The other two parameters are _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
+
+     Options are:
+
+     --dd      To delete a one-time password.
+
+     --ff      Choose a different _a_l_g_o_r_i_t_h_m from the default md5.  Pick any of:
+             md4, md5, and sha.
+
+     --hh      For getting a help message.
+
+     --ll      List the current table of one-time passwords.
+
+     --oo      To open (unlock) the otp-entry for a user.
+
+     --rr      To renew a one-time password series.  This operation can be per-
+             formed over an potentially eavesdropped link because you do not
+             supply the pass-phrase.  First you need to supply the current
+             one-time password and then the new one corresponding to the sup-
+             plied _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
+
+     --uu      To choose a different _u_s_e_r to set one-time passwords for.  This
+             only works when running oottpp as root.
+
+SSEEEE AALLSSOO
+     otpprint(1)
+
+ KTH-KRB                       November 17, 1996                             1
diff --git a/crypto/heimdal/appl/otp/otp_locl.h b/crypto/heimdal/appl/otp/otp_locl.h
new file mode 100644
index 0000000..971ec68
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otp_locl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: otp_locl.h,v 1.8 2001/02/15 04:20:51 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <roken.h>
+#include <err.h>
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#else
+#include <des.h>
+#endif
+#include <otp.h>
diff --git a/crypto/heimdal/appl/otp/otpprint.1 b/crypto/heimdal/appl/otp/otpprint.1
new file mode 100644
index 0000000..7f7d5be
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otpprint.1
@@ -0,0 +1,52 @@
+.\" $Id: otpprint.1,v 1.4 2001/06/08 20:44:46 assar Exp $
+.\"
+.Dd November 17, 1996
+.Dt OTP 1
+.Os KTH-KRB
+.Sh NAME
+.Nm otpprint
+.Nd
+print lists of one-time passwords
+.Sh SYNOPSIS
+.Nm otp
+.Op Fl n Ar count
+.Op Fl e
+.Op Fl h
+.Op Fl f Ar algorithm
+.Ar sequence-number
+.Ar seed
+.Sh DESCRIPTION
+The
+.Nm
+program prints lists of OTPs.
+.Pp
+Use this to print out a series of one-time passwords.  You will have
+to supply the
+.Ar sequence number
+and the
+.Ar seed
+as arguments and then the program will prompt you for your pass-phrase.
+.Pp
+There are several different print formats.  The default is to print
+each password with six short english words.
+.Pp
+Options are:
+.Bl -tag -width Ds
+.It Fl e
+Print the passwords in ``extended'' format.  In this format a prefix
+that says ``hex:'' or ``word:'' is included.
+.It Fl f
+To choose a different
+.Ar algorithm
+from the default md5.  Pick any of: md4, md5, and sha.
+.It Fl h
+Print the passwords in hex.
+.It Fl n
+Print
+.Ar count
+one-time passwords, starting at
+.Ar sequence-number
+and going backwards. The default is 10.
+.El
+.Sh SEE ALSO
+.Xr otp 1
diff --git a/crypto/heimdal/appl/otp/otpprint.c b/crypto/heimdal/appl/otp/otpprint.c
new file mode 100644
index 0000000..b1d0a84
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otpprint.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "otp_locl.h"
+#include <getarg.h>
+
+RCSID("$Id: otpprint.c,v 1.14 2001/02/20 01:44:46 assar Exp $");
+
+static int extendedp;
+static int count = 10;
+static int hexp;
+static char* alg_string;
+static int version_flag;
+static int help_flag;
+
+struct getargs args[] = {
+    { "extended", 'e', arg_flag, &extendedp, "print keys in extended format" },
+    { "count", 'n', arg_integer, &count, "number of keys to print" },
+    { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" },
+    { "hash", 'f', arg_string, &alg_string, 
+      "hash algorithm (md4, md5, or sha)", "algorithm"},
+    { "version", 0, arg_flag, &version_flag },
+    { "help", 0, arg_flag, &help_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "num seed");
+    exit(code);
+}
+
+static int
+print (int argc,
+       char **argv,
+       int count,
+       OtpAlgorithm *alg,
+       void (*print_fn)(OtpKey, char *, size_t))
+{
+  char pw[64];
+  OtpKey key;
+  int n;
+  int i;
+  char *seed;
+
+  if (argc != 2)
+      usage (1);
+  n = atoi(argv[0]);
+  seed = argv[1];
+  if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
+    return 1;
+  alg->init (key, pw, seed);
+  for (i = 0; i < n; ++i) {
+    char s[64];
+
+    alg->next (key);
+    if (i >= n - count) {
+      (*print_fn)(key, s, sizeof(s));
+      printf ("%d: %s\n", i + 1, s);
+    }
+  }
+  return 0;
+}
+
+int
+main (int argc, char **argv)
+{
+    int optind = 0;
+    void (*fn)(OtpKey, char *, size_t);
+    OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
+
+    setprogname (argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    if(alg_string) {
+	alg = otp_find_alg (alg_string);
+	if (alg == NULL)
+	    errx(1, "Unknown algorithm: %s", alg_string);
+    }
+    argc -= optind;
+    argv += optind;
+
+    if (hexp) {
+	if (extendedp)
+	    fn = otp_print_hex_extended;
+	else
+	    fn = otp_print_hex;
+    } else {
+	if (extendedp)
+	    fn = otp_print_stddict_extended;
+	else
+	    fn = otp_print_stddict;
+    }
+
+    return print (argc, argv, count, alg, fn);
+}
diff --git a/crypto/heimdal/appl/otp/otpprint.cat1 b/crypto/heimdal/appl/otp/otpprint.cat1
new file mode 100644
index 0000000..1c4d244
--- /dev/null
+++ b/crypto/heimdal/appl/otp/otpprint.cat1
@@ -0,0 +1,36 @@
+
+OTP(1)                       UNIX Reference Manual                      OTP(1)
+
+NNAAMMEE
+     oottpppprriinntt - print lists of one-time passwords
+
+SSYYNNOOPPSSIISS
+     oottpp [--nn _c_o_u_n_t] [--ee] [--hh] [--ff _a_l_g_o_r_i_t_h_m] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
+
+DDEESSCCRRIIPPTTIIOONN
+     The oottpppprriinntt program prints lists of OTPs.
+
+     Use this to print out a series of one-time passwords.  You will have to
+     supply the _s_e_q_u_e_n_c_e _n_u_m_b_e_r and the _s_e_e_d as arguments and then the program
+     will prompt you for your pass-phrase.
+
+     There are several different print formats.  The default is to print each
+     password with six short english words.
+
+     Options are:
+
+     --ee      Print the passwords in ``extended'' format.  In this format a
+             prefix that says ``hex:'' or ``word:'' is included.
+
+     --ff      To choose a different _a_l_g_o_r_i_t_h_m from the default md5.  Pick any
+             of: md4, md5, and sha.
+
+     --hh      Print the passwords in hex.
+
+     --nn      Print _c_o_u_n_t one-time passwords, starting at _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and
+             going backwards. The default is 10.
+
+SSEEEE AALLSSOO
+     otp(1)
+
+ KTH-KRB                       November 17, 1996                             1
diff --git a/crypto/heimdal/appl/popper/ChangeLog b/crypto/heimdal/appl/popper/ChangeLog
new file mode 100644
index 0000000..8c85793
--- /dev/null
+++ b/crypto/heimdal/appl/popper/ChangeLog
@@ -0,0 +1,169 @@
+2000-12-31  Assar Westerlund  <assar@sics.se>
+
+	* pop_init.c (pop_init): handle krb5_init_context failure
+	consistently
+	* pop_debug.c (doit_v5): handle krb5_init_context failure
+	consistently
+
+2000-06-10  Assar Westerlund  <assar@sics.se>
+
+	* pop_init.c (krb4_authenticate): do not exit on failure, just
+	return
+	(krb5_authenticate): log errors from krb5_recvauth
+
+2000-04-12  Assar Westerlund  <assar@sics.se>
+
+	* *.c: replace all erroneous calls to pop_log with POP_FAILURE
+	with POP_PRIORITY.  reported by Janne Johansson <jj@it.kth.se>'
+
+2000-01-27  Assar Westerlund  <assar@sics.se>
+
+	* pop_debug.c (main): figure out port number
+
+1999-12-20  Assar Westerlund  <assar@sics.se>
+
+	* pop_init.c (pop_init): use getnameinfo_verified
+
+	* pop_debug.c (get_socket): use getaddrinfo
+
+1999-12-03  Johan Danielsson  <joda@pdc.kth.se>
+
+	* pop_init.c: optionally trace connected addresses to a file
+
+1999-11-02  Assar Westerlund  <assar@sics.se>
+
+	* pop_debug.c (main): redo the v4/v5 selection for consistency.
+  	-4 -> try only v4 -5 -> try only v5 none, -45 -> try v5, v4
+
+1999-10-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* pop_init.c (krb5_authenticate): don't use the principal
+	associated with the socket for authentication, instead let
+	krb5_rd_req pick the correct one from the ticket; just check that
+	it actually was a pop-ticket
+
+1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* pop_init.c (pop_init): don't freehostent if ch == NULL
+
+	* pop_dele.c: implement XDELE to delete a range of messages
+
+1999-08-05  Assar Westerlund  <assar@sics.se>
+
+	* pop_init.c: v6-ify
+
+	* pop_debug.c: v6-ify
+
+1999-05-10  Assar Westerlund  <assar@sics.se>
+
+	* pop_debug.c (doit_v5): call krb5_sendauth with ccache == NULL
+	
+1999-04-11  Assar Westerlund  <assar@sics.se>
+
+	* pop_debug.c (main): use print_version
+
+Thu Apr  8 15:07:11 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* pop_pass.c: remove definition of KRB_VERIFY_USER (moved to
+ 	config.h)
+
+Thu Mar 18 12:55:42 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* pop_pass.c: define KRB_VERIFY_SECURE if not defined
+
+	* Makefile.am: include Makefile.am.common
+
+Wed Mar 17 23:36:21 1999  Assar Westerlund  <assar@sics.se>
+
+	* pop_pass.c (krb4_verify_password): use KRB_VERIFY_SECURE instead
+ 	of 1
+
+Tue Mar 16 22:28:52 1999  Assar Westerlund  <assar@sics.se>
+
+	* pop_pass.c: krb_verify_user_multiple -> krb_verify_user
+
+Sat Mar 13 22:17:29 1999  Assar Westerlund  <assar@sics.se>
+
+	* pop_parse.c (pop_parse): cast when calling is* to get rid of a
+ 	warning
+
+Mon Mar  8 11:50:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* pop_init.c: use print_version
+
+Fri Mar  5 15:14:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* pop_send.c: fix handling of messages w/o body
+
+Sun Nov 22 10:33:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* pop_pass.c (pop_pass): try to always log
+
+	* Makefile.in (WFLAGS): set
+
+Fri Jul 10 01:14:25 1998  Assar Westerlund  <assar@sics.se>
+
+	* pop_init.c: s/net_read/pop_net_read/
+
+Tue Jun  2 17:33:54 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* pop_send.c: add missing newlines
+
+Sun May 24 20:59:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* maildir.c (make_path): fix reversed args
+
+Sat May 16 00:02:18 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: link with DBLIB
+
+Sun Apr 26 11:47:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* pop_pass.c (pop_pass): check return value from changeuser
+
+	* pop_dropcopy.c (changeuser): check that `setuid' and `setgid'
+ 	succeeded.
+
+	* popper.h: changeuser now returns int
+
+Thu Apr 23 00:54:38 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Add support for maildir spoolfiles.
+
+	* popper.h (MsgInfoList): replace `del_flag' and `retr_flag' with
+	single `flags'
+
+	* pop_dropcopy.c: Fix mismatched parenthesis.
+
+Sat Apr  4 15:13:56 1998  Assar Westerlund  <assar@sics.se>
+
+	* pop_dropcopy.c (pop_dropcopy): first do mkstemp and then fdopen.
+  	Originally from <map@stacken.kth.se>
+
+	* popper.h: include <io.h>
+
+Sat Feb  7 10:07:39 1998  Assar Westerlund  <assar@sics.se>
+
+	* pop_pass.c(krb4_verify_password: Don't use REALM_SZ + 1, just
+ 	REALM_SZ
+
+Mon Dec 29 16:37:26 1997  Assar Westerlund  <assar@sics.se>
+
+	* pop_updt.c (pop_updt): lseek before ftruncating the file.  From
+ 	<map@stacken.kth.se>
+
+Sat Nov 22 13:46:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* pop_pass.c: Destroy tickets after verification.
+
+Sun Nov  9 09:11:14 1997  Assar Westerlund  <assar@sics.se>
+
+	* pop_dropinfo.c: be careful with mails without msg-id, subject,
+ 	or from
+
+Wed Oct 29 02:09:24 1997  Assar Westerlund  <assar@sics.se>
+
+	* pop_pass.c: conditionalize OTP-support
+
+	* pop_init.c: conditionalize OTP-support
+
diff --git a/crypto/heimdal/appl/popper/Makefile.am b/crypto/heimdal/appl/popper/Makefile.am
new file mode 100644
index 0000000..d52d0cf
--- /dev/null
+++ b/crypto/heimdal/appl/popper/Makefile.am
@@ -0,0 +1,29 @@
+# $Id: Makefile.am,v 1.13 2000/11/15 22:51:09 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+noinst_PROGRAMS = pop_debug
+
+libexec_PROGRAMS = popper
+
+popper_SOURCES = \
+	pop_dele.c pop_dropcopy.c pop_dropinfo.c \
+	pop_get_command.c pop_init.c \
+	pop_last.c pop_list.c pop_log.c \
+	pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
+	pop_rset.c pop_send.c pop_stat.c pop_updt.c \
+	pop_user.c pop_uidl.c pop_xover.c popper.c \
+	maildir.c popper.h version.h
+
+EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
+	popper.README.release README-FIRST README-KRB4
+
+LDADD = \
+	$(LIB_otp) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(DBLIB)
diff --git a/crypto/heimdal/appl/popper/Makefile.in b/crypto/heimdal/appl/popper/Makefile.in
new file mode 100644
index 0000000..0185f12
--- /dev/null
+++ b/crypto/heimdal/appl/popper/Makefile.in
@@ -0,0 +1,623 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.13 2000/11/15 22:51:09 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+noinst_PROGRAMS = pop_debug
+
+libexec_PROGRAMS = popper
+
+popper_SOURCES = \
+	pop_dele.c pop_dropcopy.c pop_dropinfo.c \
+	pop_get_command.c pop_init.c \
+	pop_last.c pop_list.c pop_log.c \
+	pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
+	pop_rset.c pop_send.c pop_stat.c pop_updt.c \
+	pop_user.c pop_uidl.c pop_xover.c popper.c \
+	maildir.c popper.h version.h
+
+
+EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
+	popper.README.release README-FIRST README-KRB4
+
+
+LDADD = \
+	$(LIB_otp) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(DBLIB)
+
+subdir = appl/popper
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+libexec_PROGRAMS =  popper$(EXEEXT)
+noinst_PROGRAMS =  pop_debug$(EXEEXT)
+PROGRAMS =  $(libexec_PROGRAMS) $(noinst_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+pop_debug_SOURCES = pop_debug.c
+pop_debug_OBJECTS =  pop_debug.$(OBJEXT)
+pop_debug_LDADD = $(LDADD)
+@KRB5_FALSE@pop_debug_DEPENDENCIES = 
+@KRB5_TRUE@pop_debug_DEPENDENCIES =  $(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+pop_debug_LDFLAGS = 
+am_popper_OBJECTS =  pop_dele.$(OBJEXT) pop_dropcopy.$(OBJEXT) \
+pop_dropinfo.$(OBJEXT) pop_get_command.$(OBJEXT) pop_init.$(OBJEXT) \
+pop_last.$(OBJEXT) pop_list.$(OBJEXT) pop_log.$(OBJEXT) \
+pop_msg.$(OBJEXT) pop_parse.$(OBJEXT) pop_pass.$(OBJEXT) \
+pop_quit.$(OBJEXT) pop_rset.$(OBJEXT) pop_send.$(OBJEXT) \
+pop_stat.$(OBJEXT) pop_updt.$(OBJEXT) pop_user.$(OBJEXT) \
+pop_uidl.$(OBJEXT) pop_xover.$(OBJEXT) popper.$(OBJEXT) \
+maildir.$(OBJEXT)
+popper_OBJECTS =  $(am_popper_OBJECTS)
+popper_LDADD = $(LDADD)
+@KRB5_FALSE@popper_DEPENDENCIES = 
+@KRB5_TRUE@popper_DEPENDENCIES =  $(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+popper_LDFLAGS = 
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  pop_debug.c $(popper_SOURCES)
+depcomp = 
+DIST_COMMON =  README ChangeLog Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = pop_debug.c $(popper_SOURCES)
+OBJECTS = pop_debug.$(OBJEXT) $(am_popper_OBJECTS)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/popper/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-libexecPROGRAMS:
+
+clean-libexecPROGRAMS:
+	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+distclean-libexecPROGRAMS:
+
+maintainer-clean-libexecPROGRAMS:
+
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
+	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
+	done
+
+mostlyclean-noinstPROGRAMS:
+
+clean-noinstPROGRAMS:
+	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+
+distclean-noinstPROGRAMS:
+
+maintainer-clean-noinstPROGRAMS:
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+pop_debug$(EXEEXT): $(pop_debug_OBJECTS) $(pop_debug_DEPENDENCIES)
+	@rm -f pop_debug$(EXEEXT)
+	$(LINK) $(pop_debug_LDFLAGS) $(pop_debug_OBJECTS) $(pop_debug_LDADD) $(LIBS)
+
+popper$(EXEEXT): $(popper_OBJECTS) $(popper_DEPENDENCIES)
+	@rm -f popper$(EXEEXT)
+	$(LINK) $(popper_LDFLAGS) $(popper_OBJECTS) $(popper_LDADD) $(LIBS)
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-libexecPROGRAMS
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-libexecPROGRAMS
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(libexecdir)
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-libexecPROGRAMS mostlyclean-noinstPROGRAMS \
+		mostlyclean-compile mostlyclean-libtool \
+		mostlyclean-tags mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-libexecPROGRAMS clean-noinstPROGRAMS clean-compile \
+		clean-libtool clean-tags clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-libexecPROGRAMS distclean-noinstPROGRAMS \
+		distclean-compile distclean-libtool distclean-tags \
+		distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-libexecPROGRAMS \
+		maintainer-clean-noinstPROGRAMS \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-tags maintainer-clean-generic \
+		distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
+clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
+uninstall-libexecPROGRAMS install-libexecPROGRAMS \
+mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \
+clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \
+mostlyclean-compile distclean-compile clean-compile \
+maintainer-clean-compile mostlyclean-libtool distclean-libtool \
+clean-libtool maintainer-clean-libtool tags mostlyclean-tags \
+distclean-tags clean-tags maintainer-clean-tags distdir info-am info \
+dvi-am dvi check-local check check-am installcheck-am installcheck \
+install-exec-am install-exec install-data-local install-data-am \
+install-data install-am install uninstall-am uninstall all-local \
+all-redirect all-am all install-strip installdirs mostlyclean-generic \
+distclean-generic clean-generic maintainer-clean-generic clean \
+mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/popper/README b/crypto/heimdal/appl/popper/README
new file mode 100644
index 0000000..0735fdd
--- /dev/null
+++ b/crypto/heimdal/appl/popper/README
@@ -0,0 +1,381 @@
+@(#)@(#)README	2.6   2.6 4/2/91
+
+
+The Post Office Protocol Server:  Installation Guide
+
+
+
+Introduction
+
+The Post Office Protocol server runs on a variety of Unix[1] computers
+to manage electronic mail for Macintosh and MS-DOS computers.  The
+server was developed at the University of California at Berkeley and
+conforms fully to the specifications in RFC 1081[2] and RFC 1082[3].
+The Berkeley server also has extensions to send electronic mail on
+behalf of a client.
+
+This guide explains how to install the POP server on your Unix
+computer.  It assumes that you are not only familiar with Unix but also
+capable of performing Unix system administration.
+
+
+How to Obtain the Server
+
+The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU
+(128.32.136.9, 128.32.206.12).  It is in two files in the pub directory:
+a compressed tar file popper-version.tar.Z and a Macintosh StuffIt archive
+in BinHex format called MacPOP.sit.hqx.
+
+
+Contents of the Distribution
+
+The distribution contains the following:
+
++   All of the C source necessary to create the server program.
+
++   A visual representation of how the POP system works.
+
++   Reprints of RFC 1081 and RFC 1082.
+
++   A HyperCard stack POP client implementation using MacTCP.
+
++   A man page for the popper daemon.
+
++   This guide.
+
+
+Compatibility
+
+The Berkeley POP server has been successfully tested on the following
+Unix operating systems:
+
++   Berkeley Systems Distribution 4.3
+
++   Sun Microsystems Operating System versions 3.5 and 4.0
+
++   Ultrix version 2.3
+
+The following POP clients operate correctly with the Berkeley POP server:
+
++   The Berkeley HyperMail HyperCard stack for the Apple Macintosh 
+    (distributed with the server).
+
++   The Stanford University Macintosh Internet Protocol MacMH program.
+
++   The Stanford University Personal Computer Internet Protocol MH 
+    program.
+
++   The mh version 6.0 programs for Unix.
+
+
+Support
+
+The Berkeley POP server is not officially supported and is without any
+warranty, explicit or implied.  However, we are interested in your
+experiences using the server.  Bugs, comments and suggestions should be
+sent electronically to netinfo@garnet.Berkeley.EDU.
+
+
+Operational Characteristics
+
+The POP Transaction Cycle
+
+The Berkeley POP server is a single program (called popper) that is
+launched by inetd when it gets a service request on the POP TCP port.
+(The official port number specified in RFC 1081 for POP version 3 is
+port 110.  However, some POP3 clients attempt to contact the server at
+port 109, the POP version 2 port.  Unless you are running both POP2 and
+POP3 servers, you can simply define both ports for use by the POP3
+server.  This is explained in the installation instructions later on.)
+The popper program initializes and verifies that the peer IP address is
+registered in the local domain, logging a warning message when a
+connection is made to a client whose IP address does not have a
+canonical name.  For systems using BSD 4.3 bind, it also checks to see
+if a cannonical name lookup for the client returns the same peer IP
+address, logging a warning message if it does not.  The the server
+enters the authorization state, during which the client must correctly
+identify itself by providing a valid Unix userid and password on the
+server's host machine.  No other exchanges are allowed during this
+state (other than a request to quit.)  If authentication fails, a
+warning message is logged and the session ends.  Once the user is
+identified, popper changes its user and group ids to match that of the
+user and enters the transaction state.  The server makes a temporary
+copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
+used for all subsequent transactions.  These include the bulk of POP
+commands to retrieve mail, delete mail, undelete mail, and so forth.  A
+Berkeley extension also allows the user to submit a mail parcel to the
+server who mails it using the sendmail program (this extension is
+supported in the HyperMail client distributed with the server).  When
+the client quits, the server enters the final update state during which
+the network connection is terminated and the user's maildrop is updated
+with the (possibly) modified temporary maildrop.
+
+
+Logging
+
+The POP server uses syslog to keep a record of its activities.  On
+systems with BSD 4.3 syslogging, the server logs (by default) to the
+"local0" facility at priority "notice" for all messages except
+debugging which is logged at priority "debug".  The default log file is
+/usr/spool/mqueue/POPlog.  These can be changed, if desired.  On
+systems with 4.2 syslogging all messages are logged to the local log
+file, usually /usr/spool/mqueue/syslog.
+
+Problems
+
+If the filesystem which holds the /usr/spool/mail fills up users will 
+experience difficulties.  The filesystem must have enough space to hold
+(approximately) two copies of the largest mail box.  Popper (v1.81 and
+above) is designed to be robust in the face of this problem, but you may
+end up with a situation where some of the user's mail is in
+
+	/usr/spool/mail/.userid.pop
+
+and some of the mail is in
+
+	/usr/spool/mail/userid
+
+If this happens the System Administrator should clear enough disk space
+so that the filesystem has at least as much free disk as both mailboxes
+hold and probably a little more.  Then the user should initiate a POP
+session, and do nothing but quit.  If the POP session ends without an
+error the user can then use POP or another mail program to clean up his/her
+mailbox.
+
+Alternatively, the System Administrator can combine the two files (but
+popper will do this for you if there is enough disk space).
+
+
+Debugging
+
+The popper program will log debugging information when the -d parameter
+is specified after its invocation in the inetd.conf file.  Care should
+be exercised in using this option since it generates considerable
+output in the syslog file.  Alternatively, the "-t <file-name>" option
+will place debugging information into file "<file-name>" using fprintf
+instead of syslog.  (To enable debugging, you must edit the Makefile
+to add -DDEBUG to the compiler options.)
+
+For SunOS version 3.5, the popper program is launched by inetd from
+/etc/servers.  This file does not allow you to specify command line
+arguments.  Therefore, if you want to enable debugging, you can specify
+a shell script in /etc/servers to be launched instead of popper and in
+this script call popper with the desired arguments.
+
+
+Installation
+
+1.  Examine this file for the latest information, warnings, etc.
+
+2.  Check the Makefile for conformity with your system.
+
+3.  Issue the make command in the directory containing the popper 
+    source.
+
+4.  Issue the make install command in the directory containing the 
+    popper source to copy the program to /usr/etc.
+
+5.  Enable syslogging:
+
+    +   For systems with 4.3 syslogging:
+
+        Add the following line to the /etc/syslog.conf file:
+
+            local0.notice;local0.debug  /usr/spool/mqueue/POPlog
+
+        Create the empty file /usr/spool/mqueue/POPlog.
+
+        Kill and restart the syslogd daemon.
+
+    +   For systems with 4.2 syslogging:
+
+        Be sure that you are logging messages of priority 7 and higher.  
+        For example:
+
+            7/usr/spool/mqueue/syslog
+            9/dev/null
+
+6.  Update /etc/services:
+
+    Add the following line to the /etc/services file:
+
+        pop 110/tcp
+
+    Note:  This is the official port number for version 3 of the
+    Post Office Protocol as defined in RFC 1081.  However, some
+    POP3 clients use port 109, the port number for the previous
+    version (2) of POP.  Therefore you may also want to add the
+    following line to the /etc/services file:
+
+    pop2    109/tcp
+
+    For Sun systems running yp, also do the following:
+
+    +   Change to the /var/yp directory.
+
+    +   Issue the make services command.
+
+7.  Update the inetd daemon configuration.  Include the second line ONLY if you
+    are running the server at both ports.
+
+    +   On BSD 4.3 and SunOS 4.0 systems, add the following line to the 
+        /etc/inetd.conf file:
+
+        pop stream tcp nowait root /usr/etc/popper popper
+        pop2 stream tcp nowait root /usr/etc/popper popper
+
+    +   On Ultrix systems, add the following line to the 
+        /etc/inetd.conf file:
+
+        pop stream tcp nowait /usr/etc/popper popper
+        pop2 stream tcp nowait /usr/etc/popper popper
+
+    +   On SunOS 3.5 systems, add the following line to the 
+        /etc/servers file:
+
+        pop tcp /usr/etc/popper
+        pop2 tcp /usr/etc/popper
+
+        Kill and restart the inetd daemon.
+
+You can confirm that the POP server is running on Unix by telneting to
+port 110 (or 109 if you set it up that way).  For example:
+
+%telnet myhost 110
+Trying...
+Connected to myhost.berkeley.edu.
+Escape character is '^]'.
++OK UCB Pop server (version 1.6) at myhost starting.
+quit
+Connection closed by foreign host.
+
+
+Release Notes
+
+1.83    Make sure that everything we do as root is non-destructive.
+
+1.82	Make the /usr/spool/mail/.userid.pop file owned by the user rather
+	than owned by root.
+
+1.81	There were two versions of 1.7 floating around, 1.7b4 and 1.7b5.
+	The difference is that 1.7b5 attempted to save disk space on 
+	/usr/spool/mail by deleting the users permanent maildrop after
+	making the temporary copy.  Unfortunately, if compiled with 
+	-DDEBUG, this version could easily wipe out a users' mail file.
+	This is now fixed.
+
+	This version also fixes a security hole for systems that have
+	/usr/spool/mail writeable by all users.
+
+	With this version we go to all new SCCS IDs for all files.  This
+	is unfortunate, and we hope it is not too much of a problem.
+
+	Thanks to Steve Dorner of UIUC for pointing out the major problem.
+
+1.7     Extensive re-write of the maildrop processing code contributed by 
+        Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
+        possibility that the maildrop can be corrupted as the result of
+        simultaneous access by two or more processes.
+
+        Added "pop_dropcopy" module to create a temporary maildrop from
+        the existing, standard maildrop as root before the setuid and 
+        setgid for the user is done.  This allows the temporary maildrop
+        to be created in a mail spool area that is not world read-writable.
+
+        This version does *not* send the sendmail "From " delimiter line
+        in response to a TOP or RETR command.
+
+        Encased all debugging code in #ifdef DEBUG constructs.  This code can
+        be included by specifying the DEGUG compiler flag.  Note:  You still
+        need to use the -d or -t option to obtain debugging output.
+
+1.6     Corrects a bug that causes the server to crash on SunOS
+        4.0 systems.
+
+        Uses varargs and vsprintf (if available) in pop_log and
+        pop_msg.  This is enabled by the "HAVE_VSPRINTF"
+        compiler flag.
+
+        For systems with BSD 4.3 bind, performs a cannonical
+        name lookup and searches the returned address(es) for
+        the client's address, logging a warning message if it
+        is not located.  This is enabled by the "BIND43"
+        comiler flag.
+
+        Removed all the includes from popper.h and distributed
+        them throughout the porgrams files, as needed.
+
+        Reformatted the source to convert tabs to spaces and
+        shorten lines for display on 80-column terminals.
+
+1.5     Creates the temporary maildrop with mode "600" and
+        immediately unlinks it.
+
+        Uses client's IP address in lieu of a canonical name if
+        the latter cannot be obtained.
+
+        Added "-t <file-name>" option.  The presence of this
+        option causes debugging output to be placed in the file
+        "file-name" using fprintf instead of the system log
+        file using syslog.
+
+        Corrected maildrop parsing problem.
+
+1.4     Copies user's mail into a temporary maildrop on which
+        all subsequent activity is performed.
+
+        Added "pop_log" function and replaced "syslog" calls
+        throughout the code with it.
+
+1.3     Corrected updating of Status: header line.
+
+        Added strncasecmp for systems that do not have one.
+        Used strncasecmp in all appropriate places.  This is
+        enabled by the STRNCASECMP compiler flag.
+
+1.2     Support for version 4.2 syslogging added.  This is
+        enabled by the SYSLOG42 compiler flag.
+
+1.1     Several bugs fixed.
+
+1.0     Original version.
+
+
+Limitations
+
++   The POP server copies the user's entire maildrop to /tmp and
+    then operates on that copy.  If the maildrop is particularly
+    large, or inadequate space is available in /tmp, then the
+    server will refuse to continue and terminate the connection.
+
++   Simultaneous modification of a single maildrop can result in 
+    confusing results.  For example, manipulating messages in a
+    maildrop using the Unix /usr/ucb/mail command while a copy of
+    it is being processed by the POP server can cause the changes
+    made by one program to be lost when the other terminates.  This
+    problem is being worked on and will be fixed in a later
+    release.
+
+
+Credits
+
+The POP server was written by Edward Moy and Austin Shelton with
+contributions from Robert Campbell (U.C. Berkeley) and Viktor Dukhovni
+(Princeton University).  Edward Moy wrote the HyperMail stack and drew
+the POP operation diagram.  This installation guide was written by
+Austin Shelton.
+
+
+Footnotes
+
+[1] Copyright (c) 1990 Regents of the University of California.
+    All rights reserved.  The Berkeley software License Agreement
+    specifies the terms and conditions for redistribution.  Unix is
+    a registered trademark of AT&T corporation.  HyperCard and
+    Macintosh are registered trademarks of Apple Corporation.
+
+[2] M. Rose, Post Office Protocol - Version 3.  RFC  1081, NIC, 
+    November 1988.
+
+[3] M. Rose, Post Office Protocol - Version 3 Extended Service 
+    Offerings.  RFC 1082, NIC, November 1988.
diff --git a/crypto/heimdal/appl/popper/README-FIRST b/crypto/heimdal/appl/popper/README-FIRST
new file mode 100644
index 0000000..3d78fb6
--- /dev/null
+++ b/crypto/heimdal/appl/popper/README-FIRST
@@ -0,0 +1,11 @@
+This kerberized popper was based on popper-1.831beta
+which was later announced as "offical" and not beta.
+
+This program is able to talk both the pop3 and the kpop3 protocol.
+
+Please note that the server principal is pop.hostname and not
+rcmd.hostname. I.e an additional entry is needed in your mailhub's
+/etc/srvtab. Use ksrvutil to add the extra prinicpal.
+
+The server is usually started from inetd and there is already an entry
+for that in inetd.conf.changes.
diff --git a/crypto/heimdal/appl/popper/README-KRB4 b/crypto/heimdal/appl/popper/README-KRB4
new file mode 100644
index 0000000..f029cf9
--- /dev/null
+++ b/crypto/heimdal/appl/popper/README-KRB4
@@ -0,0 +1,3 @@
+Define KERBEROS if you want support for Kerberos V4 style
+authentification, then you will be able to start a kerberise pop with
+the `-k' flag.
diff --git a/crypto/heimdal/appl/popper/maildir.c b/crypto/heimdal/appl/popper/maildir.c
new file mode 100644
index 0000000..4c9a441
--- /dev/null
+++ b/crypto/heimdal/appl/popper/maildir.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include <popper.h>
+#include <dirent.h>
+RCSID("$Id: maildir.c,v 1.5 1999/12/02 16:58:33 joda Exp $");
+
+static void
+make_path(POP *p, MsgInfoList *mp, int new, char *buf, size_t len)
+{
+    snprintf(buf, len, "%s/%s%s%s", p->drop_name, 
+	     new ? "new" : "cur", mp ? "/" : "", mp ? mp->name : "");
+}
+
+static int
+scan_file(POP *p, MsgInfoList *mp)
+{
+    char path[MAXDROPLEN];
+    FILE *f;
+    char buf[1024];
+    int eoh = 0;
+
+    make_path(p, mp, mp->flags & NEW_FLAG, path, sizeof(path));
+    f = fopen(path, "r");
+
+    if(f == NULL) {
+#ifdef DEBUG
+	if(p->debug)
+	    pop_log(p, POP_DEBUG, 
+		    "Failed to open message file `%s': %s", 
+		    path, strerror(errno));
+#endif
+	return pop_msg (p, POP_FAILURE,
+			"Failed to open message file `%s'", path);
+    }
+    while(fgets(buf, sizeof(buf), f)) {
+	if(buf[strlen(buf) - 1] == '\n')
+	    mp->lines++;
+	mp->length += strlen(buf);
+	if(eoh)
+	    continue;
+	if(strcmp(buf, "\n") == 0)
+	    eoh = 1;
+	parse_header(mp, buf);
+    }
+    fclose(f);
+    return add_missing_headers(p, mp);
+}
+
+static int
+scan_dir(POP *p, int new)
+{
+    char tmp[MAXDROPLEN];
+    DIR *dir;
+    struct dirent *dent;
+    MsgInfoList *mp = p->mlp;
+    int n_mp = p->msg_count;
+    int e;
+
+    make_path(p, NULL, new, tmp, sizeof(tmp));
+    mkdir(tmp, 0700);
+    dir = opendir(tmp);
+    while((dent = readdir(dir)) != NULL) {
+	if(strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0)
+	    continue;
+	mp = realloc(mp, (n_mp + 1) * sizeof(*mp));
+	if(mp == NULL) {
+	    p->msg_count = 0;
+	    return pop_msg (p, POP_FAILURE,
+			    "Can't build message list for '%s': Out of memory",
+                            p->user);
+	}
+	memset(mp + n_mp, 0, sizeof(*mp));
+	mp[n_mp].name = strdup(dent->d_name);
+	if(mp[n_mp].name == NULL) {
+	    p->msg_count = 0;
+	    return pop_msg (p, POP_FAILURE,
+			    "Can't build message list for '%s': Out of memory",
+                            p->user);
+	}
+	mp[n_mp].number = n_mp + 1;
+	mp[n_mp].flags = 0;
+	if(new)
+	    mp[n_mp].flags |= NEW_FLAG;
+	e = scan_file(p, &mp[n_mp]);
+	if(e != POP_SUCCESS)
+	    return e;
+        p->drop_size += mp[n_mp].length;
+	n_mp++;
+    }
+    closedir(dir);
+    p->mlp = mp;
+    p->msg_count = n_mp;
+    return POP_SUCCESS;
+}
+
+int
+pop_maildir_info(POP *p)
+{
+    int e;
+    
+    p->temp_drop[0] = '\0';
+    p->mlp = NULL;
+    p->msg_count = 0;
+
+    e = scan_dir(p, 0);
+    if(e != POP_SUCCESS) return e;
+
+    e = scan_dir(p, 1);
+    if(e != POP_SUCCESS) return e;
+    return POP_SUCCESS;
+}
+
+int
+pop_maildir_update(POP *p)
+{
+    int i;
+    char tmp1[MAXDROPLEN], tmp2[MAXDROPLEN];
+    for(i = 0; i < p->msg_count; i++) {
+	make_path(p, &p->mlp[i], p->mlp[i].flags & NEW_FLAG, 
+		  tmp1, sizeof(tmp1));
+	if(p->mlp[i].flags & DEL_FLAG) {
+#ifdef DEBUG
+	    if(p->debug)
+		pop_log(p, POP_DEBUG, "Removing `%s'", tmp1);
+#endif
+	    if(unlink(tmp1) < 0) {
+#ifdef DEBUG
+		if(p->debug)
+		    pop_log(p, POP_DEBUG, "Failed to remove `%s': %s", 
+			    tmp1, strerror(errno));
+#endif
+		/* return failure? */
+	    }
+	} else if((p->mlp[i].flags & NEW_FLAG) && 
+		  (p->mlp[i].flags & RETR_FLAG)) {
+	    make_path(p, &p->mlp[i], 0, tmp2, sizeof(tmp2));
+#ifdef DEBUG
+	    if(p->debug)
+		pop_log(p, POP_DEBUG, "Linking `%s' to `%s'", tmp1, tmp2);
+#endif
+	    if(link(tmp1, tmp2) == 0) {
+#ifdef DEBUG
+		if(p->debug)
+		    pop_log(p, POP_DEBUG, "Removing `%s'", tmp1);
+#endif
+		if(unlink(tmp1) < 0) {
+#ifdef DEBUG
+		    if(p->debug)
+			pop_log(p, POP_DEBUG, "Failed to remove `%s'", tmp1);
+#endif
+		    /* return failure? */
+		}
+	    } else {
+		if(errno == EXDEV) {
+#ifdef DEBUG
+		    if(p->debug)
+			pop_log(p, POP_DEBUG, "Trying to rename `%s' to `%s'", 
+				tmp1, tmp2);
+#endif
+		    if(rename(tmp1, tmp2) < 0) {
+#ifdef DEBUG
+		    if(p->debug)
+			pop_log(p, POP_DEBUG, "Failed to rename `%s' to `%s'", 
+				tmp1, tmp2);
+#endif
+		    }
+		}
+	    }
+	}
+    }
+    return(pop_quit(p));
+}
+
+int
+pop_maildir_open(POP *p, MsgInfoList *mp)
+{
+    char tmp[MAXDROPLEN];
+    make_path(p, mp, mp->flags & NEW_FLAG, tmp, sizeof(tmp));
+    if(p->drop)
+	fclose(p->drop);
+    p->drop = fopen(tmp, "r");
+    if(p->drop == NULL)
+	return pop_msg(p, POP_FAILURE, "Failed to open message file");
+    return POP_SUCCESS;
+}
diff --git a/crypto/heimdal/appl/popper/pop3.rfc1081 b/crypto/heimdal/appl/popper/pop3.rfc1081
new file mode 100644
index 0000000..08ea6dd
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop3.rfc1081
@@ -0,0 +1,898 @@
+
+
+
+
+
+
+Network Working Group                                            M. Rose
+Request for Comments: 1081                                           TWG
+                                                           November 1988
+
+                    Post Office Protocol - Version 3
+
+
+Status of this Memo
+
+   This memo suggests a simple method for workstations to dynamically
+   access mail from a mailbox server.  This RFC specifies a proposed
+   protocol for the Internet community, and requests discussion and
+   suggestions for improvements.  Distribution of this memo is
+   unlimited.
+
+   This memo is based on RFC 918 (since revised as RFC 937).  Although
+   similar in form to the original Post Office Protocol (POP) proposed
+   for the Internet community, the protocol discussed in this memo is
+   similar in spirit to the ideas investigated by the MZnet project at
+   the University of California, Irvine.
+
+   Further, substantial work was done on examining POP in a PC-based
+   environment.  This work, which resulted in additional functionality
+   in this protocol, was performed by the ACIS Networking Systems Group
+   at Stanford University.  The author gratefully acknowledges their
+   interest.
+
+Introduction
+
+   On certain types of smaller nodes in the Internet it is often
+   impractical to maintain a message transport system (MTS).  For
+   example, a workstation may not have sufficient resources (cycles,
+   disk space) in order to permit a SMTP server and associated local
+   mail delivery system to be kept resident and continuously running.
+   Similarly, it may be expensive (or impossible) to keep a personal
+   computer interconnected to an IP-style network for long amounts of
+   time (the node is lacking the resource known as "connectivity").
+
+   Despite this, it is often very useful to be able to manage mail on
+   these smaller nodes, and they often support a user agent (UA) to aid
+   the tasks of mail handling.  To solve this problem, a node which can
+   support an MTS entity offers a maildrop service to these less endowed
+   nodes.  The Post Office Protocol - Version 3 (POP3) is intended to
+   permit a workstation to dynamically access a maildrop on a server
+   host in a useful fashion.  Usually, this means that the POP3 is used
+   to allow a workstation to retrieve mail that the server is holding
+   for it.
+
+
+
+
+Rose                                                            [Page 1]
+
+RFC 1081                          POP3                     November 1988
+
+
+   For the remainder of this memo, the term "client host" refers to a
+   host making use of the POP3 service, while the term "server host"
+   refers to a host which offers the POP3 service.
+
+A Short Digression
+
+   This memo does not specify how a client host enters mail into the
+   transport system, although a method consistent with the philosophy of
+   this memo is presented here:
+
+      When the user agent on a client host wishes to enter a message
+      into the transport system, it establishes an SMTP connection to
+      its relay host (this relay host could be, but need not be, the
+      POP3 server host for the client host).
+
+   If this method is followed, then the client host appears to the MTS
+   as a user agent, and should NOT be regarded as a "trusted" MTS entity
+   in any sense whatsoever.  This concept, along with the role of the
+   POP3 as a part of a split-UA model is discussed later in this memo.
+
+   Initially, the server host starts the POP3 service by listening on
+   TCP port 110.  When a client host wishes to make use of the service,
+   it establishes a TCP connection with the server host.  When the
+   connection is established, the POP3 server sends a greeting.  The
+   client and POP3 server then exchange commands and responses
+   (respectively) until the connection is closed or aborted.
+
+   Commands in the POP3 consist of a keyword possibly followed by an
+   argument.  All commands are terminated by a CRLF pair.
+
+   Responses in the POP3 consist of a success indicator and a keyword
+   possibly followed by additional information.  All responses are
+   terminated by a CRLF pair.  There are currently two success
+   indicators: positive ("+OK") and negative ("-ERR").
+
+   Responses to certain commands are multi-line.  In these cases, which
+   are clearly indicated below, after sending the first line of the
+   response and a CRLF, any additional lines are sent, each terminated
+   by a CRLF pair.  When all lines of the response have been sent, a
+   final line is sent, consisting of a termination octet (decimal code
+   046, ".") and a CRLF pair.  If any line of the multi-line response
+   begins with the termination octet, the line is "byte-stuffed" by
+   pre-pending the termination octet to that line of the response.
+   Hence a multi-line response is terminated with the five octets
+   "CRLF.CRLF".  When examining a multi-line response, the client checks
+   to see if the line begins with the termination octet.  If so and if
+   octets other than CRLF follow, the the first octet of the line (the
+   termination octet) is stripped away.  If so and if CRLF immediately
+
+
+
+Rose                                                            [Page 2]
+
+RFC 1081                          POP3                     November 1988
+
+
+   follows the termination character, then the response from the POP
+   server is ended and the line containing ".CRLF" is not considered
+   part of the multi-line response.
+
+   A POP3 session progresses through a number of states during its
+   lifetime.  Once the TCP connection has been opened and the POP3
+   server has sent the greeting, the session enters the AUTHORIZATION
+   state.  In this state, the client must identify itself to the POP3
+   server.  Once the client has successfully done this, the server
+   acquires resources associated with the client's maildrop, and the
+   session enters the TRANSACTION state.  In this state, the client
+   requests actions on the part of the POP3 server.  When the client has
+   finished its transactions, the session enters the UPDATE state.  In
+   this state, the POP3 server releases any resources acquired during
+   the TRANSACTION state and says goodbye.  The TCP connection is then
+   closed.
+
+The AUTHORIZATION State
+
+   Once the TCP connection has been opened by a POP3 client, the POP3
+   server issues a one line greeting.  This can be any string terminated
+   by CRLF.  An example might be:
+
+      S.  +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU)
+
+   Note that this greeting is a POP3 reply.  The POP3 server should
+   always give a positive response as the greeting.
+
+   The POP3 session is now in the AUTHORIZATION state.  The client must
+   now issue the USER command.  If the POP3 server responds with a
+   positive success indicator ("+OK"), then the client may issue either
+   the PASS command to complete the authorization, or the QUIT command
+   to terminate the POP3 session.  If the POP3 server responds with a
+   negative success indicator ("-ERR") to the USER command, then the
+   client may either issue a new USER command or may issue the QUIT
+   command.
+
+   When the client issues the PASS command, the POP3 server uses the
+   argument pair from the USER and PASS commands to determine if the
+   client should be given access to the appropriate maildrop.  If so,
+   the POP3 server then acquires an exclusive-access lock on the
+   maildrop.  If the lock is successfully acquired, the POP3 server
+   parses the maildrop into individual messages (read note below),
+   determines the last message (if any) present in the maildrop that was
+   referenced by the RETR command, and responds with a positive success
+   indicator.  The POP3 session now enters the TRANSACTION state.  If
+   the lock can not be acquired or the client should is denied access to
+   the appropriate maildrop or the maildrop can't be parsed for some
+
+
+
+Rose                                                            [Page 3]
+
+RFC 1081                          POP3                     November 1988
+
+
+   reason, the POP3 server responds with a negative success indicator.
+   (If a lock was acquired but the POP3 server intends to respond with a
+   negative success indicator, the POP3 server must release the lock
+   prior to rejecting the command.)  At this point, the client may
+   either issue a new USER command and start again, or the client may
+   issue the QUIT command.
+
+                 NOTE: Minimal implementations of the POP3 need only be
+                 able to break a maildrop into its component messages;
+                 they need NOT be able to parse individual messages.
+                 More advanced implementations may wish to have this
+                 capability, for reasons discussed later.
+
+   After the POP3 server has parsed the maildrop into individual
+   messages, it assigns a message-id to each message, and notes the size
+   of the message in octets.  The first message in the maildrop is
+   assigned a message-id of "1", the second is assigned "2", and so on,
+   so that the n'th message in a maildrop is assigned a message-id of
+   "n".  In POP3 commands and responses, all message-id's and message
+   sizes are expressed in base-10 (i.e., decimal).
+
+   It sets the "highest number accessed" to be that of the last message
+   referenced by the RETR command.
+
+   Here are summaries for the three POP3 commands discussed thus far:
+
+           USER name
+               Arguments: a server specific user-id (required)
+               Restrictions: may only be given in the AUTHORIZATION
+                   state after the POP3 greeting or after an
+                   unsuccessful USER or PASS command
+               Possible Responses:
+                   +OK name is welcome here
+                   -ERR never heard of name
+               Examples:
+                   C:    USER mrose
+                   S:    +OK mrose is a real hoopy frood
+                     ...
+                   C:    USER frated
+                   S:    -ERR sorry, frated doesn't get his mail here
+
+           PASS string
+               Arguments: a server/user-id specific password (required)
+               Restrictions: may only be given in the AUTHORIZATION
+                   state after a successful USER command
+               Possible Responses:
+                   +OK maildrop locked and ready
+                   -ERR invalid password
+
+
+
+Rose                                                            [Page 4]
+
+RFC 1081                          POP3                     November 1988
+
+
+                   -ERR unable to lock maildrop
+               Examples:
+                   C:    USER mrose
+                   S:    +OK mrose is a real hoopy frood
+                   C:    PASS secret
+                   S:    +OK mrose's maildrop has 2 messages
+                         (320 octets)
+                     ...
+                   C:    USER mrose
+                   S:    +OK mrose is a real hoopy frood
+                   C:    PASS secret
+                   S:    -ERR unable to lock mrose's maildrop, file
+                         already locked
+
+           QUIT
+               Arguments: none
+               Restrictions: none
+               Possible Responses:
+                   +OK
+               Examples:
+                   C:    QUIT
+                   S:    +OK dewey POP3 server signing off
+
+
+The TRANSACTION State
+
+   Once the client has successfully identified itself to the POP3 server
+   and the POP3 server has locked and burst the appropriate maildrop,
+   the POP3 session is now in the TRANSACTION state.  The client may now
+   issue any of the following POP3 commands repeatedly.  After each
+   command, the POP3 server issues a response.  Eventually, the client
+   issues the QUIT command and the POP3 session enters the UPDATE state.
+
+   Here are the POP3 commands valid in the TRANSACTION state:
+
+           STAT
+               Arguments: none
+               Restrictions: may only be given in the TRANSACTION state.
+               Discussion:
+
+                 The POP3 server issues a positive response with a line
+                 containing information for the maildrop.  This line is
+                 called a "drop listing" for that maildrop.
+
+                 In order to simplify parsing, all POP3 servers are
+                 required to use a certain format for drop listings.
+                 The first octets present must indicate the number of
+                 messages in the maildrop.  Following this is the size
+
+
+
+Rose                                                            [Page 5]
+
+RFC 1081                          POP3                     November 1988
+
+
+                 of the maildrop in octets.  This memo makes no
+                 requirement on what follows the maildrop size.
+                 Minimal implementations should just end that line of
+                 the response with a CRLF pair.  More advanced
+                 implementations may include other information.
+
+                      NOTE: This memo STRONGLY discourages
+                      implementations from supplying additional
+                      information in the drop listing.  Other,
+                      optional, facilities are discussed later on
+                      which permit the client to parse the messages
+                      in the maildrop.
+
+                 Note that messages marked as deleted are not counted in
+                 either total.
+
+               Possible Responses:
+                   +OK nn mm
+               Examples:
+                   C:    STAT
+                   S:    +OK 2 320
+
+           LIST [msg]
+               Arguments: a message-id (optionally)  If a message-id is
+                   given, it may NOT refer to a message marked as
+                   deleted.
+               Restrictions: may only be given in the TRANSACTION state.
+               Discussion:
+
+                 If an argument was given and the POP3 server issues a
+                 positive response with a line containing information
+                 for that message.  This line is called a "scan listing"
+                 for that message.
+
+                 If no argument was given and the POP3 server issues a
+                 positive response, then the response given is
+                 multi-line.  After the initial +OK, for each message
+                 in the maildrop, the POP3 server responds with a line
+                 containing information for that message.  This line
+                 is called a "scan listing" for that message.
+
+                 In order to simplify parsing, all POP3 servers are
+                 required to use a certain format for scan listings.
+                 The first octets present must be the message-id of
+                 the message.  Following the message-id is the size of
+                 the message in octets.  This memo makes no requirement
+                 on what follows the message size in the scan listing.
+                 Minimal implementations should just end that line of
+
+
+
+Rose                                                            [Page 6]
+
+RFC 1081                          POP3                     November 1988
+
+
+                 the response with a CRLF pair.  More advanced
+                 implementations may include other information, as
+                 parsed from the message.
+
+                      NOTE: This memo STRONGLY discourages
+                      implementations from supplying additional
+                      information in the scan listing.  Other, optional,
+                      facilities are discussed later on which permit
+                      the client to parse the messages in the maildrop.
+
+                 Note that messages marked as deleted are not listed.
+
+               Possible Responses:
+                   +OK scan listing follows
+                   -ERR no such message
+               Examples:
+                   C:    LIST
+                   S:    +OK 2 messages (320 octets)
+                   S:    1 120
+                   S:    2 200
+                   S:    .
+                     ...
+                   C:    LIST 2
+                   S:    +OK 2 200
+                     ...
+                   C:    LIST 3
+                   S:    -ERR no such message, only 2 messages in
+                         maildrop
+
+           RETR msg
+               Arguments: a message-id (required)  This message-id may
+                   NOT refer to a message marked as deleted.
+               Restrictions: may only be given in the TRANSACTION state.
+               Discussion:
+
+                 If the POP3 server issues a positive response, then the
+                 response given is multi-line.  After the initial +OK,
+                 the POP3 server sends the message corresponding to the
+                 given message-id, being careful to byte-stuff the
+                 termination character (as with all multi-line
+                 responses).
+
+                 If the number associated with this message is higher
+                 than the "highest number accessed" in the maildrop, the
+                 POP3 server updates the "highest number accessed" to
+                 the number associated with this message.
+
+
+
+
+
+Rose                                                            [Page 7]
+
+RFC 1081                          POP3                     November 1988
+
+
+               Possible Responses:
+                   +OK message follows
+                   -ERR no such message
+               Examples:
+                   C:    RETR 1
+                   S:    +OK 120 octets
+                   S:    <the POP3 server sends the entire message here>
+                   S:    .
+
+           DELE msg
+               Arguments: a message-id (required)  This message-id
+                   may NOT refer to a message marked as deleted.
+               Restrictions: may only be given in the TRANSACTION state.
+               Discussion:
+
+                 The POP3 server marks the message as deleted.  Any
+                 future reference to the message-id associated with the
+                 message in a POP3 command generates an error.  The POP3
+                 server does not actually delete the message until the
+                 POP3 session enters the UPDATE state.
+
+                 If the number associated with this message is higher
+                 than the "highest number accessed" in the maildrop,
+                 the POP3 server updates the "highest number accessed"
+                 to the number associated with this message.
+
+               Possible Responses:
+                   +OK message deleted
+                   -ERR no such message
+               Examples:
+                   C:    DELE 1
+                   S:    +OK message 1 deleted
+                     ...
+                   C:    DELE 2
+                   S:    -ERR message 2 already deleted
+
+           NOOP
+               Arguments: none
+               Restrictions: may only be given in the TRANSACTION state.
+               Discussion:
+
+                 The POP3 server does nothing, it merely replies with a
+                 positive response.
+
+               Possible Responses:
+                   +OK
+
+
+
+
+
+Rose                                                            [Page 8]
+
+RFC 1081                          POP3                     November 1988
+
+
+               Examples:
+                   C:    NOOP
+                   S:    +OK
+
+           LAST
+               Arguments: none
+               Restrictions: may only be issued in the TRANSACTION state.
+               Discussion:
+
+                 The POP3 server issues a positive response with a line
+                 containing the highest message number which accessed.
+                 Zero is returned in case no message in the maildrop has
+                 been accessed during previous transactions.  A client
+                 may thereafter infer that messages, if any, numbered
+                 greater than the response to the LAST command are
+                 messages not yet accessed by the client.
+
+             Possible Response:
+                   +OK nn
+
+             Examples:
+                   C:      STAT
+                   S:      +OK 4 320
+                   C:      LAST
+                   S:      +OK 1
+                   C:      RETR 3
+                   S:      +OK 120 octets
+                   S:      <the POP3 server sends the entire message
+                           here>
+                   S:      .
+                   C:      LAST
+                   S:      +OK 3
+                   C:      DELE 2
+                   S:      +OK message 2 deleted
+                   C:      LAST
+                   S:      +OK 3
+                   C:      RSET
+                   S:      +OK
+                   C:      LAST
+                   S:      +OK 1
+
+           RSET
+               Arguments: none
+               Restrictions: may only be given in the TRANSACTION
+                   state.
+               Discussion:
+
+                 If any messages have been marked as deleted by the POP3
+
+
+
+Rose                                                            [Page 9]
+
+RFC 1081                          POP3                     November 1988
+
+
+                 server, they are unmarked.  The POP3 server then
+                 replies with a positive response.  In addition, the
+                 "highest number accessed" is also reset to the value
+                 determined at the beginning of the POP3 session.
+
+               Possible Responses:
+                   +OK
+               Examples:
+                   C:    RSET
+                   S:    +OK maildrop has 2 messages (320 octets)
+
+
+
+The UPDATE State
+
+   When the client issues the QUIT command from the TRANSACTION state,
+   the POP3 session enters the UPDATE state.  (Note that if the client
+   issues the QUIT command from the AUTHORIZATION state, the POP3
+   session terminates but does NOT enter the UPDATE state.)
+
+           QUIT
+               Arguments: none
+               Restrictions: none
+               Discussion:
+
+                 The POP3 server removes all messages marked as deleted
+                 from the maildrop.  It then releases the
+                 exclusive-access lock on the maildrop and replies as
+                 to the success of
+                 these operations.  The TCP connection is then closed.
+
+               Possible Responses:
+                   +OK
+               Examples:
+                   C:    QUIT
+                   S:    +OK dewey POP3 server signing off (maildrop
+                         empty)
+                     ...
+                   C:    QUIT
+                   S:    +OK dewey POP3 server signing off (2 messages
+                         left)
+                     ...
+
+
+Optional POP3 Commands
+
+   The POP3 commands discussed above must be supported by all minimal
+   implementations of POP3 servers.
+
+
+
+Rose                                                           [Page 10]
+
+RFC 1081                          POP3                     November 1988
+
+
+   The optional POP3 commands described below permit a POP3 client
+   greater freedom in message handling, while preserving a simple POP3
+   server implementation.
+
+                 NOTE: This memo STRONGLY encourages implementations to
+                 support these commands in lieu of developing augmented
+                 drop and scan listings.  In short, the philosophy of
+                 this memo is to put intelligence in the part of the
+                 POP3 client and not the POP3 server.
+
+           TOP msg n
+               Arguments: a message-id (required) and a number.  This
+                   message-id may NOT refer to a message marked as
+                   deleted.
+               Restrictions: may only be given in the TRANSACTION state.
+               Discussion:
+
+                 If the POP3 server issues a positive response, then
+                 the response given is multi-line.  After the initial
+                 +OK, the POP3 server sends the headers of the message,
+                 the blank line separating the headers from the body,
+                 and then the number of lines indicated message's body,
+                 being careful to byte-stuff the termination character
+                 (as with all multi-line responses).
+
+                 Note that if the number of lines requested by the POP3
+                 client is greater than than the number of lines in the
+                 body, then the POP3 server sends the entire message.
+
+               Possible Responses:
+                   +OK top of message follows
+                   -ERR no such message
+               Examples:
+                   C:    TOP 10
+                   S:    +OK
+                   S:    <the POP3 server sends the headers of the
+                          message, a blank line, and the first 10 lines
+                          of the body of the message>
+                   S:    .
+                     ...
+                   C:    TOP 100
+                   S:    -ERR no such message
+
+           RPOP user
+               Arguments: a client specific user-id (required)
+               Restrictions: may only be given in the AUTHORIZATION
+                   state after a successful USER command; in addition,
+                   may only be given if the client used a reserved
+
+
+
+Rose                                                           [Page 11]
+
+RFC 1081                          POP3                     November 1988
+
+
+                   (privileged) TCP port to connect to the server.
+               Discussion:
+
+                 The RPOP command may be used instead of the PASS
+                 command to authenticate access to the maildrop.  In
+                 order for this command to be successful, the POP3
+                 client must use a reserved TCP port (port < 1024) to
+                 connect tothe server.  The POP3 server uses the
+                 argument pair from the USER and RPOP commands to
+                 determine if the client should be given access to
+                 the appropriate maildrop.  Unlike the PASS command
+                 however, the POP3 server considers if the remote user
+                 specified by the RPOP command who resides on the POP3
+                 client host is allowed to access the maildrop for the
+                 user specified by the USER command (e.g., on Berkeley
+                 UNIX, the .rhosts mechanism is used).  With the
+                 exception of this differing in authentication, this
+                 command is identical to the PASS command.
+
+                 Note that the use of this feature has allowed much wider
+                 penetration into numerous hosts on local networks (and
+                 sometimes remote networks) by those who gain illegal
+                 access to computers by guessing passwords or otherwise
+                 breaking into the system.
+
+               Possible Responses:
+                   +OK maildrop locked and ready
+                   -ERR permission denied
+               Examples:
+                   C:    USER mrose
+                   S:    +OK mrose is a real hoopy frood
+                   C:    RPOP mrose
+                   S:    +OK mrose's maildrop has 2 messages (320
+                         octets)
+
+       Minimal POP3 Commands:
+           USER name               valid in the AUTHORIZATION state
+           PASS string
+           QUIT
+
+           STAT                    valid in the TRANSACTION state
+           LIST [msg]
+           RETR msg
+           DELE msg
+           NOOP
+           LAST
+           RSET
+
+
+
+
+Rose                                                           [Page 12]
+
+RFC 1081                          POP3                     November 1988
+
+
+           QUIT                    valid in the UPDATE state
+
+       Optional POP3 Commands:
+           RPOP user               valid in the AUTHORIZATION state
+
+           TOP msg n               valid in the TRANSACTION state
+
+       POP3 Replies:
+           +OK
+           -ERR
+
+       Note that with the exception of the STAT command, the reply given
+       by the POP3 server to any command is significant only to "+OK"
+       and "-ERR".  Any text occurring after this reply may be ignored
+       by the client.
+
+Example POP3 Session
+
+    S: <wait for connection on TCP port 110>
+        ...
+    C: <open connection>
+    S:    +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU)
+    C:    USER mrose
+    S:    +OK mrose is a real hoopy frood
+    C:    PASS secret
+    S:    +OK mrose's maildrop has 2 messages (320 octets)
+    C:    STAT
+    S:    +OK 2 320
+    C:    LIST
+    S:    +OK 2 messages (320 octets)
+    S:    1 120
+    S:    2 200
+    S:    .
+    C:    RETR 1
+    S:    +OK 120 octets
+    S:    <the POP3 server sends message 1>
+    S:    .
+    C:    DELE 1
+    S:    +OK message 1 deleted
+    C:    RETR 2
+    S:    +OK 200 octets
+    S:    <the POP3 server sends message 2>
+    S:    .
+    C:    DELE 2
+    S:    +OK message 2 deleted
+    C:    QUIT
+
+
+
+
+
+Rose                                                           [Page 13]
+
+RFC 1081                          POP3                     November 1988
+
+
+    S:    +OK dewey POP3 server signing off (maildrop empty)
+    C:  <close connection>
+    S:  <wait for next connection>
+
+Message Format
+
+   All messages transmitted during a POP3 session are assumed to conform
+   to the standard for the format of Internet text messages [RFC822].
+
+   It is important to note that the byte count for a message on the
+   server host may differ from the octet count assigned to that message
+   due to local conventions for designating end-of-line.  Usually,
+   during the AUTHORIZATION state of the POP3 session, the POP3 client
+   can calculate the size of each message in octets when it parses the
+   maildrop into messages.  For example, if the POP3 server host
+   internally represents end-of-line as a single character, then the
+   POP3 server simply counts each occurrence of this character in a
+   message as two octets.  Note that lines in the message which start
+   with the termination octet need not be counted twice, since the POP3
+   client will remove all byte-stuffed termination characters when it
+   receives a multi-line response.
+
+The POP and the Split-UA model
+
+   The underlying paradigm in which the POP3 functions is that of a
+   split-UA model.  The POP3 client host, being a remote PC based
+   workstation, acts solely as a client to the message transport system.
+   It does not provide delivery/authentication services to others.
+   Hence, it is acting as a UA, on behalf of the person using the
+   workstation.  Furthermore, the workstation uses SMTP to enter mail
+   into the MTS.
+
+   In this sense, we have two UA functions which interface to the
+   message transport system: Posting (SMTP) and Retrieval (POP3).  The
+   entity which supports this type of environment is called a split-UA
+   (since the user agent is split between two hosts which must
+   interoperate to provide these functions).
+
+                 ASIDE:  Others might term this a remote-UA instead.
+                 There are arguments supporting the use of both terms.
+
+   This memo has explicitly referenced TCP as the underlying transport
+   agent for the POP3.  This need not be the case.  In the MZnet split-
+   UA, for example, personal micro-computer systems are used which do
+   not have IP-style networking capability.  To connect to the POP3
+   server host, a PC establishes a terminal connection using some simple
+   protocol (PhoneNet).  A program on the PC drives the connection,
+   first establishing a login session as a normal user.  The login shell
+
+
+
+Rose                                                           [Page 14]
+
+RFC 1081                          POP3                     November 1988
+
+
+   for this pseudo-user is a program which drives the other half of the
+   terminal protocol and communicates with one of two servers.  Although
+   MZnet can support several PCs, a single pseudo-user login is present
+   on the server host.  The user-id and password for this pseudo-user
+   login is known to all members of MZnet.  Hence, the first action of
+   the login shell, after starting the terminal protocol, is to demand a
+   USER/PASS authorization pair from the PC.  This second level of
+   authorization is used to ascertain who is interacting with the MTS.
+   Although the server host is deemed to support a "trusted" MTS entity,
+   PCs in MZnet are not.  Naturally, the USER/PASS authorization pair
+   for a PC is known only to the owner of the PC (in theory, at least).
+
+   After successfully verifying the identity of the client, a modified
+   SMTP server is started, and the PC posts mail with the server host.
+   After the QUIT command is given to the SMTP server and it terminates,
+   a modified POP3 server is started, and the PC retrieves mail from the
+   server host.  After the QUIT command is given to the POP3 server and
+   it terminates, the login shell for the pseudo-user terminates the
+   terminal protocol and logs the job out.  The PC then closes the
+   terminal connection to the server host.
+
+   The SMTP server used by MZnet is modified in the sense that it knows
+   that it's talking to a user agent and not a "trusted" entity in the
+   message transport system.  Hence, it does performs the validation
+   activities normally performed by an entity in the MTS when it accepts
+   a message from a UA.
+
+   The POP3 server used by MZnet is modified in the sense that it does
+   not require a USER/PASS combination before entering the TRANSACTION
+   state.  The reason for this (of course) is that the PC has already
+   identified itself during the second-level authorization step
+   described above.
+
+                 NOTE: Truth in advertising laws require that the author
+                 of this memo state that MZnet has not actually been
+                 fully implemented.  The concepts presented and proven
+                 by the project led to the notion of the MZnet
+                 split-slot model.  This notion has inspired the
+                 split-UA concept described in this memo, led to the
+                 author's interest in the POP, and heavily influenced
+                 the the description of the POP3 herein.
+
+   In fact, some UAs present in the Internet already support the notion
+   of posting directly to an SMTP server and retrieving mail directly
+   from a POP server, even if the POP server and client resided on the
+   same host!
+
+                 ASIDE: this discussion raises an issue which this memo
+
+
+
+Rose                                                           [Page 15]
+
+RFC 1081                          POP3                     November 1988
+
+
+                 purposedly avoids: how does SMTP know that it's talking
+                 to a "trusted" MTS entity?
+
+References
+
+     [MZnet]   Stefferud, E., J. Sweet, and T. Domae, "MZnet: Mail
+               Service for Personal Micro-Computer Systems",
+               Proceedings, IFIP 6.5 International Conference on
+               Computer Message Systems, Nottingham, U.K., May 1984.
+
+     [RFC821]  Postel, J., "Simple Mail Transfer Protocol",
+               USC/Information Sciences Institute, August 1982.
+
+     [RFC822]  Crocker, D., "Standard for the Format of ARPA-Internet
+               Text Messages", University of Delaware, August 1982.
+
+     [RFC937]  Butler, M., J. Postel, D. Chase, J. Goldberger, and J.
+               Reynolds, "Post Office Protocol - Version 2", RFC 937,
+               USC/Information Sciences Institute, February 1985.
+
+     [RFC1010] Reynolds, J., and J. Postel, "Assigned Numbers", RFC
+               1010, USC/Information Sciences Institute, May 1987.
+
+Author's Address:
+
+
+   Marshall Rose
+   The Wollongong Group
+   1129 San Antonio Rd.
+   Palo Alto, California 94303
+
+   Phone: (415) 962-7100
+
+   Email: MRose@TWG.COM
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rose                                                           [Page 16]
diff --git a/crypto/heimdal/appl/popper/pop3e.rfc1082 b/crypto/heimdal/appl/popper/pop3e.rfc1082
new file mode 100644
index 0000000..ac49448
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop3e.rfc1082
@@ -0,0 +1,619 @@
+
+
+
+
+
+
+Network Working Group                                            M. Rose
+Request for Comments: 1082                                           TWG
+                                                           November 1988
+
+
+
+                    Post Office Protocol - Version 3
+                       Extended Service Offerings
+
+Status of This Memo
+
+   This memo suggests a simple method for workstations to dynamically
+   access mail from a discussion group server, as an extension to an
+   earlier memo which dealt with dynamically accessing mail from a
+   mailbox server using the Post Office Protocol -  Version 3 (POP3).
+   This RFC specifies a proposed protocol for the Internet community,
+   and requests discussion and suggestions for improvements.  All of the
+   extensions described in this memo to the POP3 are OPTIONAL.
+   Distribution of this memo is unlimited.
+
+Introduction and Motivation
+
+   It is assumed that the reader is familiar with RFC 1081 that
+   discusses the Post Office Protocol - Version 3 (POP3) [RFC1081].
+   This memo describes extensions to the POP3 which enhance the service
+   it offers to clients.  This additional service permits a client host
+   to access discussion group mail, which is often kept in a separate
+   spool area, using the general POP3 facilities.
+
+   The next section describes the evolution of discussion groups and the
+   technologies currently used to implement them.  To summarize:
+
+       o An exploder is used to map from a single address to
+       a list of addresses which subscribe to the list, and redirects
+       any subsequent error reports associated with the delivery of
+       each message.  This has two primary advantages:
+             - Subscribers need know only a single address
+             - Responsible parties get the error reports and not
+               the subscribers
+
+
+
+
+
+
+
+
+
+
+
+
+Rose                                                            [Page 1]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+       o Typically, each subscription address is not a person's private
+       maildrop, but a system-wide maildrop, which can be accessed
+       by more than one user.  This has several advantages:
+             - Only a single copy of each message need traverse the
+               net for a given site (which may contain several local
+               hosts).  This conserves bandwidth and cycles.
+             - Only a single copy of each message need reside on each
+               subscribing host.  This conserves disk space.
+             - The private maildrop for each user is not cluttered
+               with discussion group mail.
+
+   Despite this optimization of resources, further economy can be
+   achieved at sites with more than one host.  Typically, sites with
+   more than one host either:
+
+        1.  Replicate discussion group mail on each host.  This
+        results in literally gigabytes of disk space committed to
+        unnecessarily store redundant information.
+
+        2.  Keep discussion group mail on one host and give all users a
+        login on that host (in addition to any other logins they may
+        have).  This is usually a gross inconvenience for users who
+        work on other hosts, or a burden to users who are forced to
+        work on that host.
+
+   As discussed in [RFC1081], the problem of giving workstations dynamic
+   access to mail from a mailbox server has been explored in great
+   detail (originally there was [RFC918], this prompted the author to
+   write [RFC1081], independently of this [RFC918] was upgraded to
+   [RFC937]).  A natural solution to the problem outlined above is to
+   keep discussion group mail on a mailbox server at each site and
+   permit different hosts at that site to employ the POP3 to access
+   discussion group mail.  If implemented properly, this avoids the
+   problems of both strategies outlined above.
+
+        ASIDE:     It might be noted that a good distributed filesystem
+                   could also solve this problem.  Sadly, "good"
+                   distributed filesystems, which do not suffer
+                   unacceptable response time for interactive use, are
+                   few and far between these days!
+
+   Given this motivation, now let's consider discussion groups, both in
+   general and from the point of view of a user agent.  Following this,
+   extensions to the POP3 defined in [RFC1081] are presented.  Finally,
+   some additional policy details are discussed along with some initial
+   experiences.
+
+
+
+
+
+Rose                                                            [Page 2]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+What's in a Discussion Group
+
+   Since mailers and user agents first crawled out of the primordial
+   ARPAnet, the value of discussion groups have been appreciated,
+   (though their implementation has not always been well-understood).
+
+   Described simply, a discussion group is composed of a number of
+   subscribers with a common interest.  These subscribers post mail to a
+   single address, known as a distribution address.  From this
+   distribution address, a copy of the message is sent to each
+   subscriber.  Each group has a moderator, which is the person that
+   administrates the group.  The moderator can usually be reached at a
+   special address, known as a request address.  Usually, the
+   responsibilities of the moderator are quite simple, since the mail
+   system handles the distribution to subscribers automatically.  In
+   some cases, the interest group, instead of being distributed directly
+   to its subscribers, is put into a digest format by the moderator and
+   then sent to the subscribers.  Although this requires more work on
+   the part of the moderator, such groups tend to be better organized.
+
+   Unfortunately, there are a few problems with the scheme outlined
+   above.  First, if two users on the same host subscribe to the same
+   interest group, two copies of the message get delivered.  This is
+   wasteful of both processor and disk resources.
+
+   Second, some of these groups carry a lot of traffic.  Although
+   subscription to an group does indicate interest on the part of a
+   subscriber, it is usually not interesting to get 50 messages or so
+   delivered to the user's private maildrop each day, interspersed with
+   personal mail, that is likely to be of a much more important and
+   timely nature.
+
+   Third, if a subscriber on the distribution list for a group becomes
+   "bad" somehow, the originator of the message and not the moderator of
+   the group is notified.  It is not uncommon for a large list to have
+   10 or so bogus addresses present.  This results in the originator
+   being flooded with "error messages" from mailers across the Internet
+   stating that a given address on the list was bad.  Needless to say,
+   the originator usually could not care less if the bogus addresses got
+   a copy of the message or not.  The originator is merely interested in
+   posting a message to the group at large.  Furthermore, the moderator
+   of the group does care if there are bogus addresses on the list, but
+   ironically does not receive notification.
+
+   There are various approaches which can be used to solve some or all
+   of these problems.  Usually these involve placing an exploder agent
+   at the distribution source of the discussion group, which expands the
+   name of the group into the list of subscription addresses for the
+
+
+
+Rose                                                            [Page 3]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+   group.  In the process, the exploder will also change the address
+   that receives error notifications to be the request address or other
+   responsible party.
+
+   A complementary approach, used in order to cut down on resource
+   utilization of all kinds, replaces all the subscribers at a single
+   host (or group of hosts under a single administration) with a single
+   address at that host.  This address maps to a file on the host,
+   usually in a spool area, which all users can access.  (Advanced
+   implementations can also implement private discussion groups this
+   way, in which a single copy of each message is kept, but is
+   accessible to only a select number of users on the host.)
+
+   The two approaches can be combined to avoid all of the problems
+   described above.
+
+   Finally, a third approach can be taken, which can be used to aid user
+   agents processing mail for the discussion group:  In order to speed
+   querying of the maildrop which contains the local host's copy of the
+   discussion group, two other items are usually associated with the
+   discussion group, on a local basis.  These are the maxima and the
+   last-date.  Each time a message is received for the group on the
+   local host, the maxima is increased by at least one.  Furthermore,
+   when a new maxima is generated, the current date is determined.  This
+   is called the last date.  As the message is entered into the local
+   maildrop, it is given the current maxima and last-date.  This permits
+   the user agent to quickly determine if new messages are present in
+   the maildrop.
+
+       NOTE:      The maxima may be characterized as a monotonically
+                  increasing quanity.  Although sucessive values of the
+                  maxima need not be consecutive, any maxima assigned
+                  is always greater than any previously assigned value.
+
+Definition of Terms
+
+   To formalize these notions somewhat, consider the following 7
+   parameters which describe a given discussion group from the
+   perspective of the user agent (the syntax given is from [RFC822]):
+
+
+
+
+
+
+
+
+
+
+
+
+Rose                                                            [Page 4]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+         NAME            Meaning: the name of the discussion group
+                         Syntax:  TOKEN (ALPHA *[ ALPHA / DIGIT / "-" ])
+                                  (case-insensitive recognition)
+                         Example: unix-wizards
+
+         ALIASES         Meaning: alternates names for the group, which
+                                  are locally meaningful; these are
+                                  typically used to shorten user typein
+                         Syntax:  TOKEN (case-insensitive recognition)
+                         Example: uwiz
+
+         ADDRESS         Meaning: the primary source of the group
+                         Syntax:  822 address
+                         Example: Unix-Wizards@BRL.MIL
+
+         REQUEST         Meaning: the primary moderator of the group
+                         Syntax:  822 address
+                         Example: Unix-Wizards-Request@BRL.MIL
+
+         FLAGS           Meaning: locally meaningful flags associated
+                                  with the discussion group; this memo
+                                  leaves interpretation of this
+                                  parameter to each POP3 implementation
+                         Syntax:  octal number
+                         Example: 01
+
+         MAXIMA          Meaning: the magic cookie associated with the
+                                  last message locally received for the
+                                  group; it is the property of the magic
+                                  cookie that it's value NEVER
+                                  decreases, and increases by at least
+                                  one each time a message is locally
+                                  received
+                         Syntax:  decimal number
+                         Example: 1004
+
+         LASTDATE        Meaning: the date that the last message was
+                                  locally received
+                         Syntax:  822 date
+                         Example: Thu, 19 Dec 85 10:26:48 -0800
+
+   Note that the last two values are locally determined for the maildrop
+   associated with the discussion group and with each message in that
+   maildrop.  Note however that the last message in the maildrop have a
+   different MAXIMA and LASTDATE than the discussion group.  This often
+   occurs when the maildrop has been archived.
+
+
+
+
+
+Rose                                                            [Page 5]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+   Finally, some local systems provide mechanisms for automatically
+   archiving discussion group mail.  In some cases, a two-level archive
+   scheme is used:  current mail is kept in the standard maildrop,
+   recent mail is kept in an archive maildrop, and older mail is kept
+   off-line.  With this scheme, in addition to having a "standard"
+   maildrop for each discussion group, an "archive" maildrop may also be
+   available.  This permits a user agent to examine the most recent
+   archive using the same mechanisms as those used on the current mail.
+
+The XTND Command
+
+   The following commands are valid only in the TRANSACTION state of the
+   POP3.  This implies that the POP3 server has already opened the
+   user's maildrop (which may be empty).  This maildrop is called the
+   "default maildrop".  The phrase "closes the current maildrop" has two
+   meanings, depending on whether the current maildrop is the default
+   maildrop or is a maildrop associated with a discussion group.
+
+   In the former context, when the current maildrop is closed any
+   messages marked as deleted are removed from the maildrop currently in
+   use.  The exclusive-access lock on the maildrop is then released
+   along with any implementation-specific resources (e.g., file-
+   descriptors).
+
+   In the latter context, a maildrop associated with a discussion group
+   is considered to be read-only to the POP3 client.  In this case, the
+   phrase "closes the current maildrop" merely means that any
+   implementation-specific resources are released.  (Hence, the POP3
+   command DELE is a no-op.)
+
+   All the new facilities are introduced via a single POP3 command,
+   XTND.  All positive reponses to the XTND command are multi-line.
+
+   The most common multi-line response to the commands contains a
+   "discussion group listing" which presents the name of the discussion
+   group along with it's maxima.  In order to simplify parsing all POP3
+   servers are required to use a certain format for discussion group
+   listings:
+
+                              NAME SP MAXIMA
+
+   This memo makes no requirement on what follows the maxima in the
+   listing.  Minimal implementations should just end that line of the
+   response with a CRLF pair.  More advanced implementations may include
+   other information, as parsed from the message.
+
+       NOTE:      This memo STRONGLY discourages implementations from
+                  supplying additional information in the listing.
+
+
+
+Rose                                                            [Page 6]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+   XTND BBOARDS [name]
+   Arguments: the name of a discussion group (optionally)
+   Restrictions: may only be given in the TRANSACTION state.
+   Discussion:
+
+   If an argument was given, the POP3 server closes the current
+   maildrop.  The POP3 server then validates the argument as the name of
+   a discussion group.  If this is successful, it opens the maildrop
+   associated with the group, and returns a multi-line response
+   containing the discussion group listing.  If the discussion group
+   named is not valid, or the associated archive maildrop is not
+   readable by the user, then an error response is returned.
+
+   If no argument was given, the POP3 server issues a multi-line
+   response.  After the initial +OK, for each discussion group known,
+   the POP3 server responds with a line containing the listing for that
+   discussion group.  Note that only world-readable discussion groups
+   are included in the multi-line response.
+
+   In order to aid user agents, this memo requires an extension to the
+   scan listing when an "XTND BBOARDS" command has been given.
+   Normally, a scan listing, as generated by the LIST, takes the form:
+
+          MSGNO SIZE
+
+   where MSGNO is the number of the message being listed and SIZE is the
+   size of the message in octets.  When reading a maildrop accessed via
+   "XTND BBOARDS", the scan listing takes the form
+
+          MSGNO SIZE MAXIMA
+
+   where MAXIMA is the maxima that was assigned to the message when it
+   was placed in the BBoard.
+
+   Possible Responses:
+       +OK XTND
+       -ERR no such bboard
+   Examples:
+       C:    XTND BBOARDS
+       S:    +OK XTND
+       S:    system 10
+       S:    mh-users 100
+       S:    .
+       C:    XTND BBOARDS system
+       S:    + OK XTND
+       S:    system 10
+       S:    .
+
+
+
+
+Rose                                                            [Page 7]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+   XTND ARCHIVE name
+   Arguments: the name of a discussion group (required)
+   Restrictions: may only be given in the TRANSACTION state.
+   Discussion:
+
+   The POP3 server closes the current maildrop.  The POP3 server then
+   validates the argument as the name of a discussion group.  If this is
+   successful, it opens the archive maildrop associated with the group,
+   and returns a multi-line response containing the discussion group
+   listing.  If the discussion group named is not valid, or the
+   associated archive maildrop is not readable by the user, then an
+   error response is returned.
+
+   In addition, the scan listing generated by the LIST command is
+   augmented (as described above).
+
+   Possible Responses:
+       +OK XTND
+       -ERR no such bboard Examples:
+       C:    XTND ARCHIVE system
+       S:    + OK XTND
+       S:    system 3
+       S:    .
+
+   XTND X-BBOARDS name
+   Arguments: the name of a discussion group (required)
+   Restrictions: may only be given in the TRANSACTION state.
+   Discussion:
+
+   The POP3 server validates the argument as the name of a
+   discussion group.  If this is unsuccessful, then an error
+   response is returned.  Otherwise a multi-line response is
+   returned.  The first 14 lines of this response (after the
+   initial +OK) are defined in this memo.  Minimal implementations
+   need not include other information (and may omit certain
+   information, outputing a bare CRLF pair).  More advanced
+   implementations may include other information.
+
+           Line    Information (refer to "Definition of Terms")
+           ----    -----------
+             1     NAME
+             2     ALIASES, separated by SP
+             3     system-specific: maildrop
+             4     system-specific: archive maildrop
+             5     system-specific: information
+             6     system-specific: maildrop map
+             7     system-specific: encrypted password
+             8     system-specific: local leaders, separated by SP
+
+
+
+Rose                                                            [Page 8]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+             9     ADDRESS
+            10     REQUEST
+            11     system-specific: incoming feed
+            12     system-specific: outgoing feeds
+            13     FLAGS SP MAXIMA
+            14     LASTDATE
+
+   Most of this information is entirely too specific to the UCI Version
+   of the Rand MH Message Handling System [MRose85].  Nevertheless,
+   lines 1, 2, 9, 10, 13, and 14 are of general interest, regardless of
+   the implementation.
+
+           Possible Responses:
+               +OK XTND
+               -ERR no such bboard
+           Examples:
+               C:    XTND X-BBOARDS system
+               S:    + OK XTND
+               S:    system
+               S:    local general
+               S:    /usr/bboards/system.mbox
+               S:    /usr/bboards/archive/system.mbox
+               S:    /usr/bboards/.system.cnt
+               S:    /usr/bboards/.system.map
+               S:    *
+               S:    mother
+               S:    system@nrtc.northrop.com
+               S:    system-request@nrtc.northrop.com
+               S:
+               S:    dist-system@nrtc-gremlin.northrop.com
+               S:    01 10
+               S:    Thu, 19 Dec 85 00:08:49 -0800
+               S:    .
+
+Policy Notes
+
+   Depending on the particular entity administrating the POP3 service
+   host, two additional policies might be implemented:
+
+   1.  Private Discussion Groups
+
+   In the general case, discussion groups are world-readable, any user,
+   once logged in (via a terminal, terminal server, or POP3, etc.), is
+   able to read the maildrop for each discussion group known to the POP3
+   service host.  Nevertheless, it is desirable, usually for privacy
+   reasons, to implement private discussion groups as well.
+
+   Support of this is consistent with the extensions outlined in this
+
+
+
+Rose                                                            [Page 9]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+   memo.  Once the AUTHORIZATION state has successfully concluded, the
+   POP3 server grants the user access to exactly those discussion groups
+   the POP3 service host permits the authenticated user to access.  As a
+   "security" feature, discussion groups associated with unreadable
+   maildrops should not be listed in a positive response to the XTND
+   BBOARDS command.
+
+   2.  Anonymous POP3 Users
+
+   In order to minimize the authentication problem, a policy permitting
+   "anonymous" access to the world-readable maildrops for discussion
+   groups on the POP3 server may be implemented.
+
+   Support of this is consistent with the extensions outlined in this
+   memo.  The POP3 server can be modified to accept a USER command for a
+   well-known pseudonym (i.e., "anonymous") which is valid with any PASS
+   command.  As a "security" feature, it is advisable to limit this kind
+   of access to only hosts at the local site, or to hosts named in an
+   access list.
+
+Experiences and Conclusions
+
+   All of the facilities described in this memo and in [RFC1081] have
+   been implemented in MH #6.1.  Initial experiences have been, on the
+   whole, very positive.
+
+   After the first implementation, some performance tuning was required.
+   This consisted primarily of caching the datastructures which describe
+   discussion groups in the POP3 server.  A second optimization
+   pertained to the client:  the program most commonly used to read
+   BBoards in MH was modified to retrieve messages only when needed.
+   Two schemes are used:
+
+         o If only the headers (and the first few lines of the body) of
+           the message are required (e.g., for a scan listing), then only
+           these are retrieved.  The resulting output is then cached, on
+           a per-message basis.
+
+         o If the entire message is required, then it is retrieved intact,
+            and cached locally.
+
+   With these optimizations, response time is quite adequate when the
+   POP3 server and client are connected via a high-speed local area
+   network.  In fact, the author uses this mechanism to access certain
+   private discussion groups over the Internet.  In this case, response
+   is still good.  When a 9.6Kbps modem is inserted in the path,
+   response went from good to almost tolerable (fortunately the author
+   only reads a few discussion groups in this fashion).
+
+
+
+Rose                                                           [Page 10]
+
+RFC 1082                 POP3 Extended Service             November 1988
+
+
+   To conclude: the POP3 is a good thing, not only for personal mail but
+   for discussion group mail as well.
+
+
+References
+
+     [RFC1081] Rose, M., "Post Office Protocol - Verison 3 (POP3)", RFC
+               1081, TWG, November 1988.
+
+     [MRose85] Rose, M., and J. Romine, "The Rand MH Message Handling
+               System: User's Manual", University of California, Irvine,
+               November 1985.
+
+     [RFC822]  Crocker, D., "Standard for the Format of ARPA-Internet
+               Text Messages", RFC 822, University of Delaware, August
+               1982.
+
+     [RFC918]  Reynolds, J., "Post Office Protocol", RFC 918,
+               USC/Information Sciences Institute, October 1984.
+
+     [RFC937]  Butler, M., J. Postel, D. Chase, J. Goldberger, and J.
+               Reynolds, "Post Office Protocol - Version 2", RFC 937,
+               USC/Information Sciences Institute, February 1985.
+
+Author's Address:
+
+
+   Marshall Rose
+   The Wollongong Group
+   1129 San Antonio Rd.
+   Palo Alto, California 94303
+
+   Phone: (415) 962-7100
+
+   Email: MRose@TWG.COM
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rose                                                           [Page 11]
+
diff --git a/crypto/heimdal/appl/popper/pop_auth.c b/crypto/heimdal/appl/popper/pop_auth.c
new file mode 100644
index 0000000..525beaa
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_auth.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <popper.h>
+#include <base64.h>
+RCSID("$Id: pop_auth.c,v 1.2 2000/04/12 15:37:45 assar Exp $");
+
+#ifdef KRB4
+
+enum {
+    NO_PROT   = 1,
+    INT_PROT  = 2,
+    PRIV_PROT = 4
+};
+
+static int
+auth_krb4(POP *p)
+{
+    int ret;
+    des_cblock key;
+    u_int32_t nonce, nonce_reply;
+    u_int32_t max_client_packet;
+    int protocols = NO_PROT | INT_PROT | PRIV_PROT;
+    char data[8];
+    int len;
+    char *s;
+    char instance[INST_SZ];  
+    KTEXT_ST authent;
+    des_key_schedule schedule;
+    struct passwd *pw;
+
+    /* S -> C: 32 bit nonce in MSB base64 */
+
+    des_new_random_key(&key);
+    nonce = (key[0] | (key[1] << 8) | (key[2] << 16) | (key[3] << 24)
+	     | key[4] | (key[5] << 8) | (key[6] << 16) | (key[7] << 24));
+    krb_put_int(nonce, data, 4, 8);
+    len = base64_encode(data, 4, &s);
+
+    pop_msg(p, POP_CONTINUE, "%s", s);
+    free(s);
+
+    /* C -> S: ticket and authenticator */
+
+    ret = sch_readline(p->input, &s);
+    if (ret <= 0 || strcmp (s, "*") == 0)
+	return pop_msg(p, POP_FAILURE,
+		       "authentication aborted by client");
+    len = strlen(s);
+    if (len > sizeof(authent.dat)) {
+	return pop_msg(p, POP_FAILURE, "data packet too long");
+    }
+
+    authent.length = base64_decode(s, authent.dat);
+
+    k_getsockinst (0, instance, sizeof(instance));
+    ret = krb_rd_req(&authent, "pop", instance,
+		     p->in_addr.sin_addr.s_addr,
+		     &p->kdata, NULL);
+    if (ret != 0) {
+	return pop_msg(p, POP_FAILURE, "rd_req: %s",
+		       krb_get_err_text(ret));
+    }
+    if (p->kdata.checksum != nonce) {
+	return pop_msg(p, POP_FAILURE, "data stream modified");
+    }
+
+    /* S -> C: nonce + 1 | bit | max segment */
+
+    krb_put_int(nonce + 1, data, 4, 7);
+    data[4] = protocols;
+    krb_put_int(1024, data + 5, 3, 3); /* XXX */
+    des_key_sched(&p->kdata.session, schedule);
+    des_pcbc_encrypt((des_cblock*)data,
+		     (des_cblock*)data, 8,
+		     schedule,
+		     &p->kdata.session,
+		     DES_ENCRYPT);
+    len = base64_encode(data, 8, &s);
+    pop_msg(p, POP_CONTINUE, "%s", s);
+
+    free(s);
+
+    /* C -> S: nonce | bit | max segment | username */
+
+    ret = sch_readline(p->input, &s);
+    if (ret <= 0 || strcmp (s, "*") == 0)
+	return pop_msg(p, POP_FAILURE,
+		       "authentication aborted");
+    len = strlen(s);
+    if (len > sizeof(authent.dat)) {
+	return pop_msg(p, POP_FAILURE, "data packet too long");
+    }
+
+    authent.length = base64_decode(s, authent.dat);
+    
+    if (authent.length % 8 != 0) {
+	return pop_msg(p, POP_FAILURE, "reply is not a multiple of 8 bytes");
+    }
+
+    des_key_sched(&p->kdata.session, schedule);
+    des_pcbc_encrypt((des_cblock*)authent.dat,
+		     (des_cblock*)authent.dat,
+		     authent.length,
+		     schedule,
+		     &p->kdata.session,
+		     DES_DECRYPT);
+
+    krb_get_int(authent.dat, &nonce_reply, 4, 0);
+    if (nonce_reply != nonce) {
+	return pop_msg(p, POP_FAILURE, "data stream modified");
+    }
+    protocols &= authent.dat[4];
+    krb_get_int(authent.dat + 5, &max_client_packet, 3, 0);
+    if(authent.dat[authent.length - 1] != '\0') {
+	return pop_msg(p, POP_FAILURE, "bad format of username");
+    }
+    strncpy (p->user, authent.dat + 8, sizeof(p->user));
+    pw = k_getpwnam(p->user);
+    if (pw == NULL) {
+	return (pop_msg(p,POP_FAILURE,
+			"Password supplied for \"%s\" is incorrect.",
+			p->user));
+    }
+
+    if (kuserok(&p->kdata, p->user)) {
+	pop_log(p, POP_PRIORITY,
+		"%s: (%s.%s@%s) tried to retrieve mail for %s.",
+		p->client, p->kdata.pname, p->kdata.pinst,
+		p->kdata.prealm, p->user);
+	return(pop_msg(p,POP_FAILURE,
+		       "Popping not authorized"));
+    }
+    pop_log(p, POP_INFO, "%s: %s.%s@%s -> %s",
+	    p->ipaddr,
+	    p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
+	    p->user);
+    ret = pop_login(p, pw);
+    if (protocols & PRIV_PROT)
+	;
+    else if (protocols & INT_PROT)
+	;
+    else
+	;
+    
+    return ret;
+}
+#endif /* KRB4 */
+
+#ifdef KRB5
+static int
+auth_gssapi(POP *p)
+{
+    
+}
+#endif /* KRB5 */
+
+/* 
+ *  auth: RFC1734
+ */
+
+static struct {
+    const char *name;
+    int (*func)(POP *);
+} methods[] = {
+#ifdef KRB4
+    {"KERBEROS_V4",	auth_krb4},
+#endif
+#ifdef KRB5
+    {"GSSAPI",		auth_gssapi},
+#endif
+    {NULL,		NULL}
+};
+
+int
+pop_auth (POP *p)
+{
+    int i;
+
+    for (i = 0; methods[i].name != NULL; ++i)
+	if (strcasecmp(p->pop_parm[1], methods[i].name) == 0)
+	    return (*methods[i].func)(p);
+    return pop_msg(p, POP_FAILURE,
+		   "Authentication method %s unknown", p->pop_parm[1]);
+}
diff --git a/crypto/heimdal/appl/popper/pop_debug.c b/crypto/heimdal/appl/popper/pop_debug.c
new file mode 100644
index 0000000..e400278
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_debug.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Tiny program to help debug popper */
+
+#include "popper.h"
+RCSID("$Id: pop_debug.c,v 1.21 2001/02/20 01:44:47 assar Exp $");
+
+static void
+loop(int s)
+{
+    char cmd[1024];
+    char buf[1024];
+    fd_set fds;
+    while(1){
+	FD_ZERO(&fds);
+	FD_SET(0, &fds);
+	FD_SET(s, &fds);
+	if(select(s+1, &fds, 0, 0, 0) < 0)
+	    err(1, "select");
+	if(FD_ISSET(0, &fds)){
+	    fgets(cmd, sizeof(cmd), stdin);
+	    cmd[strlen(cmd) - 1] = '\0';
+	    strlcat (cmd, "\r\n", sizeof(cmd));
+	    write(s, cmd, strlen(cmd));
+	}
+	if(FD_ISSET(s, &fds)){
+	    int n = read(s, buf, sizeof(buf));
+	    if(n == 0)
+		exit(0);
+	    fwrite(buf, n, 1, stdout);
+	}
+    }
+}
+
+static int
+get_socket (const char *hostname, int port)
+{
+    int ret;
+    struct addrinfo *ai, *a;
+    struct addrinfo hints;
+    char portstr[NI_MAXSERV];
+    
+    memset (&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_STREAM;
+    snprintf (portstr, sizeof(portstr), "%d", ntohs(port));
+    ret = getaddrinfo (hostname, portstr, &hints, &ai);
+    if (ret)
+	errx (1, "getaddrinfo %s: %s", hostname, gai_strerror (ret));
+
+    for (a = ai; a != NULL; a = a->ai_next) {
+	int s;
+
+	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+	if (s < 0)
+	    continue;
+	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+	    close (s);
+	    continue;
+	}
+	freeaddrinfo (ai);
+	return s;
+    }
+    err (1, "failed to connect to %s", hostname);
+}
+
+#ifdef KRB4
+static int
+doit_v4 (char *host, int port)
+{
+    KTEXT_ST ticket;
+    MSG_DAT msg_data;
+    CREDENTIALS cred;
+    des_key_schedule sched;
+    int ret;
+    int s = get_socket (host, port);
+
+    ret = krb_sendauth(0,
+		       s,
+		       &ticket, 
+		       "pop",
+		       host,
+		       krb_realmofhost(host),
+		       getpid(),
+		       &msg_data,
+		       &cred,
+		       sched,
+		       NULL,
+		       NULL,
+		       "KPOPV0.1");
+    if(ret) {
+	warnx("krb_sendauth: %s", krb_get_err_text(ret));
+	return 1;
+    }
+    loop(s);
+    return 0;
+}
+#endif
+
+#ifdef KRB5
+static int
+doit_v5 (char *host, int port)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_auth_context auth_context = NULL;
+    krb5_principal server;
+    int s = get_socket (host, port);
+
+    ret = krb5_init_context (&context);
+    if (ret)
+	errx (1, "krb5_init_context failed: %d", ret);
+    
+    ret = krb5_sname_to_principal (context,
+				   host,
+				   "pop",
+				   KRB5_NT_SRV_HST,
+				   &server);
+    if (ret) {
+	warnx ("krb5_sname_to_principal: %s",
+	       krb5_get_err_text (context, ret));
+	return 1;
+    }
+    ret = krb5_sendauth (context,
+			 &auth_context,
+			 &s,
+			 "KPOPV1.0",
+			 NULL,
+			 server,
+			 0,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL);
+     if (ret) {
+	 warnx ("krb5_sendauth: %s",
+		krb5_get_err_text (context, ret));
+	 return 1;
+     }
+     loop (s);
+     return 0;
+}
+#endif
+
+
+#ifdef KRB4
+static int use_v4 = -1;
+#endif
+static int use_v5 = -1;
+static char *port_str;
+static int do_version;
+static int do_help;
+
+struct getargs args[] = {
+#ifdef KRB4
+    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
+      NULL },
+#endif
+    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
+      NULL },
+    { "port",	'p', arg_string,	&port_str,	"Use this port",
+      "number-or-service" },
+    { "version", 0,  arg_flag,		&do_version,	"Print version",
+      NULL },
+    { "help",	 0,  arg_flag,		&do_help,	NULL,
+      NULL }
+};
+
+static void
+usage (int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "hostname");
+    exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+    int port = 0;
+    int ret = 1;
+    int optind = 0;
+
+    setprogname(argv[0]);
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		&optind))
+	usage (1);
+
+    argc -= optind;
+    argv += optind;
+
+    if (do_help)
+	usage (0);
+
+    if (do_version) {
+	print_version (NULL);
+	return 0;
+    }
+	
+    if (argc < 1)
+	usage (1);
+
+    if (port_str) {
+	struct servent *s = roken_getservbyname (port_str, "tcp");
+
+	if (s)
+	    port = s->s_port;
+	else {
+	    char *ptr;
+
+	    port = strtol (port_str, &ptr, 10);
+	    if (port == 0 && ptr == port_str)
+		errx (1, "Bad port `%s'", port_str);
+	    port = htons(port);
+	}
+    }
+    if (port == 0) {
+#ifdef KRB5
+	port = krb5_getportbyname (NULL, "kpop", "tcp", 1109);
+#elif defined(KRB4)
+	port = k_getportbyname ("kpop", "tcp", 1109);
+#else
+#error must define KRB4 or KRB5
+#endif
+    }
+
+#if defined(KRB4) && defined(KRB5)
+    if(use_v4 == -1 && use_v5 == 1)
+	use_v4 = 0;
+    if(use_v5 == -1 && use_v4 == 1)
+	use_v5 = 0;
+#endif    
+
+#ifdef KRB5
+    if (ret && use_v5) {
+	ret = doit_v5 (argv[0], port);
+    }
+#endif
+#ifdef KRB4
+    if (ret && use_v4) {
+	ret = doit_v4 (argv[0], port);
+    }
+#endif
+    return ret;
+}
diff --git a/crypto/heimdal/appl/popper/pop_dele.c b/crypto/heimdal/appl/popper/pop_dele.c
new file mode 100644
index 0000000..f1c2952
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_dele.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_dele.c,v 1.10 1999/08/12 11:35:26 joda Exp $");
+
+/* 
+ *  dele:   Delete a message from the POP maildrop
+ */
+int
+pop_dele (POP *p)
+{
+    MsgInfoList     *   mp;         /*  Pointer to message info list */
+    int                 msg_num;
+
+    /*  Convert the message number parameter to an integer */
+    msg_num = atoi(p->pop_parm[1]);
+
+    /*  Is requested message out of range? */
+    if ((msg_num < 1) || (msg_num > p->msg_count))
+        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_num));
+
+    /*  Get a pointer to the message in the message list */
+    mp = &(p->mlp[msg_num-1]);
+
+    /*  Is the message already flagged for deletion? */
+    if (mp->flags & DEL_FLAG)
+        return (pop_msg (p,POP_FAILURE,"Message %d has already been deleted.",
+            msg_num));
+
+    /*  Flag the message for deletion */
+    mp->flags |= DEL_FLAG;
+
+#ifdef DEBUG
+    if(p->debug)
+        pop_log(p, POP_DEBUG,
+		"Deleting message %u at offset %ld of length %ld\n",
+		mp->number, mp->offset, mp->length);
+#endif /* DEBUG */
+
+    /*  Update the messages_deleted and bytes_deleted counters */
+    p->msgs_deleted++;
+    p->bytes_deleted += mp->length;
+
+    /*  Update the last-message-accessed number if it is lower than 
+        the deleted message */
+    if (p->last_msg < msg_num) p->last_msg = msg_num;
+
+    return (pop_msg (p,POP_SUCCESS,"Message %d has been deleted.",msg_num));
+}
+
+#ifdef XDELE
+/* delete a range of messages */
+int
+pop_xdele(POP *p)
+{
+    MsgInfoList     *   mp;         /*  Pointer to message info list */
+
+    int msg_min, msg_max;
+    int i;
+
+
+    msg_min = atoi(p->pop_parm[1]);
+    if(p->parm_count == 1)
+	msg_max = msg_min;
+    else
+	msg_max = atoi(p->pop_parm[2]);
+
+    if (msg_min < 1)
+        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_min));
+    if(msg_max > p->msg_count)
+        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_max));
+    for(i = msg_min; i <= msg_max; i++) {
+
+	/*  Get a pointer to the message in the message list */
+	mp = &(p->mlp[i - 1]);
+
+	/*  Is the message already flagged for deletion? */
+	if (mp->flags & DEL_FLAG)
+	    continue; /* no point in returning error */
+	/*  Flag the message for deletion */
+	mp->flags |= DEL_FLAG;
+	
+#ifdef DEBUG
+	if(p->debug)
+	    pop_log(p, POP_DEBUG,
+		    "Deleting message %u at offset %ld of length %ld\n",
+		    mp->number, mp->offset, mp->length);
+#endif /* DEBUG */
+	
+	/*  Update the messages_deleted and bytes_deleted counters */
+	p->msgs_deleted++;
+	p->bytes_deleted += mp->length;
+    }
+
+    /*  Update the last-message-accessed number if it is lower than 
+	the deleted message */
+    if (p->last_msg < msg_max) p->last_msg = msg_max;
+    
+    return (pop_msg (p,POP_SUCCESS,"Messages %d-%d has been deleted.",
+		     msg_min, msg_max));
+    
+}
+#endif /* XDELE */
diff --git a/crypto/heimdal/appl/popper/pop_dropcopy.c b/crypto/heimdal/appl/popper/pop_dropcopy.c
new file mode 100644
index 0000000..f33cfb0
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_dropcopy.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_dropcopy.c,v 1.25 1999/09/16 20:38:49 assar Exp $");
+
+/*
+ * Run as the user in `pwd'
+ */
+
+int
+changeuser(POP *p, struct passwd *pwd)
+{
+    if(setgid(pwd->pw_gid) < 0) {
+	pop_log (p, POP_PRIORITY,
+		 "Unable to change to gid %u: %s",
+		 (unsigned)pwd->pw_gid,
+		 strerror(errno));
+	return pop_msg (p, POP_FAILURE,
+			"Unable to change gid");
+    }
+    if(setuid(pwd->pw_uid) < 0) {
+	pop_log (p, POP_PRIORITY,
+		 "Unable to change to uid %u: %s",
+		 (unsigned)pwd->pw_uid,
+		 strerror(errno));
+	return pop_msg (p, POP_FAILURE,
+			"Unable to change uid");
+    }
+#ifdef DEBUG
+    if(p->debug)
+	pop_log(p, POP_DEBUG,"uid = %u, gid = %u",
+	       (unsigned)getuid(),
+	       (unsigned)getgid());
+#endif /* DEBUG */
+    return POP_SUCCESS;
+}
+
+/* 
+ *  dropcopy:   Make a temporary copy of the user's mail drop and 
+ *  save a stream pointer for it.
+ */
+
+int
+pop_dropcopy(POP *p, struct passwd *pwp)
+{
+    int                     mfd;                    /*  File descriptor for 
+                                                        the user's maildrop */
+    int                     dfd;                    /*  File descriptor for 
+                                                        the SERVER maildrop */
+    FILE		    *tf;		    /*  The temp file */
+    char		    template[POP_TMPSIZE];  /*  Temp name holder */
+    char                    buffer[BUFSIZ];         /*  Read buffer */
+    long                    offset;                 /*  Old/New boundary */
+    int                     nchar;                  /*  Bytes written/read */
+    int                     tf_fd;                  /*  fd for temp file */
+    int			    ret;
+
+    /*  Create a temporary maildrop into which to copy the updated maildrop */
+    snprintf(p->temp_drop, sizeof(p->temp_drop), POP_DROP,p->user);
+
+#ifdef DEBUG
+    if(p->debug)
+        pop_log(p,POP_DEBUG,"Creating temporary maildrop '%s'",
+            p->temp_drop);
+#endif /* DEBUG */
+
+    /* Here we work to make sure the user doesn't cause us to remove or
+     * write over existing files by limiting how much work we do while
+     * running as root.
+     */
+
+    strlcpy(template, POP_TMPDROP, sizeof(template));
+    if ((tf_fd = mkstemp(template)) < 0 ||
+	(tf = fdopen(tf_fd, "w+")) == NULL) {
+        pop_log(p,POP_PRIORITY,
+            "Unable to create temporary temporary maildrop '%s': %s",template,
+		strerror(errno));
+        return pop_msg(p,POP_FAILURE,
+		"System error, can't create temporary file.");
+    }
+
+    /* Now give this file to the user	*/
+    chown(template, pwp->pw_uid, pwp->pw_gid);
+    chmod(template, 0600);
+
+    /* Now link this file to the temporary maildrop.  If this fails it
+     * is probably because the temporary maildrop already exists.  If so,
+     * this is ok.  We can just go on our way, because by the time we try
+     * to write into the file we will be running as the user.
+     */
+    link(template,p->temp_drop);
+    fclose(tf);
+    unlink(template);
+
+    ret = changeuser(p, pwp);
+    if (ret != POP_SUCCESS)
+	return ret;
+
+    /* Open for append,  this solves the crash recovery problem */
+    if ((dfd = open(p->temp_drop,O_RDWR|O_APPEND|O_CREAT,0600)) == -1){
+        pop_log(p,POP_PRIORITY,
+            "Unable to open temporary maildrop '%s': %s",p->temp_drop,
+		strerror(errno));
+        return pop_msg(p,POP_FAILURE,
+		"System error, can't open temporary file, do you own it?");
+    }
+
+    /*  Lock the temporary maildrop */
+    if ( flock (dfd, (LOCK_EX | LOCK_NB)) == -1 ) 
+    switch(errno) {
+        case EWOULDBLOCK:
+            return pop_msg(p,POP_FAILURE,
+                 "Maildrop lock busy!  Is another session active?");
+            /* NOTREACHED */
+        default:
+            return pop_msg(p,POP_FAILURE,"flock: '%s': %s", p->temp_drop,
+		strerror(errno));
+            /* NOTREACHED */
+        }
+    
+    /* May have grown or shrunk between open and lock! */
+    offset = lseek(dfd,0, SEEK_END);
+
+    /*  Open the user's maildrop, If this fails,  no harm in assuming empty */
+    if ((mfd = open(p->drop_name,O_RDWR)) > 0) {
+
+        /*  Lock the maildrop */
+        if (flock (mfd, LOCK_EX) == -1) {
+            close(mfd) ;
+            return pop_msg(p,POP_FAILURE, "flock: '%s': %s", p->temp_drop,
+		strerror(errno));
+        }
+
+        /*  Copy the actual mail drop into the temporary mail drop */
+        while ( (nchar=read(mfd,buffer,BUFSIZ)) > 0 )
+            if ( nchar != write(dfd,buffer,nchar) ) {
+                nchar = -1 ;
+                break ;
+            }
+
+        if ( nchar != 0 ) {
+            /* Error adding new mail.  Truncate to original size,
+               and leave the maildrop as is.  The user will not 
+               see the new mail until the error goes away.
+               Should let them process the current backlog,  in case
+               the error is a quota problem requiring deletions! */
+            ftruncate(dfd,(int)offset) ;
+        } else {
+            /* Mail transferred!  Zero the mail drop NOW,  that we
+               do not have to do gymnastics to figure out what's new
+               and what is old later */
+            ftruncate(mfd,0) ;
+        }
+
+        /*  Close the actual mail drop */
+        close (mfd);
+    }
+
+    /*  Acquire a stream pointer for the temporary maildrop */
+    if ( (p->drop = fdopen(dfd,"a+")) == NULL ) {
+        close(dfd) ;
+        return pop_msg(p,POP_FAILURE,"Cannot assign stream for %s",
+            p->temp_drop);
+    }
+
+    rewind (p->drop);
+
+    return(POP_SUCCESS);
+}
diff --git a/crypto/heimdal/appl/popper/pop_dropinfo.c b/crypto/heimdal/appl/popper/pop_dropinfo.c
new file mode 100644
index 0000000..71922d2
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_dropinfo.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_dropinfo.c,v 1.24 1999/09/16 20:38:49 assar Exp $");
+
+#if defined(UIDL) || defined(XOVER)
+
+/*
+ * Copy the string found after after : into a malloced buffer. Stop
+ * copying at end of string or end of line. End of line delimiter is
+ * not part of the resulting copy.
+ */
+static
+char *
+find_value_after_colon(char *p)
+{
+  char *t, *tmp;
+
+  for (; *p != 0 && *p != ':'; p++) /* Find : */
+    ;
+
+  if (*p == 0)
+    goto error;
+
+  p++;				/* Skip over : */
+
+  for(; *p == ' ' || *p == '\t'; p++) /* Remove white space */
+    ;
+
+  for (t = p; *t != 0 && *t != '\n' && *t != '\r'; t++)	/* Find end of str */
+    ;
+
+  tmp = t = malloc(t - p + 1);
+  if (tmp == 0)
+    goto error;
+
+  for (; *p != 0 && *p != '\n' && *p != '\r'; p++, t++)	/* Copy characters */
+    *t = *p;
+  *t = 0;			/* Terminate string */
+  return tmp;
+
+error:
+  return "ErrorUIDL";
+}
+#endif
+
+void
+parse_header(MsgInfoList *mp, char *buffer)
+{
+#if defined(UIDL) || defined(XOVER)
+    if (strncasecmp("Message-Id:",buffer, 11) == 0) {
+	if (mp->msg_id == NULL)
+	    mp->msg_id = find_value_after_colon(buffer);
+    } 
+#ifdef UIDL
+    else if (strncasecmp(buffer, "X-UIDL:", 7) == 0) {
+	/* Courtesy to Qualcomm, there really is no such 
+	   thing as X-UIDL */
+	mp->msg_id = find_value_after_colon(buffer);
+    }
+#endif
+#endif
+#ifdef XOVER
+    else if (strncasecmp("Subject:", buffer, 8) == 0) {
+	if(mp->subject == NULL){
+	    char *p;
+	    mp->subject = find_value_after_colon(buffer);
+	    for(p = mp->subject; *p; p++)
+		if(*p == '\t') *p = ' ';
+	}
+    }
+    else if (strncasecmp("From:", buffer, 5) == 0) {
+	if(mp->from == NULL){
+	    char *p;
+	    mp->from = find_value_after_colon(buffer);
+	    for(p = mp->from; *p; p++)
+		if(*p == '\t') *p = ' ';
+	}
+    }
+    else if (strncasecmp("Date:", buffer, 5) == 0) {
+	if(mp->date == NULL){
+	    char *p;
+	    mp->date = find_value_after_colon(buffer);
+	    for(p = mp->date; *p; p++)
+		if(*p == '\t') *p = ' ';
+	}
+    }
+#endif
+}
+
+int
+add_missing_headers(POP *p, MsgInfoList *mp)
+{
+#if defined(UIDL) || defined(XOVER)
+    if (mp->msg_id == NULL) {
+	asprintf(&mp->msg_id, "no-message-id-%d", mp->number);
+	if(mp->msg_id == NULL) {
+	    fclose (p->drop);
+	    p->msg_count = 0;
+	    return pop_msg (p,POP_FAILURE,
+			    "Can't build message list for '%s': Out of memory",
+                            p->user);
+	}
+    }
+#endif	    
+#ifdef XOVER
+    if (mp->subject == NULL)
+	mp->subject = "<none>";
+    if (mp->from == NULL)
+	mp->from = "<unknown>";
+    if (mp->date == NULL)
+	mp->date = "<unknown>";
+#endif
+    return POP_SUCCESS;
+}
+
+/* 
+ *  dropinfo:   Extract information about the POP maildrop and store 
+ *  it for use by the other POP routines.
+ */
+
+int
+pop_dropinfo(POP *p)
+{
+    char                    buffer[BUFSIZ];         /*  Read buffer */
+    MsgInfoList         *   mp;                     /*  Pointer to message 
+                                                        info list */
+    int			    msg_num;                /*  Current message 
+                                                        counter */
+    int                     nchar;                  /*  Bytes written/read */
+    int blank_line = 1; /* previous line was blank */
+    int in_header = 0; /* if we are in a header block */
+    
+    /*  Initialize maildrop status variables in the POP parameter block */
+    p->msg_count = 0;
+    p->msgs_deleted = 0;
+    p->last_msg = 0;
+    p->bytes_deleted = 0;
+    p->drop_size = 0;
+
+    /*  Allocate memory for message information structures */
+    p->msg_count = ALLOC_MSGS;
+    p->mlp = (MsgInfoList *)calloc((unsigned)p->msg_count,sizeof(MsgInfoList));
+    if (p->mlp == NULL){
+        fclose (p->drop);
+        p->msg_count = 0;
+        return pop_msg (p,POP_FAILURE,
+            "Can't build message list for '%s': Out of memory", p->user);
+    }
+
+    rewind (p->drop);
+
+    /*  Scan the file, loading the message information list with 
+        information about each message */
+
+    for (msg_num = p->drop_size = 0, mp = p->mlp - 1;
+             fgets(buffer,MAXMSGLINELEN,p->drop);) {
+
+        nchar  = strlen(buffer);
+
+        if (blank_line && strncmp(buffer,"From ",5) == 0) {
+	    in_header = 1;
+            if (++msg_num > p->msg_count) {
+                p->mlp=(MsgInfoList *) realloc(p->mlp,
+                    (p->msg_count+=ALLOC_MSGS)*sizeof(MsgInfoList));
+                if (p->mlp == NULL){
+                    fclose (p->drop);
+                    p->msg_count = 0;
+                    return pop_msg (p,POP_FAILURE,
+                        "Can't build message list for '%s': Out of memory",
+                            p->user);
+                }
+                mp = p->mlp + msg_num - 2;
+            }
+            ++mp;
+            mp->number = msg_num;
+            mp->length = 0;
+            mp->lines = 0;
+            mp->offset = ftell(p->drop) - nchar;
+            mp->flags = 0;
+#if defined(UIDL) || defined(XOVER)
+	    mp->msg_id = 0;
+#endif
+#ifdef XOVER
+	    mp->subject = 0;
+	    mp->from = 0;
+	    mp->date = 0;
+#endif
+#ifdef DEBUG
+            if(p->debug)
+                pop_log(p, POP_DEBUG,
+			"Msg %d at offset %ld being added to list",
+			mp->number, mp->offset);
+#endif /* DEBUG */
+        } else if(in_header)
+	    parse_header(mp, buffer);
+	blank_line = (strncmp(buffer, "\n", nchar) == 0);
+	if(blank_line) {
+	    int e;
+	    in_header = 0;
+	    e = add_missing_headers(p, mp);
+	    if(e != POP_SUCCESS)
+		return e;
+	}
+        mp->length += nchar;
+        p->drop_size += nchar;
+        mp->lines++;
+    }
+    p->msg_count = msg_num;
+
+#ifdef DEBUG
+    if(p->debug && msg_num > 0) {
+        int i;
+        for (i = 0, mp = p->mlp; i < p->msg_count; i++, mp++)
+#ifdef UIDL
+	    pop_log(p,POP_DEBUG,
+		    "Msg %d at offset %ld is %ld octets long and has %u lines and id %s.",
+                    mp->number,mp->offset,mp->length,mp->lines, mp->msg_id);
+#else	
+            pop_log(p,POP_DEBUG,
+                "Msg %d at offset %d is %d octets long and has %u lines.",
+                    mp->number,mp->offset,mp->length,mp->lines);
+#endif
+    }
+#endif /* DEBUG */
+
+    return(POP_SUCCESS);
+}
diff --git a/crypto/heimdal/appl/popper/pop_get_command.c b/crypto/heimdal/appl/popper/pop_get_command.c
new file mode 100644
index 0000000..e43c1d9
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_get_command.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_get_command.c,v 1.15 1999/09/16 20:38:49 assar Exp $");
+
+/* 
+ *  get_command:    Extract the command from an input line form a POP client
+ */
+
+static state_table states[] = {
+        {auth1,  "user", 1,  1,  pop_user,   {auth1, auth2}},
+        {auth2,  "pass", 1,  99, pop_pass,   {auth1, trans}},
+#ifdef RPOP
+        {auth2,  "rpop", 1,  1,  pop_rpop,   {auth1, trans}},
+#endif /* RPOP */
+        {auth1,  "quit", 0,  0,  pop_quit,   {halt,  halt}},
+        {auth2,  "quit", 0,  0,  pop_quit,   {halt,  halt}},
+        {trans,  "stat", 0,  0,  pop_stat,   {trans, trans}},
+        {trans,  "list", 0,  1,  pop_list,   {trans, trans}},
+        {trans,  "retr", 1,  1,  pop_send,   {trans, trans}},
+        {trans,  "dele", 1,  1,  pop_dele,   {trans, trans}},
+        {trans,  "noop", 0,  0,  NULL,       {trans, trans}},
+        {trans,  "rset", 0,  0,  pop_rset,   {trans, trans}},
+        {trans,  "top",  2,  2,  pop_send,   {trans, trans}},
+        {trans,  "last", 0,  0,  pop_last,   {trans, trans}},
+        {trans,  "quit", 0,  0,  pop_updt,   {halt,  halt}},
+	{trans,  "help", 0,  0,  pop_help,   {trans, trans}},
+#ifdef UIDL
+        {trans,  "uidl", 0,  1,  pop_uidl,   {trans, trans}},
+#endif
+#ifdef XOVER
+	{trans,	"xover", 0,  0,	 pop_xover,  {trans, trans}},
+#endif
+#ifdef XDELE
+        {trans,  "xdele", 1,  2,  pop_xdele,   {trans, trans}},
+#endif
+        {(state) 0,  NULL,   0,  0,  NULL,       {halt,  halt}},
+};
+
+state_table *
+pop_get_command(POP *p, char *mp)
+{
+    state_table     *   s;
+    char                buf[MAXMSGLINELEN];
+
+    /*  Save a copy of the original client line */
+#ifdef DEBUG
+    if(p->debug) strlcpy (buf, mp, sizeof(buf));
+#endif /* DEBUG */
+
+    /*  Parse the message into the parameter array */
+    if ((p->parm_count = pop_parse(p,mp)) < 0) return(NULL);
+
+    /*  Do not log cleartext passwords */
+#ifdef DEBUG
+    if(p->debug){
+        if(strcmp(p->pop_command,"pass") == 0)
+            pop_log(p,POP_DEBUG,"Received: \"%s xxxxxxxxx\"",p->pop_command);
+        else {
+            /*  Remove trailing <LF> */
+            buf[strlen(buf)-2] = '\0';
+            pop_log(p,POP_DEBUG,"Received: \"%s\"",buf);
+        }
+    }
+#endif /* DEBUG */
+
+    /*  Search for the POP command in the command/state table */
+    for (s = states; s->command; s++) {
+
+        /*  Is this a valid command for the current operating state? */
+        if (strcmp(s->command,p->pop_command) == 0
+             && s->ValidCurrentState == p->CurrentState) {
+
+            /*  Were too few parameters passed to the command? */
+            if (p->parm_count < s->min_parms) {
+                pop_msg(p,POP_FAILURE,
+			"Too few arguments for the %s command.",
+			p->pop_command);
+		return NULL;
+	    }
+
+            /*  Were too many parameters passed to the command? */
+            if (p->parm_count > s->max_parms) {
+                pop_msg(p,POP_FAILURE,
+			"Too many arguments for the %s command.",
+			p->pop_command);
+		return NULL;
+	   }
+
+            /*  Return a pointer to the entry for this command in 
+                the command/state table */
+            return (s);
+        }
+    }
+    /*  The client command was not located in the command/state table */
+    pop_msg(p,POP_FAILURE,
+	    "Unknown command: \"%s\".",p->pop_command);
+    return NULL;
+}
+
+int
+pop_help (POP *p)
+{
+    state_table		*s;
+
+    pop_msg(p, POP_SUCCESS, "help");
+
+    for (s = states; s->command; s++) {
+	fprintf (p->output, "%s\r\n", s->command);
+    }
+    fprintf (p->output, ".\r\n");
+    fflush (p->output);
+    return POP_SUCCESS;
+}
diff --git a/crypto/heimdal/appl/popper/pop_init.c b/crypto/heimdal/appl/popper/pop_init.c
new file mode 100644
index 0000000..7487ce6
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_init.c
@@ -0,0 +1,398 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_init.c,v 1.58 2001/02/20 01:44:47 assar Exp $");
+
+
+#if defined(KRB4) || defined(KRB5)
+
+static int
+pop_net_read(POP *p, int fd, void *buf, size_t len)
+{
+#ifdef KRB5
+    return krb5_net_read(p->context, &fd, buf, len);
+#elif defined(KRB4)
+    return krb_net_read(fd, buf, len);
+#endif
+}
+#endif
+
+static char *addr_log;
+
+static void
+pop_write_addr(POP *p, struct sockaddr *addr)
+{
+    char ts[32];
+    char as[128];
+    time_t t;
+    FILE *f;
+    if(addr_log == NULL)
+	return;
+    t = time(NULL);
+    strftime(ts, sizeof(ts), "%Y%m%d%H%M%S", localtime(&t));
+    if(inet_ntop (addr->sa_family, socket_get_address(addr), 
+		  as, sizeof(as)) == NULL) {
+        pop_log(p, POP_PRIORITY, "failed to print address");
+	return;
+    }
+    
+    f = fopen(addr_log, "a");
+    if(f == NULL) {
+        pop_log(p, POP_PRIORITY, "failed to open address log (%s)", addr_log);
+	return;
+    }
+    fprintf(f, "%s %s\n", as, ts);
+    fclose(f);
+}
+
+#ifdef KRB4
+static int
+krb4_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
+{
+    Key_schedule schedule;
+    KTEXT_ST ticket;
+    char instance[INST_SZ];  
+    char version[9];
+    int auth;
+  
+    if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
+	return -1;
+    if (pop_net_read (p, s, buf + 4,
+		      KRB_SENDAUTH_VLEN - 4) != KRB_SENDAUTH_VLEN - 4)
+	return -1;
+    if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
+	return -1;
+
+    k_getsockinst (0, instance, sizeof(instance));
+    auth = krb_recvauth(KOPT_IGNORE_PROTOCOL,
+			s,
+			&ticket,
+			"pop",
+			instance,
+                        (struct sockaddr_in *)addr,
+			(struct sockaddr_in *) NULL,
+                        &p->kdata,
+			"",
+			schedule,
+			version);
+    
+    if (auth != KSUCCESS) {
+        pop_msg(p, POP_FAILURE, "Kerberos authentication failure: %s", 
+                krb_get_err_text(auth));
+        pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client, 
+                p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
+		krb_get_err_text(auth));
+	return -1;
+    }
+
+#ifdef DEBUG
+    pop_log(p, POP_DEBUG, "%s.%s@%s (%s): ok", p->kdata.pname, 
+            p->kdata.pinst, p->kdata.prealm, p->ipaddr);
+#endif /* DEBUG */
+    return 0;
+}
+#endif /* KRB4 */
+
+#ifdef KRB5
+static int
+krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
+{
+    krb5_error_code ret;
+    krb5_auth_context auth_context = NULL;
+    u_int32_t len;
+    krb5_ticket *ticket;
+    char *server;
+
+    if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
+	return -1;
+    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
+	
+    if (krb5_net_read(p->context, &s, buf, len) != len)
+	return -1;
+    if (len != sizeof(KRB5_SENDAUTH_VERSION)
+	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
+	return -1;
+
+    ret = krb5_recvauth (p->context,
+			 &auth_context,
+			 &s,
+			 "KPOPV1.0",
+			 NULL, /* let rd_req figure out what server to use */
+			 KRB5_RECVAUTH_IGNORE_VERSION,
+			 NULL,
+			 &ticket);
+    if (ret) {
+	pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
+		krb5_get_err_text(p->context, ret));
+	return -1;
+    }
+
+
+    ret = krb5_unparse_name(p->context, ticket->server, &server);
+    if(ret) {
+	pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", 
+		krb5_get_err_text(p->context, ret));
+	ret = -1;
+	goto out;
+    }
+    /* does this make sense? */
+    if(strncmp(server, "pop/", 4) != 0) {
+	pop_log(p, POP_PRIORITY,
+		"Got ticket for service `%s'", server);
+	ret = -1;
+	goto out;
+    } else if(p->debug)
+	pop_log(p, POP_DEBUG, 
+		"Accepted ticket for service `%s'", server);
+    free(server);
+ out:
+    krb5_auth_con_free (p->context, auth_context);
+    krb5_copy_principal (p->context, ticket->client, &p->principal);
+    krb5_free_ticket (p->context, ticket);
+
+    return ret;
+}
+#endif
+
+static int
+krb_authenticate(POP *p, struct sockaddr *addr)
+{
+#if defined(KRB4) || defined(KRB5)
+    u_char buf[BUFSIZ];
+
+    if (pop_net_read (p, 0, buf, 4) != 4) {
+	pop_msg(p, POP_FAILURE, "Reading four bytes: %s",
+		strerror(errno));
+	exit (1);
+    }
+#ifdef KRB4
+    if (krb4_authenticate (p, 0, buf, addr) == 0){
+	pop_write_addr(p, addr);
+	p->version = 4;
+	return POP_SUCCESS;
+    }
+#endif
+#ifdef KRB5
+    if (krb5_authenticate (p, 0, buf, addr) == 0){
+	pop_write_addr(p, addr);
+	p->version = 5;
+	return POP_SUCCESS;
+    }
+#endif
+    exit (1);
+	
+#endif /* defined(KRB4) || defined(KRB5) */
+
+    return(POP_SUCCESS);
+}
+
+static int
+plain_authenticate (POP *p, struct sockaddr *addr)
+{
+    return(POP_SUCCESS);
+}
+
+static int kerberos_flag;
+static char *auth_str;
+static int debug_flag;
+static int interactive_flag;
+static char *port_str;
+static char *trace_file;
+static int timeout;
+static int help_flag;
+static int version_flag;
+
+static struct getargs args[] = {
+#if defined(KRB4) || defined(KRB5)
+    { "kerberos", 'k', arg_flag, &kerberos_flag, "use kerberos" },
+#endif
+    { "auth-mode", 'a', arg_string, &auth_str, "required authentication" },
+    { "debug", 'd', arg_flag, &debug_flag },
+    { "interactive", 'i', arg_flag, &interactive_flag, "create new socket" },
+    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
+    { "trace-file", 't', arg_string, &trace_file, "trace all command to file", "file" },
+    { "timeout", 'T', arg_integer, &timeout, "timeout", "seconds" },
+    { "address-log", 0, arg_string, &addr_log, "enable address log", "file" },
+    { "help", 'h', arg_flag, &help_flag },
+    { "version", 'v', arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+/* 
+ *  init:   Start a Post Office Protocol session
+ */
+
+static int
+pop_getportbyname(POP *p, const char *service, 
+		  const char *proto, short def)
+{
+#ifdef KRB5
+    return krb5_getportbyname(p->context, service, proto, def);
+#elif defined(KRB4)
+    return k_getportbyname(service, proto, htons(def));
+#else
+    return htons(default);
+#endif
+}
+
+int
+pop_init(POP *p,int argcount,char **argmessage)
+{
+    struct sockaddr_storage cs_ss;
+    struct sockaddr *cs = (struct sockaddr *)&cs_ss;
+    socklen_t		    len;
+    char                *   trace_file_name = "/tmp/popper-trace";
+    int			    portnum = 0;
+    int 		    optind = 0;
+    int			    error;
+
+    /*  Initialize the POP parameter block */
+    memset (p, 0, sizeof(POP));
+
+    setprogname(argmessage[0]);
+
+    /*  Save my name in a global variable */
+    p->myname = (char*)getprogname();
+
+    /*  Get the name of our host */
+    gethostname(p->myhost,MaxHostNameLen);
+
+#ifdef KRB5
+    {
+	krb5_error_code ret;
+
+	ret = krb5_init_context (&p->context);
+	if (ret)
+	    errx (1, "krb5_init_context failed: %d", ret);
+
+	krb5_openlog(p->context, p->myname, &p->logf);
+	krb5_set_warn_dest(p->context, p->logf);
+    }
+#else
+    /*  Open the log file */
+    roken_openlog(p->myname,POP_LOGOPTS,POP_FACILITY);
+#endif
+
+    p->auth_level = AUTH_NONE;
+
+    if(getarg(args, num_args, argcount, argmessage, &optind)){
+	arg_printusage(args, num_args, NULL, "");
+	exit(1);
+    }
+    if(help_flag){
+	arg_printusage(args, num_args, NULL, "");
+	exit(0);
+    }
+    if(version_flag){
+	print_version(NULL);
+	exit(0);
+    }
+
+    argcount -= optind;
+    argmessage += optind;
+
+    if (argcount != 0) {
+	arg_printusage(args, num_args, NULL, "");
+	exit(1);
+    }
+
+    if(auth_str){
+	if (strcmp (auth_str, "none") == 0)
+	    p->auth_level = AUTH_NONE;
+	else if(strcmp(auth_str, "otp") == 0)
+	    p->auth_level = AUTH_OTP;
+	else
+	    warnx ("bad value for -a: %s", optarg);
+    }
+    /*  Debugging requested */
+    p->debug = debug_flag;
+
+    if(port_str)
+	portnum = htons(atoi(port_str));
+    if(trace_file){
+	p->debug++;
+	if ((p->trace = fopen(trace_file, "a+")) == NULL) {
+	    pop_log(p, POP_PRIORITY,
+		    "Unable to open trace file \"%s\", err = %d",
+		    optarg,errno);
+	    exit (1);
+	}
+	trace_file_name = trace_file;
+    }
+
+#if defined(KRB4) || defined(KRB5)
+    p->kerberosp = kerberos_flag;
+#endif
+
+    if(timeout)
+	pop_timeout = timeout;
+    
+    /* Fake inetd */
+    if (interactive_flag) {
+	if (portnum == 0)
+	    portnum = p->kerberosp ?
+		pop_getportbyname(p, "kpop", "tcp", 1109) :
+	    pop_getportbyname(p, "pop", "tcp", 110);
+	mini_inetd (portnum);
+    }
+
+    /*  Get the address and socket of the client to whom I am speaking */
+    len = sizeof(cs_ss);
+    if (getpeername(STDIN_FILENO, cs, &len) < 0) {
+        pop_log(p,POP_PRIORITY,
+            "Unable to obtain socket and address of client, err = %d",errno);
+        exit (1);
+    }
+
+    /*  Save the dotted decimal form of the client's IP address 
+        in the POP parameter block */
+    inet_ntop (cs->sa_family, socket_get_address (cs),
+	       p->ipaddr, sizeof(p->ipaddr));
+
+    /*  Save the client's port */
+    p->ipport = ntohs(socket_get_port (cs));
+
+    /*  Get the canonical name of the host to whom I am speaking */
+    error = getnameinfo_verified (cs, len, p->client, sizeof(p->client),
+				  NULL, 0, 0);
+    if (error) {
+	pop_log (p, POP_PRIORITY,
+		 "getnameinfo: %s", gai_strerror (error));
+	strlcpy (p->client, p->ipaddr, sizeof(p->client));
+    }
+
+    /*  Create input file stream for TCP/IP communication */
+    if ((p->input = fdopen(STDIN_FILENO,"r")) == NULL){
+        pop_log(p,POP_PRIORITY,
+            "Unable to open communication stream for input, err = %d",errno);
+        exit (1);
+    }
+
+    /*  Create output file stream for TCP/IP communication */
+    if ((p->output = fdopen(STDOUT_FILENO,"w")) == NULL){
+        pop_log(p,POP_PRIORITY,
+            "Unable to open communication stream for output, err = %d",errno);
+        exit (1);
+    }
+
+    pop_log(p,POP_PRIORITY,
+        "(v%s) Servicing request from \"%s\" at %s\n",
+            VERSION,p->client,p->ipaddr);
+
+#ifdef DEBUG
+    if (p->trace)
+        pop_log(p,POP_PRIORITY,
+            "Tracing session and debugging information in file \"%s\"",
+                trace_file_name);
+    else if (p->debug)
+        pop_log(p,POP_PRIORITY,"Debugging turned on");
+#endif /* DEBUG */
+
+
+    return((p->kerberosp ? krb_authenticate : plain_authenticate)(p, cs));
+}
diff --git a/crypto/heimdal/appl/popper/pop_last.c b/crypto/heimdal/appl/popper/pop_last.c
new file mode 100644
index 0000000..36fdd0d
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_last.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_last.c,v 1.6 1996/10/28 16:25:28 assar Exp $");
+
+/* 
+ *  last:   Display the last message touched in a POP session
+ */
+
+int
+pop_last (POP *p)
+{
+    return (pop_msg(p,POP_SUCCESS,"%u is the last message seen.",p->last_msg));
+}
diff --git a/crypto/heimdal/appl/popper/pop_list.c b/crypto/heimdal/appl/popper/pop_list.c
new file mode 100644
index 0000000..aa7666a
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_list.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_list.c,v 1.10 1998/04/23 17:37:47 joda Exp $");
+
+/* 
+ *  list:   List the contents of a POP maildrop
+ */
+
+int
+pop_list (POP *p)
+{
+    MsgInfoList         *   mp;         /*  Pointer to message info list */
+    int		            i;
+    int			    msg_num;
+
+    /*  Was a message number provided? */
+    if (p->parm_count > 0) {
+        msg_num = atoi(p->pop_parm[1]);
+
+        /*  Is requested message out of range? */
+        if ((msg_num < 1) || (msg_num > p->msg_count))
+            return (pop_msg (p,POP_FAILURE,
+                "Message %d does not exist.",msg_num));
+
+        /*  Get a pointer to the message in the message list */
+        mp = &p->mlp[msg_num-1];
+
+        /*  Is the message already flagged for deletion? */
+        if (mp->flags & DEL_FLAG)
+            return (pop_msg (p,POP_FAILURE,
+                "Message %d has been deleted.",msg_num));
+
+        /*  Display message information */
+        return (pop_msg(p,POP_SUCCESS,"%d %ld",msg_num,mp->length));
+    }
+    
+    /*  Display the entire list of messages */
+    pop_msg(p,POP_SUCCESS,
+	    "%d messages (%ld octets)",
+            p->msg_count-p->msgs_deleted,
+	    p->drop_size-p->bytes_deleted);
+
+    /*  Loop through the message information list.  Skip deleted messages */
+    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
+        if (!(mp->flags & DEL_FLAG)) 
+            fprintf(p->output,"%u %lu\r\n",mp->number,mp->length);
+    }
+
+    /*  "." signals the end of a multi-line transmission */
+    fprintf(p->output,".\r\n");
+    fflush(p->output);
+
+    return(POP_SUCCESS);
+}
diff --git a/crypto/heimdal/appl/popper/pop_log.c b/crypto/heimdal/appl/popper/pop_log.c
new file mode 100644
index 0000000..deb9841
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_log.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_log.c,v 1.13 1997/10/14 21:59:07 joda Exp $");
+
+/* 
+ *  log:    Make a log entry
+ */
+
+int
+pop_log(POP *p, int stat, char *format, ...)
+{
+    char msgbuf[MAXLINELEN];
+    va_list     ap;
+
+    va_start(ap, format);
+    vsnprintf(msgbuf, sizeof(msgbuf), format, ap);
+
+    if (p->debug && p->trace) {
+        fprintf(p->trace,"%s\n",msgbuf);
+        fflush(p->trace);
+    } else {
+#ifdef KRB5
+	krb5_log(p->context, p->logf, stat, "%s", msgbuf);
+#else
+        syslog (stat,"%s",msgbuf);
+#endif
+    }
+    va_end(ap);
+
+    return(stat);
+}
diff --git a/crypto/heimdal/appl/popper/pop_msg.c b/crypto/heimdal/appl/popper/pop_msg.c
new file mode 100644
index 0000000..12887a4
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_msg.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_msg.c,v 1.16 1999/09/16 20:38:50 assar Exp $");
+
+/* 
+ *  msg:    Send a formatted line to the POP client
+ */
+
+int
+pop_msg(POP *p, int stat, char *format, ...)
+{
+    char	       *mp;
+    char                message[MAXLINELEN];
+    va_list             ap;
+
+    va_start(ap, format);
+    
+    /*  Point to the message buffer */
+    mp = message;
+
+    /*  Format the POP status code at the beginning of the message */
+    snprintf (mp, sizeof(message), "%s ",
+	      (stat == POP_SUCCESS) ? POP_OK : POP_ERR);
+
+    /*  Point past the POP status indicator in the message message */
+    mp += strlen(mp);
+
+    /*  Append the message (formatted, if necessary) */
+    if (format) 
+	vsnprintf (mp, sizeof(message) - strlen(message),
+		   format, ap);
+    
+    /*  Log the message if debugging is turned on */
+#ifdef DEBUG
+    if (p->debug && stat == POP_SUCCESS)
+        pop_log(p,POP_DEBUG,"%s",message);
+#endif /* DEBUG */
+
+    /*  Log the message if a failure occurred */
+    if (stat != POP_SUCCESS) 
+        pop_log(p,POP_PRIORITY,"%s",message);
+
+    /*  Append the <CR><LF> */
+    strlcat(message, "\r\n", sizeof(message));
+        
+    /*  Send the message to the client */
+    fputs(message, p->output);
+    fflush(p->output);
+
+    va_end(ap);
+    return(stat);
+}
diff --git a/crypto/heimdal/appl/popper/pop_parse.c b/crypto/heimdal/appl/popper/pop_parse.c
new file mode 100644
index 0000000..37aef36
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_parse.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_parse.c,v 1.9 1999/03/13 21:17:27 assar Exp $");
+
+/* 
+ *  parse:  Parse a raw input line from a POP client 
+ *  into null-delimited tokens
+ */
+
+int
+pop_parse(POP *p, char *buf)
+{
+    char            *   mp;
+    int        i;
+    
+    /*  Loop through the POP command array */
+    for (mp = buf, i = 0; ; i++) {
+    
+        /*  Skip leading spaces and tabs in the message */
+        while (isspace((unsigned char)*mp))mp++;
+
+        /*  Are we at the end of the message? */
+        if (*mp == 0) break;
+
+        /*  Have we already obtained the maximum allowable parameters? */
+        if (i >= MAXPARMCOUNT) {
+            pop_msg(p,POP_FAILURE,"Too many arguments supplied.");
+            return(-1);
+        }
+
+        /*  Point to the start of the token */
+        p->pop_parm[i] = mp;
+
+        /*  Search for the first space character (end of the token) */
+        while (!isspace((unsigned char)*mp) && *mp) mp++;
+
+        /*  Delimit the token with a null */
+        if (*mp) *mp++ = 0;
+    }
+
+    /*  Were any parameters passed at all? */
+    if (i == 0) return (-1);
+
+    /*  Convert the first token (POP command) to lower case */
+    strlwr(p->pop_command);
+
+    /*  Return the number of tokens extracted minus the command itself */
+    return (i-1);
+    
+}
diff --git a/crypto/heimdal/appl/popper/pop_pass.c b/crypto/heimdal/appl/popper/pop_pass.c
new file mode 100644
index 0000000..cebd780
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_pass.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_pass.c,v 1.41 2000/04/12 15:37:46 assar Exp $");
+
+#ifdef KRB4
+static int
+krb4_verify_password (POP *p)
+{
+    int status;
+    char lrealm[REALM_SZ];
+    char tkt[MaxPathLen];
+
+    status = krb_get_lrealm(lrealm,1);
+    if (status == KFAILURE) {
+        pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client,
+		p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
+		krb_get_err_text(status));
+	return 1;
+    }
+    snprintf(tkt, sizeof(tkt), "%s_popper.%u", TKT_ROOT, (unsigned)getpid());
+    krb_set_tkt_string (tkt);
+
+    status = krb_verify_user(p->user, "", lrealm,
+			     p->pop_parm[1], KRB_VERIFY_SECURE, "pop");
+    dest_tkt(); /* no point in keeping the tickets */
+    return status;
+}
+#endif /* KRB4 */
+
+#ifdef KRB5
+static int
+krb5_verify_password (POP *p)
+{
+    krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
+    krb5_get_init_creds_opt get_options;
+    krb5_verify_init_creds_opt verify_options;
+    krb5_error_code ret;
+    krb5_principal client, server;
+    krb5_creds creds;
+
+    krb5_get_init_creds_opt_init (&get_options);
+
+    krb5_get_init_creds_opt_set_preauth_list (&get_options,
+					      pre_auth_types,
+					      1);
+
+    krb5_verify_init_creds_opt_init (&verify_options);
+    
+    ret = krb5_parse_name (p->context, p->user, &client);
+    if (ret) {
+	pop_log(p, POP_PRIORITY, "krb5_parse_name: %s",
+		krb5_get_err_text (p->context, ret));
+	return 1;
+    }
+
+    ret = krb5_get_init_creds_password (p->context,
+					&creds,
+					client,
+					p->pop_parm[1],
+					NULL,
+					NULL,
+					0,
+					NULL,
+					&get_options);
+    if (ret) {
+	pop_log(p, POP_PRIORITY,
+		"krb5_get_init_creds_password: %s",
+		krb5_get_err_text (p->context, ret));
+	return 1;
+    }
+
+    ret = krb5_sname_to_principal (p->context,
+				   p->myhost,
+				   "pop",
+				   KRB5_NT_SRV_HST,
+				   &server);
+    if (ret) {
+	pop_log(p, POP_PRIORITY,
+		"krb5_get_init_creds_password: %s",
+		krb5_get_err_text (p->context, ret));
+	return 1;
+    }
+
+    ret = krb5_verify_init_creds (p->context,
+				  &creds,
+				  server,
+				  NULL,
+				  NULL,
+				  &verify_options);
+    krb5_free_principal (p->context, client);
+    krb5_free_principal (p->context, server);
+    krb5_free_creds_contents (p->context, &creds);
+    return ret;
+}
+#endif
+/* 
+ *  pass:   Obtain the user password from a POP client
+ */
+
+int
+pop_pass (POP *p)
+{
+    struct passwd  *pw;
+    int i;
+    struct stat st;
+
+    /* Make one string of all these parameters */
+    
+    for (i = 1; i < p->parm_count; ++i)
+	p->pop_parm[i][strlen(p->pop_parm[i])] = ' ';
+
+    /*  Look for the user in the password file */
+    if ((pw = k_getpwnam(p->user)) == NULL)
+	return (pop_msg(p,POP_FAILURE,
+			"Password supplied for \"%s\" is incorrect.",
+			p->user));
+
+    if (p->kerberosp) {
+#ifdef KRB4
+	if (p->version == 4) {
+	    if(kuserok (&p->kdata, p->user)) {
+		pop_log(p, POP_PRIORITY,
+			"%s: (%s.%s@%s) tried to retrieve mail for %s.",
+			p->client, p->kdata.pname, p->kdata.pinst,
+			p->kdata.prealm, p->user);
+		return(pop_msg(p,POP_FAILURE,
+			       "Popping not authorized"));
+	    }
+	    pop_log(p, POP_INFO, "%s: %s.%s@%s -> %s",
+		    p->ipaddr,
+		    p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
+		    p->user);
+	} else
+#endif /* KRB4 */
+#ifdef KRB5
+	if (p->version == 5) {
+	    char *name;
+	    
+	    if (!krb5_kuserok (p->context, p->principal, p->user)) {
+		pop_log (p, POP_PRIORITY,
+			 "krb5 permission denied");
+		return pop_msg(p, POP_FAILURE,
+			       "Popping not authorized");
+	    }
+	    if(krb5_unparse_name (p->context, p->principal, &name) == 0) {
+		pop_log(p, POP_INFO, "%s: %s -> %s",
+			p->ipaddr, name, p->user);
+		free (name);
+	    }
+	} else {
+	    pop_log (p, POP_PRIORITY, "kerberos authentication failed");
+	    return pop_msg (p, POP_FAILURE,
+			    "kerberos authentication failed");
+	}
+#endif
+	{ }
+    } else {
+	 /*  We don't accept connections from users with null passwords */
+	 if (pw->pw_passwd == NULL)
+	      return (pop_msg(p,
+			      POP_FAILURE,
+			      "Password supplied for \"%s\" is incorrect.",
+			      p->user));
+
+#ifdef OTP
+	 if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
+	     /* pass OK */;
+	 else
+#endif
+	 /*  Compare the supplied password with the password file entry */
+	 if (p->auth_level != AUTH_NONE)
+	     return pop_msg(p, POP_FAILURE,
+			    "Password supplied for \"%s\" is incorrect.",
+			    p->user);
+	 else if (!strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd))
+	     /* pass OK */;
+	 else {
+	     int ret = -1;
+#ifdef KRB4
+	     ret = krb4_verify_password (p);
+#endif
+#ifdef KRB5
+	     if(ret)
+		 ret = krb5_verify_password (p);
+#endif
+	     if(ret)
+		 return pop_msg(p, POP_FAILURE,
+				"Password incorrect");
+	 }
+    }
+    pop_log(p, POP_INFO, "login from %s as %s",
+	    p->ipaddr, p->user);
+
+    /*  Build the name of the user's maildrop */
+    snprintf(p->drop_name, sizeof(p->drop_name), "%s/%s", POP_MAILDIR, p->user);
+
+    if(stat(p->drop_name, &st) < 0 || !S_ISDIR(st.st_mode)){
+	/*  Make a temporary copy of the user's maildrop */
+	/*    and set the group and user id */
+	if (pop_dropcopy(p, pw) != POP_SUCCESS) return (POP_FAILURE);
+	
+	/*  Get information about the maildrop */
+	if (pop_dropinfo(p) != POP_SUCCESS) return(POP_FAILURE);
+    } else {
+	if(changeuser(p, pw) != POP_SUCCESS) return POP_FAILURE;
+	if(pop_maildir_info(p) != POP_SUCCESS) return POP_FAILURE;
+    }
+    /*  Initialize the last-message-accessed number */
+    p->last_msg = 0;
+
+    /*  Authorization completed successfully */
+    return (pop_msg (p, POP_SUCCESS,
+		     "%s has %d message(s) (%ld octets).",
+		     p->user, p->msg_count, p->drop_size));
+}
diff --git a/crypto/heimdal/appl/popper/pop_quit.c b/crypto/heimdal/appl/popper/pop_quit.c
new file mode 100644
index 0000000..429b181
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_quit.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_quit.c,v 1.7 1996/11/19 22:48:30 assar Exp $");
+
+/* 
+ *  quit:   Terminate a POP session
+ */
+
+int
+pop_quit (POP *p)
+{
+    /*  Release the message information list */
+    if (p->mlp) free (p->mlp);
+
+    return(POP_SUCCESS);
+}
diff --git a/crypto/heimdal/appl/popper/pop_rset.c b/crypto/heimdal/appl/popper/pop_rset.c
new file mode 100644
index 0000000..6888ebf
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_rset.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_rset.c,v 1.9 1998/04/23 17:38:08 joda Exp $");
+
+/* 
+ *  rset:   Unflag all messages flagged for deletion in a POP maildrop
+ */
+
+int
+pop_rset (POP *p)
+{
+    MsgInfoList     *   mp;         /*  Pointer to the message info list */
+    int		        i;
+
+    /*  Unmark all the messages */
+    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++)
+        mp->flags &= ~DEL_FLAG;
+    
+    /*  Reset the messages-deleted and bytes-deleted counters */
+    p->msgs_deleted = 0;
+    p->bytes_deleted = 0;
+    
+    /*  Reset the last-message-access flag */
+    p->last_msg = 0;
+
+    return (pop_msg(p,POP_SUCCESS,"Maildrop has %u messages (%ld octets)",
+		    p->msg_count, p->drop_size));
+}
diff --git a/crypto/heimdal/appl/popper/pop_send.c b/crypto/heimdal/appl/popper/pop_send.c
new file mode 100644
index 0000000..166b990
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_send.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_send.c,v 1.25 1999/03/05 14:14:28 joda Exp $");
+
+/*
+ *  sendline:   Send a line of a multi-line response to a client.
+ */
+static int
+pop_sendline(POP *p, char *buffer)
+{
+    char        *   bp;
+
+    /*  Byte stuff lines that begin with the termination octet */
+    if (*buffer == POP_TERMINATE) 
+      fputc(POP_TERMINATE,p->output);
+
+    /*  Look for a <NL> in the buffer */
+    if ((bp = strchr(buffer, '\n')))
+      *bp = 0;
+
+    /*  Send the line to the client */
+    fputs(buffer,p->output);
+
+#ifdef DEBUG
+    if(p->debug)
+      pop_log(p,POP_DEBUG,"Sending line \"%s\"",buffer);
+#endif /* DEBUG */
+
+    /*  Put a <CR><NL> if a newline was removed from the buffer */
+    if (bp)
+      fputs ("\r\n",p->output);
+    return bp != NULL;
+}
+
+/* 
+ *  send:   Send the header and a specified number of lines 
+ *          from a mail message to a POP client.
+ */
+
+int
+pop_send(POP *p)
+{
+    MsgInfoList         *   mp;         /*  Pointer to message info list */
+    int		            msg_num;
+    int			    msg_lines;
+    char                    buffer[MAXMSGLINELEN];
+#ifdef RETURN_PATH_HANDLING
+    char		*   return_path_adr;
+    char		*   return_path_end;
+    int			    return_path_sent;
+    int			    return_path_linlen;
+#endif
+    int			sent_nl = 0;
+
+    /*  Convert the first parameter into an integer */
+    msg_num = atoi(p->pop_parm[1]);
+
+    /*  Is requested message out of range? */
+    if ((msg_num < 1) || (msg_num > p->msg_count))
+        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_num));
+
+    /*  Get a pointer to the message in the message list */
+    mp = &p->mlp[msg_num-1];
+
+    /*  Is the message flagged for deletion? */
+    if (mp->flags & DEL_FLAG)
+        return (pop_msg (p,POP_FAILURE,
+			 "Message %d has been deleted.",msg_num));
+
+    /*  If this is a TOP command, get the number of lines to send */
+    if (strcmp(p->pop_command, "top") == 0) {
+        /*  Convert the second parameter into an integer */
+        msg_lines = atoi(p->pop_parm[2]);
+    }
+    else {
+        /*  Assume that a RETR (retrieve) command was issued */
+        msg_lines = -1;
+        /*  Flag the message as retreived */
+        mp->flags |= RETR_FLAG;
+    }
+    
+    /*  Display the number of bytes in the message */
+    pop_msg(p, POP_SUCCESS, "%ld octets", mp->length);
+
+    if(IS_MAILDIR(p)) {
+	int e = pop_maildir_open(p, mp);
+	if(e != POP_SUCCESS)
+	    return e;
+    }
+
+    /*  Position to the start of the message */
+    fseek(p->drop, mp->offset, 0);
+
+    return_path_sent = 0;
+
+    if(!IS_MAILDIR(p)) {
+	/*  Skip the first line (the sendmail "From" line) */
+	fgets (buffer,MAXMSGLINELEN,p->drop);
+
+#ifdef RETURN_PATH_HANDLING
+	if (strncmp(buffer,"From ",5) == 0) {
+	    return_path_linlen = strlen(buffer);
+	    for (return_path_adr = buffer+5;
+		 (*return_path_adr == ' ' || *return_path_adr == '\t') &&
+		     return_path_adr < buffer + return_path_linlen;
+		 return_path_adr++)
+		;
+	    if (return_path_adr < buffer + return_path_linlen) {
+		if ((return_path_end = strchr(return_path_adr, ' ')) != NULL)
+		    *return_path_end = '\0';
+		if (strlen(return_path_adr) != 0 && *return_path_adr != '\n') {
+		    static char tmpbuf[MAXMSGLINELEN + 20];
+		    if (snprintf (tmpbuf,
+				  sizeof(tmpbuf),
+				  "Return-Path: %s\n",
+				  return_path_adr) < MAXMSGLINELEN) {
+			pop_sendline (p,tmpbuf);
+			if (hangup)
+			    return pop_msg (p, POP_FAILURE,
+					    "SIGHUP or SIGPIPE flagged");
+			return_path_sent++;
+		    }
+		}
+	    }
+	}
+#endif
+    }
+
+    /*  Send the header of the message followed by a blank line */
+    while (fgets(buffer,MAXMSGLINELEN,p->drop)) {
+#ifdef RETURN_PATH_HANDLING
+	/* Don't send existing Return-Path-header if already sent own */
+	if (!return_path_sent || strncasecmp(buffer, "Return-Path:", 12) != 0)
+#endif
+	    sent_nl = pop_sendline (p,buffer);
+        /*  A single newline (blank line) signals the 
+            end of the header.  sendline() converts this to a NULL, 
+            so that's what we look for. */
+        if (*buffer == 0) break;
+        if (hangup)
+	    return (pop_msg (p,POP_FAILURE,"SIGHUP or SIGPIPE flagged"));
+    }
+    /*  Send the message body */
+    {
+	int blank_line = 1;
+	while (fgets(buffer, MAXMSGLINELEN-1, p->drop)) {
+	    /*  Look for the start of the next message */
+	    if (!IS_MAILDIR(p) && blank_line && strncmp(buffer,"From ",5) == 0)
+		break;
+	    blank_line = (strncmp(buffer, "\n", 1) == 0);
+	    /*  Decrement the lines sent (for a TOP command) */
+	    if (msg_lines >= 0 && msg_lines-- == 0) break;
+	    sent_nl = pop_sendline(p,buffer);
+	    if (hangup)
+		return (pop_msg (p,POP_FAILURE,"SIGHUP or SIGPIPE flagged"));
+	}
+	/* add missing newline at end */
+	if(!sent_nl)
+	    fputs("\r\n", p->output);
+	/* some pop-clients want a blank line at the end of the
+           message, we always add one here, but what the heck -- in
+           outer (white) space, no one can hear you scream */
+	if(IS_MAILDIR(p))
+	    fputs("\r\n", p->output);
+    }
+    /*  "." signals the end of a multi-line transmission */
+    fputs(".\r\n",p->output);
+    fflush(p->output);
+
+    return(POP_SUCCESS);
+}
diff --git a/crypto/heimdal/appl/popper/pop_stat.c b/crypto/heimdal/appl/popper/pop_stat.c
new file mode 100644
index 0000000..9ab2800
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_stat.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_stat.c,v 1.7 1997/05/11 11:04:35 assar Exp $");
+
+/* 
+ *  stat:   Display the status of a POP maildrop to its client
+ */
+
+int
+pop_stat (POP *p)
+{
+#ifdef DEBUG
+    if (p->debug) pop_log(p,POP_DEBUG,"%d message(s) (%ld octets).",
+			  p->msg_count-p->msgs_deleted,
+			  p->drop_size-p->bytes_deleted);
+#endif /* DEBUG */
+    return (pop_msg (p,POP_SUCCESS,
+		     "%d %ld",
+		     p->msg_count-p->msgs_deleted,
+		     p->drop_size-p->bytes_deleted));
+}
diff --git a/crypto/heimdal/appl/popper/pop_uidl.c b/crypto/heimdal/appl/popper/pop_uidl.c
new file mode 100644
index 0000000..42dc12d
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_uidl.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_uidl.c,v 1.9 1999/12/02 16:58:33 joda Exp $");
+
+#ifdef UIDL
+/* 
+ *  uidl:   Uidl the contents of a POP maildrop
+ */
+
+int
+pop_uidl (POP *p)
+{
+    MsgInfoList         *   mp;         /*  Pointer to message info list */
+    int		            i;
+    int			    msg_num;
+
+    /*  Was a message number provided? */
+    if (p->parm_count > 0) {
+        msg_num = atoi(p->pop_parm[1]);
+
+        /*  Is requested message out of range? */
+        if ((msg_num < 1) || (msg_num > p->msg_count))
+            return (pop_msg (p,POP_FAILURE,
+                "Message %d does not exist.",msg_num));
+
+        /*  Get a pointer to the message in the message list */
+        mp = &p->mlp[msg_num-1];
+
+        /*  Is the message already flagged for deletion? */
+        if (mp->flags & DEL_FLAG)
+            return (pop_msg (p,POP_FAILURE,
+                "Message %d has been deleted.",msg_num));
+
+        /*  Display message information */
+        return (pop_msg(p,POP_SUCCESS,"%u %s",msg_num,mp->msg_id));
+    }
+    
+    /*  Display the entire list of messages */
+    pop_msg(p,POP_SUCCESS,
+	    "%d messages (%ld octets)",
+            p->msg_count-p->msgs_deleted,
+	    p->drop_size-p->bytes_deleted);
+
+    /*  Loop through the message information list.  Skip deleted messages */
+    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
+        if (!(mp->flags & DEL_FLAG)) 
+            fprintf(p->output,"%u %s\r\n",mp->number,mp->msg_id);
+    }
+
+    /*  "." signals the end of a multi-line transmission */
+    fprintf(p->output,".\r\n");
+    fflush(p->output);
+
+    return(POP_SUCCESS);
+}
+#endif /* UIDL */
diff --git a/crypto/heimdal/appl/popper/pop_updt.c b/crypto/heimdal/appl/popper/pop_updt.c
new file mode 100644
index 0000000..0130132
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_updt.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_updt.c,v 1.19 1998/04/23 18:36:51 joda Exp $");
+
+static char standard_error[] =
+    "Error error updating primary drop. Mailbox unchanged";
+
+/* 
+ *  updt:   Apply changes to a user's POP maildrop
+ */
+
+int
+pop_updt (POP *p)
+{
+    FILE                *   md;                     /*  Stream pointer for 
+                                                        the user's maildrop */
+    int                     mfd;                    /*  File descriptor for
+                                                        above */
+    char                    buffer[BUFSIZ];         /*  Read buffer */
+
+    MsgInfoList         *   mp;                     /*  Pointer to message 
+                                                        info list */
+    int		            msg_num;                /*  Current message 
+                                                        counter */
+    int			    status_written;         /*  Status header field 
+                                                        written */
+    int                     nchar;                  /* Bytes read/written */
+
+    long                    offset;                 /* New mail offset */
+
+    int			    blank_line;
+
+#ifdef DEBUG
+    if (p->debug) {
+        pop_log(p,POP_DEBUG,"Performing maildrop update...");
+        pop_log(p,POP_DEBUG,"Checking to see if all messages were deleted");
+    }
+#endif /* DEBUG */
+
+    if(IS_MAILDIR(p))
+	return pop_maildir_update(p);
+
+    if (p->msgs_deleted == p->msg_count) {
+        /* Truncate before close, to avoid race condition,  DO NOT UNLINK!
+           Another process may have opened,  and not yet tried to lock */
+        ftruncate ((int)fileno(p->drop),0);
+        fclose(p->drop) ;
+        return (POP_SUCCESS);
+    }
+
+#ifdef DEBUG
+    if (p->debug) 
+        pop_log(p,POP_DEBUG,"Opening mail drop \"%s\"",p->drop_name);
+#endif /* DEBUG */
+
+    /*  Open the user's real maildrop */
+    if ((mfd = open(p->drop_name,O_RDWR|O_CREAT,0600)) == -1 ||
+        (md = fdopen(mfd,"r+")) == NULL) {
+        return pop_msg(p,POP_FAILURE,standard_error);
+    }
+
+    /*  Lock the user's real mail drop */
+    if ( flock(mfd, LOCK_EX) == -1 ) {
+        fclose(md) ;
+        return pop_msg(p,POP_FAILURE, "flock: '%s': %s", p->temp_drop,
+		       strerror(errno));
+    }
+
+    /* Go to the right places */
+    offset = lseek((int)fileno(p->drop),0,SEEK_END) ; 
+
+    /*  Append any messages that may have arrived during the session 
+        to the temporary maildrop */
+    while ((nchar=read(mfd,buffer,BUFSIZ)) > 0)
+        if ( nchar != write((int)fileno(p->drop),buffer,nchar) ) {
+            nchar = -1;
+            break ;
+        }
+    if ( nchar != 0 ) {
+        fclose(md) ;
+        ftruncate((int)fileno(p->drop),(int)offset) ;
+        fclose(p->drop) ;
+        return pop_msg(p,POP_FAILURE,standard_error);
+    }
+
+    rewind(md);
+    lseek(mfd,0,SEEK_SET);
+    ftruncate(mfd,0) ;
+
+    /* Synch stdio and the kernel for the POP drop */
+    rewind(p->drop);
+    lseek((int)fileno(p->drop),0,SEEK_SET);
+
+    /*  Transfer messages not flagged for deletion from the temporary 
+        maildrop to the new maildrop */
+#ifdef DEBUG
+    if (p->debug) 
+        pop_log(p,POP_DEBUG,"Creating new maildrop \"%s\" from \"%s\"",
+                p->drop_name,p->temp_drop);
+#endif /* DEBUG */
+
+    for (msg_num = 0; msg_num < p->msg_count; ++msg_num) {
+
+        int doing_body;
+
+        /*  Get a pointer to the message information list */
+        mp = &p->mlp[msg_num];
+
+        if (mp->flags & DEL_FLAG) {
+#ifdef DEBUG
+            if(p->debug)
+                pop_log(p,POP_DEBUG,
+                    "Message %d flagged for deletion.",mp->number);
+#endif /* DEBUG */
+            continue;
+        }
+
+        fseek(p->drop,mp->offset,0);
+
+#ifdef DEBUG
+        if(p->debug)
+            pop_log(p,POP_DEBUG,"Copying message %d.",mp->number);
+#endif /* DEBUG */
+	blank_line = 1;
+        for(status_written = doing_body = 0 ;
+            fgets(buffer,MAXMSGLINELEN,p->drop);) {
+
+            if (doing_body == 0) { /* Header */
+
+                /*  Update the message status */
+                if (strncasecmp(buffer,"Status:",7) == 0) {
+                    if (mp->flags & RETR_FLAG)
+                        fputs("Status: RO\n",md);
+                    else
+                        fputs(buffer, md);
+                    status_written++;
+                    continue;
+                }
+                /*  A blank line signals the end of the header. */
+                if (*buffer == '\n') {
+                    doing_body = 1;
+                    if (status_written == 0) {
+                        if (mp->flags & RETR_FLAG)
+                            fputs("Status: RO\n\n",md);
+                        else
+                            fputs("Status: U\n\n",md);
+                    }
+                    else fputs ("\n", md);
+                    continue;
+                }
+                /*  Save another header line */
+                fputs (buffer, md);
+            } 
+            else { /* Body */ 
+                if (blank_line && strncmp(buffer,"From ",5) == 0) break;
+                fputs (buffer, md);
+		blank_line = (*buffer == '\n');
+            }
+        }
+    }
+
+    /* flush and check for errors now!  The new mail will writen
+       without stdio,  since we need not separate messages */
+
+    fflush(md) ;
+    if (ferror(md)) {
+        ftruncate(mfd,0) ;
+        fclose(md) ;
+        fclose(p->drop) ;
+        return pop_msg(p,POP_FAILURE,standard_error);
+    }
+
+    /* Go to start of new mail if any */
+    lseek((int)fileno(p->drop),offset,SEEK_SET);
+
+    while((nchar=read((int)fileno(p->drop),buffer,BUFSIZ)) > 0)
+        if ( nchar != write(mfd,buffer,nchar) ) {
+            nchar = -1;
+            break ;
+        }
+    if ( nchar != 0 ) {
+        ftruncate(mfd,0) ;
+        fclose(md) ;
+        fclose(p->drop) ;
+        return pop_msg(p,POP_FAILURE,standard_error);
+    }
+
+    /*  Close the maildrop and empty temporary maildrop */
+    fclose(md);
+    ftruncate((int)fileno(p->drop),0);
+    fclose(p->drop);
+
+    return(pop_quit(p));
+}
diff --git a/crypto/heimdal/appl/popper/pop_user.c b/crypto/heimdal/appl/popper/pop_user.c
new file mode 100644
index 0000000..be771e6
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_user.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: pop_user.c,v 1.15 1999/09/16 20:38:50 assar Exp $");
+
+/* 
+ *  user:   Prompt for the user name at the start of a POP session
+ */
+
+int
+pop_user (POP *p)
+{
+    char ss[256];
+
+    strlcpy(p->user, p->pop_parm[1], sizeof(p->user));
+
+#ifdef OTP
+    if (otp_challenge (&p->otp_ctx, p->user, ss, sizeof(ss)) == 0) {
+	return pop_msg(p, POP_SUCCESS, "Password %s required for %s.",
+		       ss, p->user);
+    } else
+#endif
+    if (p->auth_level != AUTH_NONE) {
+	char *s = NULL;
+#ifdef OTP
+	s = otp_error(&p->otp_ctx);
+#endif
+	return pop_msg(p, POP_FAILURE, "Permission denied%s%s",
+		       s ? ":" : "", s ? s : "");
+    } else
+	return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user);
+}
diff --git a/crypto/heimdal/appl/popper/pop_xover.c b/crypto/heimdal/appl/popper/pop_xover.c
new file mode 100644
index 0000000..94936f9
--- /dev/null
+++ b/crypto/heimdal/appl/popper/pop_xover.c
@@ -0,0 +1,37 @@
+#include <popper.h>
+RCSID("$Id: pop_xover.c,v 1.4 1998/04/23 17:39:31 joda Exp $");
+
+int
+pop_xover (POP *p)
+{
+#ifdef XOVER
+    MsgInfoList         *   mp;         /*  Pointer to message info list */
+    int		            i;
+
+    pop_msg(p,POP_SUCCESS,
+	    "%d messages (%ld octets)",
+            p->msg_count-p->msgs_deleted,
+	    p->drop_size-p->bytes_deleted);
+    
+    /*  Loop through the message information list.  Skip deleted messages */
+    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
+        if (!(mp->flags & DEL_FLAG)) 
+            fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%u\r\n",
+		    mp->number,
+		    mp->subject,
+		    mp->from,
+		    mp->date, 
+		    mp->msg_id,
+		    mp->length,
+		    mp->lines);
+    }
+
+    /*  "." signals the end of a multi-line transmission */
+    fprintf(p->output,".\r\n");
+    fflush(p->output);
+
+    return(POP_SUCCESS);
+#else
+    return pop_msg(p, POP_FAILURE, "Command not implemented.");
+#endif
+}
diff --git a/crypto/heimdal/appl/popper/popper.8 b/crypto/heimdal/appl/popper/popper.8
new file mode 100644
index 0000000..30dc5b9
--- /dev/null
+++ b/crypto/heimdal/appl/popper/popper.8
@@ -0,0 +1,179 @@
+.\" Copyright (c) 1980 Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted
+.\" provided that this notice is preserved and that due credit is given
+.\" to the University of California at Berkeley. The name of the University
+.\" may not be used to endorse or promote products derived from this
+.\" software without specific prior written permission. This software
+.\" is provided ``as is'' without express or implied warranty.
+.\"
+.\" @(#)@(#)popper.8	2.3    2.3    (CCS)   4/2/91     Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n
+.\"
+.TH popper 8 "August 1990"
+.UC 6
+.ad
+.SH NAME
+popper \- pop 3 server
+.SH SYNOPSIS
+.B /usr/etc/popper
+[ -d ]
+[ -a ]
+[ -k ]
+[ -t trace-file]
+[ -i ]
+[ -p portnum]
+.SH DESCRIPTION
+.I Popper
+is an implementation of the Post Office Protocol server that runs on a
+variety of Unix computers to manage electronic mail for Macintosh
+and MS-DOS computers.  The server was developed at the University of
+California at Berkeley and conforms fully to the specifications in RFC
+1081 and RFC 1082.  The Berkeley server also has extensions to
+send electronic mail on behalf of a client.
+.PP
+The 
+.B \-d
+flag sets the socket to debugging and turns on debugging.  All debugging
+information is saved using syslog(8).  
+.PP
+The 
+.B \-t trace\-file
+flag turns on debugging and saves the trace information in
+.I trace\-file
+using fprintf(s).
+.PP
+The
+.B \-k
+flag tells popper to talk the kerberised POP protocol (KPOP).
+.PP
+The
+.B \-a
+flag tells popper not to accept any cleartext passwords, but only OTPs.
+.PP
+The
+.B \-i
+flag tells popper it has not been started by inetd and should create
+its own socket and listen on it.  This is useful for debugging.
+.PP
+The
+.B \-p portnum
+flag tells popper on which port it should listen for connections when
+creating a socket.
+.SH HOW TO OBTAIN THE SERVER
+.PP
+The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU
+(128.32.136.9, 128.32.206.12).  It is in two files in the pub directory:
+a compressed
+tar file popper.tar.Z and a Macintosh StuffIt archive in BinHex format
+called MacPOP.sit.hqx.
+.SH THE POP TRANSACTION CYCLE
+.PP
+The Berkeley POP server is a single program (called popper) that is
+launched by inetd when it gets a service request on the POP TCP port.
+(The official port number specified in RFC 1081 for POP version 3 is
+port 110.  However, some POP3 clients attempt to contact the server at
+port 109, the POP version 2 port.  Unless you are running both POP2 and
+POP3 servers, you can simply define both ports for use by the POP3
+server.  This is explained in the installation instructions later on.)
+The popper program initializes and verifies that the peer IP address is
+registered in the local domain, logging a warning message when a
+connection is made to a client whose IP address does not have a
+canonical name.  For systems using BSD 4.3 bind, it also checks to see
+if a cannonical name lookup for the client returns the same peer IP
+address, logging a warning message if it does not.  The the server
+enters the authorization state, during which the client must correctly
+identify itself by providing a valid Unix userid and password on the
+server's host machine.  No other exchanges are allowed during this
+state (other than a request to quit.)  If authentication fails, a
+warning message is logged and the session ends.  Once the user is
+identified, popper changes its user and group ids to match that of the
+user and enters the transaction state.  The server makes a temporary
+copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
+used for all subsequent transactions.  These include the bulk of POP
+commands to retrieve mail, delete mail, undelete mail, and so forth.  A
+Berkeley extension also allows the user to submit a mail parcel to the
+server who mails it using the sendmail program (this extension is
+supported in the HyperMail client distributed with the server).  When
+the client quits, the server enters the final update state during which
+the network connection is terminated and the user's maildrop is updated
+with the (possibly) modified temporary maildrop.
+.SH LOGGING
+.PP
+The POP server uses syslog to keep a record of its activities.  On
+systems with BSD 4.3 syslogging, the server logs (by default) to the
+"local0" facility at priority "notice" for all messages except
+debugging which is logged at priority "debug".  The default log file is
+/usr/spool/mqueue/POPlog.  These can be changed, if desired.  On
+systems with 4.2 syslogging all messages are logged to the local log
+file, usually /usr/spool/mqueue/syslog.
+.SH DEBUGGING
+.PP
+The popper program will log debugging information when the -d parameter
+is specified after its invocation in the inetd.conf file.  Care should
+be exercised in using this option since it generates considerable
+output in the syslog file.  Alternatively, the "-t <file-name>" option
+will place debugging information into file "<file-name>" using fprintf
+instead of syslog.
+.PP
+For SunOS version 3.5, the popper program is launched by inetd from
+/etc/servers.  This file does not allow you to specify command line
+arguments.  Therefore, if you want to enable debugging, you can specify
+a shell script in /etc/servers to be launched instead of popper and in
+this script call popper with the desired arguments.
+.PP
+You can confirm that the POP server is running on Unix by telneting to
+port 110 (or 109 if you set it up that way).  For example:
+.PP
+.nf
+%telnet myhost 110
+Trying...
+Connected to myhost.berkeley.edu.
+Escape character is '^]'.
++OK UCB Pop server (version 1.6) at myhost starting.
+quit
+Connection closed by foreign host.
+.fi
+.SH VERSION 1.7 RELEASE NOTES
+Extensive re-write of the maildrop processing code contributed by 
+Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
+possibility that the maildrop can be corrupted as the result of
+simultaneous access by two or more processes.
+.PP
+Added "pop_dropcopy" module to create a temporary maildrop from
+the existing, standard maildrop as root before the setuid and 
+setgid for the user is done.  This allows the temporary maildrop
+to be created in a mail spool area that is not world read-writable.
+.PP
+This version does *not* send the sendmail "From " delimiter line
+in response to a TOP or RETR command.
+.PP
+Encased all debugging code in #ifdef DEBUG constructs.  This code can
+be included by specifying the DEGUG compiler flag.  Note:  You still
+need to use the -d or -t option to obtain debugging output.
+.SH LIMITATIONS
+The POP server copies the user's entire maildrop to /tmp and
+then operates on that copy.  If the maildrop is particularly
+large, or inadequate space is available in /tmp, then the
+server will refuse to continue and terminate the connection.
+.PP
+Simultaneous modification of a single maildrop can result in 
+confusing results.  For example, manipulating messages in a
+maildrop using the Unix /usr/ucb/mail command while a copy of
+it is being processed by the POP server can cause the changes
+made by one program to be lost when the other terminates.  This
+problem is being worked on and will be fixed in a later
+release.
+.SH FILES
+.nf
+/usr/spool/mail         mail files
+/etc/inetd.conf         pop program invocation
+/etc/syslog.conf        logging specifications
+.fi
+.SH "SEE ALSO"
+inetd(8), 
+RFC1081, 
+RFC1082
+.SH AUTHORS
+Bob Campbell, Edward Moy, Austin Shelton, Marshall T Rose, and cast of
+thousands at Rand, UDel, UCI, and elsewhere
diff --git a/crypto/heimdal/appl/popper/popper.README.release b/crypto/heimdal/appl/popper/popper.README.release
new file mode 100644
index 0000000..c0b313e
--- /dev/null
+++ b/crypto/heimdal/appl/popper/popper.README.release
@@ -0,0 +1,45 @@
+Release Notes:
+
+popper-1.831beta is no longer beta	30 July 91
+	Removed popper-1.7.tar.Z
+
+popper-1.831beta.tar.Z	03 April 91
+	Changed mkstemp to mktemp for Ultrix.  Sigh.
+
+popper-1.83beta.tar.Z	02 April 91
+
+	This version makes certain that while running as root we do nothing
+	at all destructive.
+
+popper-1.82beta.tar.Z	27 March 91
+
+	This version fixes problems on Encore MultiMax and some Sun releases
+	which wouldn't allow a user to ftruncate() a file from an open
+	file descripter unless the user owns the file.  Now the user
+	owns the /usr/spool/mail/.userid.pop file.  Thanks to Ben Levy
+	of FTP Software and Henry Holtzman of Apple.
+
+popper-1.81beta.tar.Z	20 March 91
+
+	This version of popper is supposed to fix three problems reported
+	with various versions of popper (all called 1.7 or 1.7something).
+
+	1)  Dropped network connections meant lost mail files.  Some 1.7
+	    versions also risked corrupting mail files.
+
+	2)  Some versions of 1.7 created temporary drop files with world
+	    read and write permissions.
+
+	3)  Some versions of 1.7 were not careful about opening the temporary
+	    drop file.
+
+popper-1.7.tar.Z       09 September 90	(updated 20 March 91)
+
+	This version will exhibit the first problem listed above if it is
+	compiled with -DDEBUG and run without the "-d" (debug) flag.
+
+	If it is compiled without -DDEBUG it will exhibit only the second
+	and third bug listed above.
+
+Cliff Frost	poptest@nettlesome.berkeley.edu
+UC Berkeley
diff --git a/crypto/heimdal/appl/popper/popper.c b/crypto/heimdal/appl/popper/popper.c
new file mode 100644
index 0000000..28d6ab9
--- /dev/null
+++ b/crypto/heimdal/appl/popper/popper.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#include <popper.h>
+RCSID("$Id: popper.c,v 1.15 1997/05/11 11:04:37 assar Exp $");
+
+int hangup = FALSE ;
+
+static RETSIGTYPE
+catchSIGHUP(int sig)
+{
+    hangup = TRUE ;
+
+    /* This should not be a problem on BSD systems */
+    signal(SIGHUP,  catchSIGHUP);
+    signal(SIGPIPE, catchSIGHUP);
+    SIGRETURN(0);
+}
+
+int     pop_timeout = POP_TIMEOUT;
+
+jmp_buf env;
+
+static RETSIGTYPE
+ring(int sig)
+{
+  longjmp(env,1);
+}
+  
+/*
+ * fgets, but with a timeout
+ */
+static char *
+tgets(char *str, int size, FILE *fp, int timeout)
+{
+  signal(SIGALRM, ring);
+  alarm(timeout);
+  if (setjmp(env))
+    str = NULL;
+  else
+    str = fgets(str,size,fp);
+  alarm(0);
+  signal(SIGALRM,SIG_DFL);
+  return(str);
+}
+
+/* 
+ *  popper: Handle a Post Office Protocol version 3 session
+ */
+int
+main (int argc, char **argv)
+{
+    POP                 p;
+    state_table     *   s;
+    char                message[MAXLINELEN];
+
+    signal(SIGHUP,  catchSIGHUP);
+    signal(SIGPIPE, catchSIGHUP);
+
+    /*  Start things rolling */
+    pop_init(&p,argc,argv);
+
+    /*  Tell the user that we are listenting */
+    pop_msg(&p,POP_SUCCESS,
+        "UCB based pop server (version %s at %s) starting.",VERSION,p.myhost);
+
+    /*  State loop.  The POP server is always in a particular state in 
+        which a specific suite of commands can be executed.  The following 
+        loop reads a line from the client, gets the command, and processes 
+        it in the current context (if allowed) or rejects it.  This continues 
+        until the client quits or an error occurs. */
+
+    for (p.CurrentState=auth1;p.CurrentState!=halt&&p.CurrentState!=error;) {
+        if (hangup) {
+            pop_msg(&p, POP_FAILURE, "POP hangup: %s", p.myhost);
+            if (p.CurrentState > auth2 && !pop_updt(&p))
+                pop_msg(&p, POP_FAILURE,
+			"POP mailbox update failed: %s", p.myhost);
+            p.CurrentState = error;
+        } else if (tgets(message, MAXLINELEN, p.input, pop_timeout) == NULL) {
+	    pop_msg(&p, POP_FAILURE, "POP timeout: %s", p.myhost);
+	    if (p.CurrentState > auth2 && !pop_updt(&p))
+                pop_msg(&p,POP_FAILURE,
+			"POP mailbox update failed: %s", p.myhost);
+            p.CurrentState = error;
+        }
+        else {
+            /*  Search for the command in the command/state table */
+            if ((s = pop_get_command(&p,message)) == NULL) continue;
+
+            /*  Call the function associated with this command in 
+                the current state */
+            if (s->function) p.CurrentState = s->result[(*s->function)(&p)];
+
+            /*  Otherwise assume NOOP and send an OK message to the client */
+            else {
+                p.CurrentState = s->success_state;
+                pop_msg(&p,POP_SUCCESS,NULL);
+            }
+        }       
+    }
+
+    /*  Say goodbye to the client */
+    pop_msg(&p,POP_SUCCESS,"Pop server at %s signing off.",p.myhost);
+
+    /*  Log the end of activity */
+    pop_log(&p,POP_PRIORITY,
+        "(v%s) Ending request from \"%s\" at %s\n",VERSION,p.client,p.ipaddr);
+
+    /*  Stop logging */
+    closelog();
+
+    return(0);
+}
diff --git a/crypto/heimdal/appl/popper/popper.h b/crypto/heimdal/appl/popper/popper.h
new file mode 100644
index 0000000..22707da
--- /dev/null
+++ b/crypto/heimdal/appl/popper/popper.h
@@ -0,0 +1,347 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ *
+ * static char copyright[] = "Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n";
+ * static char SccsId[] = "@(#)@(#)popper.h	2.2  2.2 4/2/91";
+ *
+ */
+
+/* $Id: popper.h,v 1.49 1999/08/12 11:37:55 joda Exp $ */
+
+/* 
+ *  Header file for the POP programs
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#define UIDL
+#define XOVER
+#define XDELE
+#define DEBUG
+#define RETURN_PATH_HANDLING
+#endif
+
+/* Common include files */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <ctype.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include "version.h"
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+#ifdef KRB4
+#include <krb.h>
+#include <prot.h>
+#endif
+#ifdef KRB5
+#include <krb5.h>
+#endif
+
+#define MAXUSERNAMELEN  65
+#define MAXDROPLEN      64
+#define MAXLINELEN      1024
+#define MAXMSGLINELEN   1024
+#define MAXCMDLEN       4
+#define MAXPARMCOUNT    10
+#define MAXPARMLEN      10
+#define ALLOC_MSGS  20
+#define MAIL_COMMAND    "/usr/lib/sendmail"
+
+#define POP_FACILITY    LOG_LOCAL0
+#define POP_PRIORITY    LOG_NOTICE
+#define POP_DEBUG       LOG_DEBUG
+#define POP_INFO	LOG_INFO
+#define POP_LOGOPTS     0
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+
+#ifdef OTP
+#include <otp.h>
+#endif
+
+#if defined(KRB4_MAILDIR)
+#define POP_MAILDIR	KRB4_MAILDIR
+#elif defined(_PATH_MAILDIR)
+#define POP_MAILDIR     _PATH_MAILDIR
+#elif defined(MAILDIR)
+#define POP_MAILDIR	MAILDIR
+#else
+#define POP_MAILDIR	"/usr/spool/mail"
+#endif
+
+#define POP_DROP        POP_MAILDIR "/.%s.pop"
+	/* POP_TMPSIZE needs to be big enough to hold the string
+	 * defined by POP_TMPDROP.  POP_DROP and POP_TMPDROP
+	 * must be in the same filesystem.
+	 */
+#define POP_TMPDROP     POP_MAILDIR "/tmpXXXXXX"
+#define POP_TMPSIZE	256
+#define POP_TMPXMIT     "/tmp/xmitXXXXXX"
+#define POP_OK          "+OK"
+#define POP_ERR         "-ERR"
+#define POP_SUCCESS     1
+#define POP_FAILURE     0
+#define POP_TERMINATE   '.'
+#define POP_TIMEOUT     120     /* timeout connection after this many secs */
+
+extern int              pop_timeout;
+
+extern int              hangup;
+
+#define AUTH_NONE 0
+#define AUTH_OTP  1
+
+#define pop_command         pop_parm[0]     /*  POP command is first token */
+#define pop_subcommand      pop_parm[1]     /*  POP XTND subcommand is the 
+                                                second token */
+
+typedef enum {                              /*  POP processing states */
+    auth1,                                  /*  Authorization: waiting for 
+                                                USER command */
+    auth2,                                  /*  Authorization: waiting for 
+                                                PASS command */
+    trans,                                  /*  Transaction */
+    update,                                 /*  Update:  session ended, 
+                                                process maildrop changes */
+    halt,                                   /*  (Halt):  stop processing 
+                                                and exit */
+    error                                   /*  (Error): something really 
+                                                bad happened */
+} state;
+
+
+#define DEL_FLAG	1
+#define RETR_FLAG	2
+#define NEW_FLAG	4
+
+typedef struct {                                /*  Message information */
+    int         number;                         /*  Message number relative to 
+                                                    the beginning of list */
+    long        length;                         /*  Length of message in 
+                                                    bytes */
+    int         lines;                          /*  Number of (null-terminated)                                                     lines in the message */
+    long        offset;                         /*  Offset from beginning of 
+                                                    file */
+    unsigned	flags;
+
+#if defined(UIDL) || defined(XOVER)
+    char        *msg_id;	                /*  The POP UIDL uniqueifier */
+#endif
+#ifdef XOVER
+    char	*subject;
+    char	*from;
+    char	*date;
+#endif
+    char	*name;
+} MsgInfoList;
+
+#define IS_MAILDIR(P) ((P)->temp_drop[0] == '\0')
+
+typedef struct  {                               /*  POP parameter block */
+    int                 debug;                  /*  Debugging requested */
+    char            *   myname;                 /*  The name of this POP 
+                                                    daemon program */
+    char                myhost[MaxHostNameLen]; /*  The name of our host 
+                                                    computer */
+    char		client[MaxHostNameLen];	/*  Canonical name of client 
+                                                    computer */
+    char                ipaddr[MaxHostNameLen];	/*  Dotted-notation format of 
+                                                    client IP address */
+    unsigned short      ipport;                 /*  Client port for privileged 
+                                                    operations */
+    char                user[MAXUSERNAMELEN];   /*  Name of the POP user */
+    state               CurrentState;           /*  The current POP operational                                                     state */
+    MsgInfoList     *   mlp;                    /*  Message information list */
+    int                 msg_count;              /*  Number of messages in 
+                                                    the maildrop */
+    int                 msgs_deleted;           /*  Number of messages flagged 
+                                                    for deletion */
+    int                 last_msg;               /*  Last message touched by 
+                                                    the user */
+    long                bytes_deleted;          /*  Number of maildrop bytes 
+                                                    flagged for deletion */
+    char                drop_name[MAXDROPLEN];  /*  The name of the user's 
+                                                    maildrop */
+    char                temp_drop[MAXDROPLEN];  /*  The name of the user's 
+                                                    temporary maildrop */
+    long                drop_size;              /*  Size of the maildrop in
+                                                    bytes */
+    FILE            *   drop;                   /*  (Temporary) mail drop */
+    FILE            *   input;                  /*  Input TCP/IP communication 
+                                                    stream */
+    FILE            *   output;                 /*  Output TCP/IP communication                                                     stream */
+    FILE            *   trace;                  /*  Debugging trace file */
+    char            *   pop_parm[MAXPARMCOUNT]; /*  Parse POP parameter list */
+    int                 parm_count;             /*  Number of parameters in 
+                                                    parsed list */
+    int			kerberosp;		/*  Using KPOP? */
+#ifdef KRB4
+    AUTH_DAT		kdata;
+#endif
+#ifdef KRB5
+    krb5_context	context;
+    krb5_principal	principal;              /*  principal auth as */
+    krb5_log_facility*  logf;
+#endif
+    int			version;                /*  4 or 5? */
+    int			auth_level;		/*  Dont allow cleartext */
+#ifdef OTP
+    OtpContext		otp_ctx;		/*  OTP context */
+#endif
+} POP;
+
+typedef struct {                                /*  State information for 
+                                                    each POP command */
+    state       ValidCurrentState;              /*  The operating state of 
+                                                    the command */
+    char   *    command;                        /*  The POP command */
+    int         min_parms;                      /*  Minimum number of parms 
+                                                    for the command */
+    int         max_parms;                      /*  Maximum number of parms 
+                                                    for the command */
+    int         (*function) ();                 /*  The function that process 
+                                                    the command */
+    state       result[2];                      /*  The resulting state after 
+                                                    command processing */
+#define success_state   result[0]               /*  State when a command 
+                                                    succeeds */
+} state_table;
+
+typedef struct {                                /*  Table of extensions */
+    char   *    subcommand;                     /*  The POP XTND subcommand */
+    int         min_parms;                      /*  Minimum number of parms for
+                                                    the subcommand */
+    int         max_parms;                      /*  Maximum number of parms for
+                                                    the subcommand */
+    int         (*function) ();                 /*  The function that processes 
+                                                    the subcommand */
+} xtnd_table;
+
+int pop_dele(POP *p);
+int pop_dropcopy(POP *p, struct passwd *pwp);
+int pop_dropinfo(POP *p);
+int pop_init(POP *p,int argcount,char **argmessage);
+int pop_last(POP *p);
+int pop_list(POP *p);
+int pop_parse(POP *p, char *buf);
+int pop_pass(POP *p);
+int pop_quit(POP *p);
+int pop_rset(POP *p);
+int pop_send(POP *p);
+int pop_stat(POP *p);
+int pop_updt(POP *p);
+int pop_user(POP *p);
+#ifdef UIDL
+int pop_uidl(POP *p);
+#endif
+#ifdef XOVER
+int pop_xover(POP *p);
+#endif
+#ifdef XDELE
+int pop_xdele(POP *p);
+#endif
+int pop_help(POP *p);
+state_table *pop_get_command(POP *p, char *mp);
+void pop_lower(char *buf);
+
+int pop_log(POP *p, int stat, char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 4)))
+#endif
+;
+
+int pop_msg(POP *p, int stat, char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 4)))
+#endif
+;
+
+int pop_maildir_info (POP*);
+int pop_maildir_open (POP*, MsgInfoList*);
+int pop_maildir_update (POP*);
+
+int changeuser(POP*, struct passwd*);
+void parse_header(MsgInfoList*, char*);
+int add_missing_headers(POP*, MsgInfoList*);
diff --git a/crypto/heimdal/appl/popper/version.h b/crypto/heimdal/appl/popper/version.h
new file mode 100644
index 0000000..1b5d135
--- /dev/null
+++ b/crypto/heimdal/appl/popper/version.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ *
+ * static char copyright[] = "Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n";
+ * static char SccsId[] = "@(#)@(#)version.h	2.6  2.6 4/3/91";
+ *
+ */
+
+/* $Id: version.h,v 1.5 1997/08/08 22:50:13 assar Exp $ */
+
+/*
+ *  Current version of this POP implementation
+ */
+
+#if 0
+#define VERSION         krb4_version
+#endif
diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in
index e677966..5dd6d72 100644
--- a/crypto/heimdal/appl/push/Makefile.in
+++ b/crypto/heimdal/appl/push/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_SCRIPTS = pfrom
@@ -250,7 +253,7 @@ OBJECTS = $(am_push_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/push/Makefile
 
@@ -440,6 +443,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1
index 6f4110c..89af229 100644
--- a/crypto/heimdal/appl/push/pfrom.1
+++ b/crypto/heimdal/appl/push/pfrom.1
@@ -1,4 +1,4 @@
-.\" $Id: pfrom.1,v 1.2 2000/11/29 18:26:27 joda Exp $
+.\" $Id: pfrom.1,v 1.3 2001/05/02 08:59:21 assar Exp $
 .\"
 .Dd Mars 4, 2000
 .Dt PFROM 1
diff --git a/crypto/heimdal/appl/push/pfrom.cat1 b/crypto/heimdal/appl/push/pfrom.cat1
new file mode 100644
index 0000000..8abf68a
--- /dev/null
+++ b/crypto/heimdal/appl/push/pfrom.cat1
@@ -0,0 +1,17 @@
+
+PFROM(1)                     UNIX Reference Manual                    PFROM(1)
+
+NNAAMMEE
+     ppffrroomm - fetch a list of the current mail via POP
+
+SSYYNNOOPPSSIISS
+     ppffrroomm [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--cc | ----ccoouunntt]
+     [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-_s_p_e_c]
+
+DDEESSCCRRIIPPTTIIOONN
+     ppffrroomm is a script that does push --from.
+
+SSEEEE AALLSSOO
+     push(8)
+
+ HEIMDAL                         Mars 4, 2000                                1
diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8
index f9e36dd..3915fe5 100644
--- a/crypto/heimdal/appl/push/push.8
+++ b/crypto/heimdal/appl/push/push.8
@@ -1,4 +1,4 @@
-.\" $Id: push.8,v 1.8 2001/01/11 16:16:28 assar Exp $
+.\" $Id: push.8,v 1.10 2001/05/15 12:14:24 assar Exp $
 .\"
 .Dd May 31, 1998
 .Dt PUSH 8
@@ -103,7 +103,7 @@ points to the post office, if no other hostname is specified.
 .\".Sh FILES
 .Sh EXAMPLES
 .Bd -literal -offset indent
-$ push cornfield:roosta ~/.gnus-crash-box
+$ push cornfield:roosta ~/.emacs-mail-crash-box
 .Ed
 .Pp
 tries to fetch mail for the user
@@ -111,7 +111,7 @@ tries to fetch mail for the user
 from the post office at
 .Dq cornfield ,
 and stores the mail in
-.Pa ~/.gnus-crash-box  
+.Pa ~/.emacs-mail-crash-box
 (you are using Gnus, aren't you?)
 .Bd -literal -offset indent
 $ push --from -5 havregryn
diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c
index 4e9a7d1..eb4b814 100644
--- a/crypto/heimdal/appl/push/push.c
+++ b/crypto/heimdal/appl/push/push.c
@@ -32,7 +32,7 @@
  */
 
 #include "push_locl.h"
-RCSID("$Id: push.c,v 1.43 2000/12/31 07:35:59 assar Exp $");
+RCSID("$Id: push.c,v 1.44 2001/02/20 01:44:47 assar Exp $");
 
 #ifdef KRB4
 static int use_v4 = -1;
@@ -714,7 +714,7 @@ main(int argc, char **argv)
     const char *host, *user, *filename = NULL;
     char *pobox = NULL;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
 #ifdef KRB5
     {
diff --git a/crypto/heimdal/appl/push/push.cat8 b/crypto/heimdal/appl/push/push.cat8
new file mode 100644
index 0000000..dff390e
--- /dev/null
+++ b/crypto/heimdal/appl/push/push.cat8
@@ -0,0 +1,77 @@
+
+PUSH(8)                  UNIX System Manager's Manual                  PUSH(8)
+
+NNAAMMEE
+     ppuusshh - fetch mail via POP
+
+SSYYNNOOPPSSIISS
+     ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll |
+     ----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerrss=_h_e_a_d_e_r_s] [--pp _p_o_r_t_-_s_p_e_c |
+     ----ppoorrtt=_p_o_r_t_-_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e
+
+DDEESSCCRRIIPPTTIIOONN
+     ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail
+     in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following for-
+     mats:
+           `hostname:username'
+           `po:hostname:username'
+           `username@hostname'
+           `po:username@hostname'
+           `hostname'
+           `po:username'
+
+     If no username is specified, ppuusshh assumes that it's the same as on the
+     local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment
+     variable.
+
+     Supported options:
+
+     --44, ----kkrrbb44
+             use Kerberos 4 (if compiled with support for Kerberos 4)
+
+     --55, ----kkrrbb55
+             use Kerberos 5 (if compiled with support for Kerberos 5)
+
+     --ff, ----ffoorrkk
+             fork before starting to delete messages
+
+     --ll, ----lleeaavvee
+             don't delete fetched mail
+
+     ----ffrroomm  behave like from.
+
+     --cc, ----ccoouunntt
+             first print how many messages and bytes there are.
+
+     ----hheeaaddeerrss=_h_e_a_d_e_r_s
+             a list of comma-separated headers that should get printed.
+
+     --pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt=_p_o_r_t_-_s_p_e_c
+             use this port instead of the default `kpop' or `1109'.
+
+     The default is to first try Kerberos 5 authentication and then, if that
+     fails, Kerberos 4.
+
+EENNVVIIRROONNMMEENNTT
+     MAILHOST
+             points to the post office, if no other hostname is specified.
+
+EEXXAAMMPPLLEESS
+           $ push cornfield:roosta ~/.emacs-mail-crash-box
+
+     tries to fetch mail for the user _r_o_o_s_t_a from the post office at
+     ``cornfield'', and stores the mail in _~_/_._e_m_a_c_s_-_m_a_i_l_-_c_r_a_s_h_-_b_o_x (you are
+     using Gnus, aren't you?)
+
+           $ push --from -5 havregryn
+
+     tries to fetch FFrroomm:: lines for current user at post office ``havregryn''
+     using Kerberos 5.
+
+SSEEEE AALLSSOO
+     movemail(8),  popper(8),  from(1),  pfrom(1)
+
+HHIISSTTOORRYY
+     ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
+
+ HEIMDAL                         May 31, 1998                                2
diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog
index 0685061..e8a4f05 100644
--- a/crypto/heimdal/appl/rcp/ChangeLog
+++ b/crypto/heimdal/appl/rcp/ChangeLog
@@ -1,3 +1,14 @@
+2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rcp.c: convert to use getarg
+
+	* rcp.c: do a better job of supporting files larger than 2GB
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* rcp.c: add -F for forwarding ticket, from Ake Sandgren
+	<ake@cs.umu.se>
+
 2001-01-29  Assar Westerlund  <assar@sics.se>
 
 	* util.c (roundup): add fallback definition
diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in
index f0ee151..0f76540 100644
--- a/crypto/heimdal/appl/rcp/Makefile.in
+++ b/crypto/heimdal/appl/rcp/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = rcp
@@ -230,7 +233,7 @@ OBJECTS = $(am_rcp_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/rcp/Makefile
 
@@ -322,6 +325,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c
index 1c532ad..d4a062d 100644
--- a/crypto/heimdal/appl/rcp/rcp.c
+++ b/crypto/heimdal/appl/rcp/rcp.c
@@ -32,16 +32,16 @@
  */
 
 #include "rcp_locl.h"
+#include <getarg.h>
 
 #define RSH_PROGRAM "rsh"
-#define	OPTIONS "5dfKpP:rtxz"
 
 struct  passwd *pwd;
 uid_t	userid;
 int     errs, remin, remout;
 int     pflag, iamremote, iamrecursive, targetshouldbedirectory;
 int     doencrypt, noencrypt;
-int     usebroken, usekrb5;
+int     usebroken, usekrb5, forwardtkt;
 char    *port;
 
 #define	CMDNEEDS	64
@@ -53,58 +53,57 @@ void	 sink (int, char *[]);
 void	 source (int, char *[]);
 void	 tolocal (int, char *[]);
 void	 toremote (char *, int, char *[]);
-void	 usage (void);
 
 int      do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout);
 
+static int fflag, tflag;
+
+static int version_flag, help_flag;
+
+struct getargs args[] = {
+    { NULL,	'5', arg_flag,		&usekrb5,	"use Kerberos 5 authentication" },
+    { NULL,	'F', arg_flag,		&forwardtkt,	"forward credentials" },
+    { NULL,	'K', arg_flag,		&usebroken,	"use BSD authentication" },
+    { NULL,	'P', arg_string,	&port,		"non-default port", "port" },
+    { NULL,	'p', arg_flag,		&pflag,	"preserve file permissions" },
+    { NULL,	'r', arg_flag,		&iamrecursive,	"recursive mode" },
+    { NULL,	'x', arg_flag,		&doencrypt,	"use encryption" },
+    { NULL,	'z', arg_flag,		&noencrypt,	"don't encrypt" },
+    { NULL,	'd', arg_flag,		&targetshouldbedirectory },
+    { NULL,	'f', arg_flag,		&fflag },
+    { NULL,	't', arg_flag,		&tflag },
+    { "version", 0,  arg_flag,		&version_flag },
+    { "help",	 0,  arg_flag,		&help_flag }
+};
+
+static void
+usage (int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "file1 file2|file... directory");
+    exit (ret);
+}
+
 int
-main(argc, argv)
-	int argc;
-	char *argv[];
+main(int argc, char **argv)
 {
-	int ch, fflag, tflag;
 	char *targ;
+	int optind = 0;
+
+	if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		    &optind))
+	    usage (1);
+	if(help_flag)
+	    usage(0);
+	if (version_flag) {
+	    print_version (NULL);
+	    return 0;
+	}
+	    
+	iamremote = (fflag || tflag);
 
-	fflag = tflag = 0;
-	while ((ch = getopt(argc, argv, OPTIONS)) != -1)
-		switch(ch) {			/* User-visible flags. */
-		case '5':
-			usekrb5 = 1;
-			break;
-		case 'K':
-			usebroken = 1;
-			break;
-		case 'P':
-			port = optarg;
-			break;			
-		case 'p':
-			pflag = 1;
-			break;
-		case 'r':
-			iamrecursive = 1;
-			break;
-		case 'x':
-			doencrypt = 1;
-			break;			
-		case 'z':
-			noencrypt = 1;
-			break;
-						/* Server options. */
-		case 'd':
-			targetshouldbedirectory = 1;
-			break;
-		case 'f':			/* "from" */
-			iamremote = 1;
-			fflag = 1;
-			break;
-		case 't':			/* "to" */
-			iamremote = 1;
-			tflag = 1;
-			break;
-		case '?':
-		default:
-			usage();
-		}
 	argc -= optind;
 	argv += optind;
 
@@ -115,29 +114,29 @@ main(argc, argv)
 	remout = STDOUT_FILENO;
 
 	if (fflag) {			/* Follow "protocol", send data. */
-		(void)response();
-		(void)setuid(userid);
+		response();
+		setuid(userid);
 		source(argc, argv);
 		exit(errs);
 	}
 
 	if (tflag) {			/* Receive data. */
-		(void)setuid(userid);
+		setuid(userid);
 		sink(argc, argv);
 		exit(errs);
 	}
 
 	if (argc < 2)
-		usage();
+	    usage(1);
 	if (argc > 2)
 		targetshouldbedirectory = 1;
 
 	remin = remout = -1;
 	/* Command to be executed on remote system using "rsh". */
-	(void) sprintf(cmd, "rcp%s%s%s", iamrecursive ? " -r" : "", 
+	 sprintf(cmd, "rcp%s%s%s", iamrecursive ? " -r" : "", 
 		       pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
 
-	(void)signal(SIGPIPE, lostconn);
+	signal(SIGPIPE, lostconn);
 
 	if ((targ = colon(argv[argc - 1])))	/* Dest is remote host. */
 		toremote(targ, argc, argv);
@@ -150,9 +149,7 @@ main(argc, argv)
 }
 
 void
-toremote(targ, argc, argv)
-	char *targ, *argv[];
-	int argc;
+toremote(char *targ, int argc, char **argv)
 {
 	int i, len;
 	char *bp, *host, *src, *suser, *thost, *tuser;
@@ -193,25 +190,25 @@ toremote(targ, argc, argv)
 					suser = pwd->pw_name;
 				else if (!okname(suser))
 					continue;
-				(void)snprintf(bp, len,
+				snprintf(bp, len,
 				    "%s %s -l %s -n %s %s '%s%s%s:%s'",
 				    _PATH_RSH, host, suser, cmd, src,
 				    tuser ? tuser : "", tuser ? "@" : "",
 				    thost, targ);
 			} else
-				(void)snprintf(bp, len,
+				snprintf(bp, len,
 				    "exec %s %s -n %s %s '%s%s%s:%s'",
 				    _PATH_RSH, argv[i], cmd, src,
 				    tuser ? tuser : "", tuser ? "@" : "",
 				    thost, targ);
-			(void)susystem(bp, userid);
-			(void)free(bp);
+			susystem(bp, userid);
+			free(bp);
 		} else {			/* local to remote */
 			if (remin == -1) {
 				len = strlen(targ) + CMDNEEDS + 20;
 				if (!(bp = malloc(len)))
 					err(1, "malloc");
-				(void)snprintf(bp, len, "%s -t %s", cmd, targ);
+				snprintf(bp, len, "%s -t %s", cmd, targ);
 				host = thost;
 
 				if (do_cmd(host, tuser, bp, &remin, &remout) < 0)
@@ -219,8 +216,8 @@ toremote(targ, argc, argv)
 
 				if (response() < 0)
 					exit(1);
-				(void)free(bp);
-				(void)setuid(userid);
+				free(bp);
+				setuid(userid);
 			}
 			source(1, argv+i);
 		}
@@ -228,9 +225,7 @@ toremote(targ, argc, argv)
 }
 
 void
-tolocal(argc, argv)
-	int argc;
-	char *argv[];
+tolocal(int argc, char **argv)
 {
 	int i, len;
 	char *bp, *host, *src, *suser;
@@ -241,12 +236,12 @@ tolocal(argc, argv)
 			    strlen(argv[argc - 1]) + 20;
 			if (!(bp = malloc(len)))
 				err(1, "malloc");
-			(void)snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
+			snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
 			    iamrecursive ? " -PR" : "", pflag ? " -p" : "",
 			    argv[i], argv[argc - 1]);
 			if (susystem(bp, userid))
 				++errs;
-			(void)free(bp);
+			free(bp);
 			continue;
 		}
 		*src++ = 0;
@@ -266,24 +261,38 @@ tolocal(argc, argv)
 		len = strlen(src) + CMDNEEDS + 20;
 		if ((bp = malloc(len)) == NULL)
 			err(1, "malloc");
-		(void)snprintf(bp, len, "%s -f %s", cmd, src);
+		snprintf(bp, len, "%s -f %s", cmd, src);
 		if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
-			(void)free(bp);
+			free(bp);
 			++errs;
 			continue;
 		}
-		(void)free(bp);
+		free(bp);
 		sink(1, argv + argc - 1);
-		(void)seteuid(0);
-		(void)close(remin);
+		seteuid(0);
+		close(remin);
 		remin = remout = -1;
 	}
 }
 
+static char *
+sizestr(off_t size)
+{
+    static char ss[32];
+    char *p;
+    ss[sizeof(ss) - 1] = '\0';
+    for(p = ss + sizeof(ss) - 2; p >= ss; p--) {
+	*p = '0' + size % 10;
+	size /= 10;
+	if(size == 0)
+	    break;
+    }
+    return ss;
+}
+		    
+
 void
-source(argc, argv)
-	int argc;
-	char *argv[];
+source(int argc, char **argv)
 {
 	struct stat stb;
 	static BUF buffer;
@@ -322,21 +331,21 @@ syserr:			run_err("%s: %s", name, strerror(errno));
 			 * Make it compatible with possible future
 			 * versions expecting microseconds.
 			 */
-			(void)snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
+			snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
 			    (long)stb.st_mtime,
 			    (long)stb.st_atime);
-			(void)write(remout, buf, strlen(buf));
+			write(remout, buf, strlen(buf));
 			if (response() < 0)
 				goto next;
 		}
 #define	MODEMASK	(S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)
-		(void)snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
-		    stb.st_mode & MODEMASK, (unsigned long)stb.st_size, last);
-		(void)write(remout, buf, strlen(buf));
+		snprintf(buf, sizeof(buf), "C%04o %s %s\n",
+			 stb.st_mode & MODEMASK, sizestr(stb.st_size), last);
+		write(remout, buf, strlen(buf));
 		if (response() < 0)
 			goto next;
 		if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
-next:			(void)close(fd);
+next:			close(fd);
 			continue;
 		}
 
@@ -351,7 +360,7 @@ next:			(void)close(fd);
 					haderr = result >= 0 ? EIO : errno;
 			}
 			if (haderr)
-				(void)write(remout, bp->buf, amt);
+				write(remout, bp->buf, amt);
 			else {
 				result = write(remout, bp->buf, amt);
 				if (result != amt)
@@ -361,17 +370,15 @@ next:			(void)close(fd);
 		if (close(fd) && !haderr)
 			haderr = errno;
 		if (!haderr)
-			(void)write(remout, "", 1);
+			write(remout, "", 1);
 		else
 			run_err("%s: %s", name, strerror(haderr));
-		(void)response();
+		response();
 	}
 }
 
 void
-rsource(name, statp)
-	char *name;
-	struct stat *statp;
+rsource(char *name, struct stat *statp)
 {
 	DIR *dirp;
 	struct dirent *dp;
@@ -387,18 +394,18 @@ rsource(name, statp)
 	else
 		last++;
 	if (pflag) {
-		(void)snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
+		snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
 		    (long)statp->st_mtime,
 		    (long)statp->st_atime);
-		(void)write(remout, path, strlen(path));
+		write(remout, path, strlen(path));
 		if (response() < 0) {
 			closedir(dirp);
 			return;
 		}
 	}
-	(void)snprintf(path, sizeof(path),
+	snprintf(path, sizeof(path),
 	    "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last);
-	(void)write(remout, path, strlen(path));
+	write(remout, path, strlen(path));
 	if (response() < 0) {
 		closedir(dirp);
 		return;
@@ -412,19 +419,17 @@ rsource(name, statp)
 			run_err("%s/%s: name too long", name, dp->d_name);
 			continue;
 		}
-		(void)snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
+		snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
 		vect[0] = path;
 		source(1, vect);
 	}
-	(void)closedir(dirp);
-	(void)write(remout, "E\n", 2);
-	(void)response();
+	closedir(dirp);
+	write(remout, "E\n", 2);
+	response();
 }
 
 void
-sink(argc, argv)
-	int argc;
-	char *argv[];
+sink(int argc, char **argv)
 {
 	static BUF buffer;
 	struct stat stb;
@@ -443,7 +448,7 @@ sink(argc, argv)
 	setimes = targisdir = 0;
 	mask = umask(0);
 	if (!pflag)
-		(void)umask(mask);
+		umask(mask);
 	if (argc != 1) {
 		run_err("ambiguous target");
 		exit(1);
@@ -451,7 +456,7 @@ sink(argc, argv)
 	targ = *argv;
 	if (targetshouldbedirectory)
 		verifydir(targ);
-	(void)write(remout, "", 1);
+	write(remout, "", 1);
 	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
 		targisdir = 1;
 	for (first = 1;; first = 0) {
@@ -469,7 +474,7 @@ sink(argc, argv)
 
 		if (buf[0] == '\01' || buf[0] == '\02') {
 			if (iamremote == 0)
-				(void)write(STDERR_FILENO,
+				write(STDERR_FILENO,
 				    buf + 1, strlen(buf + 1));
 			if (buf[0] == '\02')
 				exit(1);
@@ -477,7 +482,7 @@ sink(argc, argv)
 			continue;
 		}
 		if (buf[0] == 'E') {
-			(void)write(remout, "", 1);
+			write(remout, "", 1);
 			return;
 		}
 
@@ -500,7 +505,7 @@ sink(argc, argv)
 			atime.tv_usec = strtol(cp, &cp, 10);
 			if (!cp || *cp++ != '\0')
 				SCREWUP("atime.usec not delimited");
-			(void)write(remout, "", 1);
+			write(remout, "", 1);
 			continue;
 		}
 		if (*cp != 'C' && *cp != 'D') {
@@ -540,7 +545,7 @@ sink(argc, argv)
 				if (!(namebuf = malloc(need)))
 					run_err("%s", strerror(errno));
 			}
-			(void)snprintf(namebuf, need, "%s%s%s", targ,
+			snprintf(namebuf, need, "%s%s%s", targ,
 			    *targ ? "/" : "", cp);
 			np = namebuf;
 		} else
@@ -554,7 +559,7 @@ sink(argc, argv)
 					goto bad;
 				}
 				if (pflag)
-					(void)chmod(np, mode);
+					chmod(np, mode);
 			} else {
 				/* Handle copying from a read-only directory */
 				mod_flag = 1;
@@ -570,7 +575,7 @@ sink(argc, argv)
 					np, strerror(errno));
 			}
 			if (mod_flag)
-				(void)chmod(np, mode);
+				chmod(np, mode);
 			continue;
 		}
 		omode = mode;
@@ -579,9 +584,9 @@ sink(argc, argv)
 bad:			run_err("%s: %s", np, strerror(errno));
 			continue;
 		}
-		(void)write(remout, "", 1);
+		write(remout, "", 1);
 		if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
-			(void)close(ofd);
+			close(ofd);
 			continue;
 		}
 		cp = bp->buf;
@@ -591,16 +596,13 @@ bad:			run_err("%s: %s", np, strerror(errno));
 			if (i + amt > size)
 				amt = size - i;
 			count += amt;
-			do {
-				j = read(remin, cp, amt);
-				if (j <= 0) {
-					run_err("%s", j ? strerror(errno) :
-					    "dropped connection");
-					exit(1);
-				}
-				amt -= j;
-				cp += j;
-			} while (amt > 0);
+			if((j = net_read(remin, cp, amt)) != amt) {
+			    run_err("%s", j ? strerror(errno) :
+				    "dropped connection");
+			    exit(1);
+			}
+			amt -= j;
+			cp += j;
 			if (count == bp->cnt) {
 				/* Keep reading so we stay sync'd up. */
 				if (wrerr == NO) {
@@ -634,8 +636,8 @@ bad:			run_err("%s: %s", np, strerror(errno));
 					run_err("%s: set mode: %s",
 					    np, strerror(errno));
 		}
-		(void)close(ofd);
-		(void)response();
+		close(ofd);
+		response();
 		if (setimes && wrerr == NO) {
 			setimes = 0;
 			if (utimes(np, tv) < 0) {
@@ -649,7 +651,7 @@ bad:			run_err("%s: %s", np, strerror(errno));
 			run_err("%s: %s", np, strerror(wrerrno));
 			break;
 		case NO:
-			(void)write(remout, "", 1);
+			write(remout, "", 1);
 			break;
 		case DISPLAYED:
 			break;
@@ -661,7 +663,7 @@ screwup:
 }
 
 int
-response()
+response(void)
 {
 	char ch, *cp, resp, rbuf[BUFSIZ];
 
@@ -684,7 +686,7 @@ response()
 		} while (cp < &rbuf[BUFSIZ] && ch != '\n');
 
 		if (!iamremote)
-			(void)write(STDERR_FILENO, rbuf, cp - rbuf);
+			write(STDERR_FILENO, rbuf, cp - rbuf);
 		++errs;
 		if (resp == 1)
 			return (-1);
@@ -693,15 +695,6 @@ response()
 	/* NOTREACHED */
 }
 
-void
-usage()
-{
-	(void)fprintf(stderr, "%s\n%s\n",
-		      "usage: rcp [-5FKpx] [-P port] f1 f2",
-		      "       rcp [-5FKprx] [-P port] f1 ... fn directory");
-	exit(1);
-}
-
 #include <stdarg.h>
 
 void
@@ -714,11 +707,11 @@ run_err(const char *fmt, ...)
 	++errs;
 	if (fp == NULL && !(fp = fdopen(remout, "w")))
 		return;
-	(void)fprintf(fp, "%c", 0x01);
-	(void)fprintf(fp, "rcp: ");
-	(void)vfprintf(fp, fmt, ap);
-	(void)fprintf(fp, "\n");
-	(void)fflush(fp);
+	fprintf(fp, "%c", 0x01);
+	fprintf(fp, "rcp: ");
+	vfprintf(fp, fmt, ap);
+	fprintf(fp, "\n");
+	fflush(fp);
 
 	if (!iamremote)
 		vwarnx(fmt, ap);
@@ -780,6 +773,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
 			args[i++] = "-K";
 		if (doencrypt)
 			args[i++] = "-x";
+		if (forwardtkt)
+			args[i++] = "-F";
 		if (noencrypt)
 			args[i++] = "-z";
 		if (port != NULL) {
diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog
index 4a40ac7..a66ce22 100644
--- a/crypto/heimdal/appl/rsh/ChangeLog
+++ b/crypto/heimdal/appl/rsh/ChangeLog
@@ -1,3 +1,12 @@
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: add login_access
+	* rshd.c (login_access): add prototype
+	(syslog_and_die, fatal): add printf attributes
+	(*): AIX -> _AIX
+	(doit): use login_access
+	based on patches from Ake Sandgren <ake@cs.umu.se>
+
 2001-01-09  Assar Westerlund  <assar@sics.se>
 
 	* rshd.c (save_krb5_creds): use krb5_rd_cred2 instead of
diff --git a/crypto/heimdal/appl/rsh/Makefile.am b/crypto/heimdal/appl/rsh/Makefile.am
index 3c340ad..8b5065b 100644
--- a/crypto/heimdal/appl/rsh/Makefile.am
+++ b/crypto/heimdal/appl/rsh/Makefile.am
@@ -1,8 +1,8 @@
-# $Id: Makefile.am,v 1.15 2000/11/15 22:51:10 assar Exp $
+# $Id: Makefile.am,v 1.16 2001/02/07 05:09:06 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4)
+INCLUDES += $(INCLUDE_krb4) -I$(srcdir)/../login
 
 bin_PROGRAMS = rsh
 
@@ -10,10 +10,14 @@ libexec_PROGRAMS = rshd
 
 rsh_SOURCES  = rsh.c common.c rsh_locl.h
 
-rshd_SOURCES = rshd.c common.c rsh_locl.h
+rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
+
+login_access.c:
+	$(LN_S) $(srcdir)/../login/login_access.c .
 
 LDADD = $(LIB_kafs) \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
 	$(LIB_des) \
-	$(LIB_roken)
+	$(LIB_roken) \
+	$(LIB_kdfs)
diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in
index 0ba1b86..08950b58 100644
--- a/crypto/heimdal/appl/rsh/Makefile.in
+++ b/crypto/heimdal/appl/rsh/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,20 +114,20 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.15 2000/11/15 22:51:10 assar Exp $
+# $Id: Makefile.am,v 1.16 2001/02/07 05:09:06 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
 
 SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) -I$(srcdir)/../login
 
 AM_CFLAGS =  $(WFLAGS)
 
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = rsh
@@ -193,13 +196,14 @@ libexec_PROGRAMS = rshd
 
 rsh_SOURCES = rsh.c common.c rsh_locl.h
 
-rshd_SOURCES = rshd.c common.c rsh_locl.h
+rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
 
 LDADD = $(LIB_kafs) \
 	$(LIB_krb5) \
 	$(LIB_krb4) \
 	$(LIB_des) \
-	$(LIB_roken)
+	$(LIB_roken) \
+	$(LIB_kdfs)
 
 subdir = appl/rsh
 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
@@ -220,30 +224,59 @@ X_PRE_LIBS = @X_PRE_LIBS@
 am_rsh_OBJECTS =  rsh.$(OBJEXT) common.$(OBJEXT)
 rsh_OBJECTS =  $(am_rsh_OBJECTS)
 rsh_LDADD = $(LDADD)
-@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = 
-@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES =  \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
-@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = 
+@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES =  \
+@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES =  \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES =  \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
 rsh_LDFLAGS = 
-am_rshd_OBJECTS =  rshd.$(OBJEXT) common.$(OBJEXT)
+am_rshd_OBJECTS =  rshd.$(OBJEXT) common.$(OBJEXT) \
+login_access.$(OBJEXT)
 rshd_OBJECTS =  $(am_rshd_OBJECTS)
 rshd_LDADD = $(LDADD)
-@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = 
-@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES =  \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
-@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = 
+@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES =  \
+@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES =  \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES =  \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
+@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES =  \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
+@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
 rshd_LDFLAGS = 
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -263,7 +296,7 @@ OBJECTS = $(am_rsh_OBJECTS) $(am_rshd_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/rsh/Makefile
 
@@ -387,6 +420,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -624,6 +662,9 @@ check-local::
 	  test "$$failed" -eq 0; \
 	fi
 
+login_access.c:
+	$(LN_S) $(srcdir)/../login/login_access.c .
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c
index 7b97f58..5898099 100644
--- a/crypto/heimdal/appl/rsh/rsh.c
+++ b/crypto/heimdal/appl/rsh/rsh.c
@@ -32,7 +32,7 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: rsh.c,v 1.57 2000/12/31 07:36:54 assar Exp $");
+RCSID("$Id: rsh.c,v 1.58 2001/02/20 01:44:47 assar Exp $");
 
 enum auth_method auth_method;
 int do_encrypt       = -1;
@@ -836,7 +836,7 @@ main(int argc, char **argv)
     if (setuid (uid) || (uid != 0 && setuid(0) == 0))
 	err (1, "setuid");
     
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     if (argc >= 2 && argv[1][0] != '-') {
 	host = argv[host_index = 1];
diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c
index cd7eb7b..d22f3cf 100644
--- a/crypto/heimdal/appl/rsh/rshd.c
+++ b/crypto/heimdal/appl/rsh/rshd.c
@@ -32,7 +32,10 @@
  */
 
 #include "rsh_locl.h"
-RCSID("$Id: rshd.c,v 1.39 2001/01/09 18:44:29 assar Exp $");
+RCSID("$Id: rshd.c,v 1.41 2001/02/20 01:44:48 assar Exp $");
+
+int
+login_access( struct passwd *user, char *from);
 
 enum auth_method auth_method;
 
@@ -72,6 +75,10 @@ krb5_ticket *user_ticket;
 
 static void
 syslog_and_die (const char *m, ...)
+    __attribute__ ((format (printf, 1, 2)));
+
+static void
+syslog_and_die (const char *m, ...)
 {
     va_list args;
 
@@ -83,6 +90,10 @@ syslog_and_die (const char *m, ...)
 
 static void
 fatal (int sock, const char *m, ...)
+    __attribute__ ((format (printf, 2, 3)));
+
+static void
+fatal (int sock, const char *m, ...)
 {
     va_list args;
     char buf[BUFSIZ];
@@ -586,7 +597,7 @@ doit (int do_kerberos, int check_rhosts)
     struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
     struct sockaddr_storage erraddr_ss;
     struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
-    socklen_t addrlen;
+    socklen_t thisaddr_len, thataddr_len;
     int port;
     int errsock = -1;
     char client_user[COMMAND_SZ], server_user[USERNAME_SZ];
@@ -594,12 +605,14 @@ doit (int do_kerberos, int check_rhosts)
     struct passwd *pwd;
     int s = STDIN_FILENO;
     char **env;
+    int ret;
+    char that_host[NI_MAXHOST];
 
-    addrlen = sizeof(thisaddr_ss);
-    if (getsockname (s, thisaddr, &addrlen) < 0)
+    thisaddr_len = sizeof(thisaddr_ss);
+    if (getsockname (s, thisaddr, &thisaddr_len) < 0)
 	syslog_and_die("getsockname: %m");
-    addrlen = sizeof(thataddr_ss);
-    if (getpeername (s, thataddr, &addrlen) < 0)
+    thataddr_len = sizeof(thataddr_ss);
+    if (getpeername (s, thataddr, &thataddr_len) < 0)
 	syslog_and_die ("getpeername: %m");
 
     if (!do_kerberos && !is_reserved(socket_get_port(thataddr)))
@@ -689,7 +702,7 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die("recv_bsd_auth failed");
     }
 
-#if defined(DCE) && defined(AIX)
+#if defined(DCE) && defined(_AIX)
     esetenv("AUTHSTATE", "DCE", 1);
 #endif
 
@@ -703,6 +716,19 @@ doit (int do_kerberos, int check_rhosts)
     if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
 	fatal (s, "Login disabled.");
 
+
+    ret = getnameinfo_verified (thataddr, thataddr_len,
+				that_host, sizeof(that_host),
+				NULL, 0, 0);
+    if (ret)
+	fatal (s, "getnameinfo: %s", gai_strerror(ret));
+
+    if (login_access(pwd, that_host) == 0) {
+	syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
+	       server_user, that_host);
+	fatal(s, "Permission denied");
+    }
+
 #ifdef HAVE_GETSPNAM
     {
 	struct spwd *sp;
@@ -844,7 +870,7 @@ usage (int ret)
 			NULL,
 			"");
     else
-	syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", __progname);
+	syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
     exit (ret);
 }
 
@@ -855,7 +881,7 @@ main(int argc, char **argv)
     int optind = 0;
     int port = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
     roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
 
     if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in
index 93033f0..33f934b 100644
--- a/crypto/heimdal/appl/su/Makefile.in
+++ b/crypto/heimdal/appl/su/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = su
@@ -240,7 +243,7 @@ OBJECTS = $(am_su_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/su/Makefile
 
@@ -332,6 +335,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c
index a5fd442..b43894b 100644
--- a/crypto/heimdal/appl/su/su.c
+++ b/crypto/heimdal/appl/su/su.c
@@ -32,7 +32,7 @@
 
 #include <config.h>
 
-RCSID("$Id: su.c,v 1.18 2001/01/26 16:02:49 joda Exp $");
+RCSID("$Id: su.c,v 1.20 2001/02/20 01:44:48 assar Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -50,7 +50,11 @@ RCSID("$Id: su.c,v 1.18 2001/01/26 16:02:49 joda Exp $");
 
 #include <pwd.h>
 
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#else
 #include <des.h>
+#endif
 #include <krb5.h>
 #include <kafs.h>
 #include <err.h>
@@ -274,7 +278,7 @@ main(int argc, char **argv)
     int ok = 0;
     int kerberos_error=1;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
 	usage(1);
diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog
index 6857151..147066a 100644
--- a/crypto/heimdal/appl/telnet/ChangeLog
+++ b/crypto/heimdal/appl/telnet/ChangeLog
@@ -1,3 +1,36 @@
+2001-04-25  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c (start_login): give the correct error if exec
+	fails
+	* telnetd/utility.c (fatalperror_errno): add a new function with
+	explicit errno parameter
+
+2001-03-07  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c: some minimal more amount of
+ 	const-correctness
+
+2001-02-24  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/enc_des.c: learn to live with libcrypto (from openssl)
+
+2001-02-20  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): copy the hostname so it doesn't get
+	overwritten while reading ~/.telnetrc
+	(*): removed some unneeded externs
+
+2001-02-08  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c (startslave, start_login): re-write code to
+	keep track both of remote hostname and utmp string to be used
+	* telnetd/telnetd.c (doit, my_telnet): re-write code to keep track
+	both of remote hostname and utmp string to be used
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* telnet/Makefile.am, telnetd/Makefile.am: add LIB_kdfs
+
 2001-01-09  Assar Westerlund  <assar@sics.se>
 
 	* libtelnet/kerberos5.c (kerberos5_is): use krb5_rd_cred2 instead
@@ -21,6 +54,9 @@
 
 2000-12-07  Assar Westerlund  <assar@sics.se>
 
+	* telnetd/telnetd.h: move include files around to avoid getting SE
+	from sys/*.h on HP to override SE from telnet.h
+
 	* telnetd/sys_term.c (scrub_env): remove some const-ness
 	* telnetd/sys_term.c (scrub_env): add LOGNAME and POSIXLY_CORRECT
 	to the list of authorized environment variables to be compatible
diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in
index ad4a164..8a24b8b 100644
--- a/crypto/heimdal/appl/telnet/Makefile.in
+++ b/crypto/heimdal/appl/telnet/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 SUBDIRS = libtelnet telnet telnetd
@@ -207,9 +210,10 @@ DIST_COMMON =  ChangeLog Makefile.am Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 
 GZIP_ENV = --best
+DIST_SUBDIRS =  $(SUBDIRS)
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/Makefile
 
@@ -250,11 +254,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -300,6 +309,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
index a43a6d5..efa9ad1 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
+++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 noinst_LIBRARIES = libtelnet.a
@@ -245,7 +248,7 @@ OBJECTS = $(am_libtelnet_a_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/libtelnet/Makefile
 
@@ -319,6 +322,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
index a24bfa7..a847138 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $");
+RCSID("$Id: enc_des.c,v 1.18 2001/02/24 05:47:39 assar Exp $");
 
 #if	defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
 #include <arpa/telnet.h>
@@ -50,7 +50,11 @@ RCSID("$Id: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $");
 #include "encrypt.h"
 #include "misc-proto.h"
 
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#else
 #include <des.h>
+#endif
 
 extern int encrypt_debug_mode;
 
@@ -404,7 +408,7 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
 
 	if (fbp->once == 0) {
-#ifndef OLD_DES_RANDOM_KEY
+#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL_DES_H)
 		des_init_random_number_generator(&fbp->krbdes_key);
 #endif
 		fbp->once = 1;
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
index 5919db5..7bc69db 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
+++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
@@ -55,7 +55,7 @@
  * or implied warranty.
  */
 
-/* $Id: encrypt.h,v 1.4 1997/01/24 23:10:56 assar Exp $ */
+/* $Id: encrypt.h,v 1.6 2001/02/15 06:46:28 assar Exp $ */
 
 #ifndef	__ENCRYPT__
 #define	__ENCRYPT__
@@ -90,6 +90,13 @@ typedef struct {
 
 #define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
 
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#define des_new_random_key des_random_key
+#else
+#include <des.h>
+#endif
+
 #include "enc-proto.h"
 
 extern int encrypt_debug_mode;
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
index a003007..ea5a51e 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
@@ -55,7 +55,7 @@
 #include <config.h>
 #endif
 
-RCSID("$Id: kerberos.c,v 1.50 2000/11/23 02:28:06 joda Exp $");
+RCSID("$Id: kerberos.c,v 1.51 2001/02/15 04:20:52 assar Exp $");
 
 #ifdef	KRB4
 #ifdef HAVE_SYS_TYPES_H
@@ -65,7 +65,6 @@ RCSID("$Id: kerberos.c,v 1.50 2000/11/23 02:28:06 joda Exp $");
 #include <arpa/telnet.h>
 #endif
 #include <stdio.h>
-#include <des.h>	/* BSD wont include this in krb.h, so we do it here */
 #include <krb.h>
 #include <pwd.h>
 #include <stdlib.h>
diff --git a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
index a85d562c..0a4ff86 100644
--- a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
+++ b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
@@ -33,7 +33,7 @@
 
 #include <config.h>
 
-RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
+RCSID("$Id: krb4encpwd.c,v 1.19 2001/02/15 04:20:52 assar Exp $");
 
 #ifdef	KRB4_ENCPWD
 /*
@@ -74,7 +74,6 @@ RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
 #include <pwd.h>
 #include <stdio.h>
 
-#include <des.h>
 #include <krb.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.am b/crypto/heimdal/appl/telnet/telnet/Makefile.am
index 7dd9c19..3107850 100644
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.am
+++ b/crypto/heimdal/appl/telnet/telnet/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
+# $Id: Makefile.am,v 1.15 2001/02/07 06:11:52 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -19,4 +19,5 @@ LDADD = ../libtelnet/libtelnet.a \
 	$(LIB_krb4) \
 	$(LIB_des) \
 	$(LIB_tgetent) \
+	$(LIB_kdfs) \
 	$(LIB_roken)
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in
index 0a23fd9..02dedee 100644
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.in
+++ b/crypto/heimdal/appl/telnet/telnet/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
+# $Id: Makefile.am,v 1.15 2001/02/07 06:11:52 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = 
 
 bin_PROGRAMS = telnet
@@ -201,6 +204,7 @@ LDADD = ../libtelnet/libtelnet.a \
 	$(LIB_krb4) \
 	$(LIB_des) \
 	$(LIB_tgetent) \
+	$(LIB_kdfs) \
 	$(LIB_roken)
 
 subdir = appl/telnet/telnet
@@ -223,10 +227,16 @@ network.$(OBJEXT) ring.$(OBJEXT) sys_bsd.$(OBJEXT) telnet.$(OBJEXT) \
 terminal.$(OBJEXT) utilities.$(OBJEXT)
 telnet_OBJECTS =  $(am_telnet_OBJECTS)
 telnet_LDADD = $(LDADD)
-@KRB5_FALSE@telnet_DEPENDENCIES =  ../libtelnet/libtelnet.a
-@KRB5_TRUE@telnet_DEPENDENCIES =  ../libtelnet/libtelnet.a \
-@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_FALSE@@KRB5_FALSE@telnet_DEPENDENCIES =  ../libtelnet/libtelnet.a
+@DCE_FALSE@@KRB5_TRUE@telnet_DEPENDENCIES =  ../libtelnet/libtelnet.a \
+@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_TRUE@@KRB5_FALSE@telnet_DEPENDENCIES =  ../libtelnet/libtelnet.a \
+@DCE_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB5_TRUE@telnet_DEPENDENCIES =  ../libtelnet/libtelnet.a \
+@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
+@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
 telnet_LDFLAGS = 
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -248,7 +258,7 @@ OBJECTS = $(am_telnet_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/telnet/Makefile
 
@@ -381,6 +391,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/telnet/telnet/commands.c b/crypto/heimdal/appl/telnet/telnet/commands.c
index 7d71979..9ddcfd9 100644
--- a/crypto/heimdal/appl/telnet/telnet/commands.c
+++ b/crypto/heimdal/appl/telnet/telnet/commands.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: commands.c,v 1.64 2000/12/11 01:44:01 assar Exp $");
+RCSID("$Id: commands.c,v 1.65 2001/02/20 03:12:09 assar Exp $");
 
 #if	defined(IPPROTO_IP) && defined(IP_TOS)
 int tos = -1;
@@ -988,7 +988,6 @@ unsetcmd(int argc, char *argv[])
  * 'mode' command.
  */
 #ifdef	KLUDGELINEMODE
-extern int kludgelinemode;
 
 static int
 dokludgemode(void)
@@ -1030,7 +1029,6 @@ static int
 dolmmode(int bit, int on)
 {
     unsigned char c;
-    extern int linemode;
 
     if (my_want_state_is_wont(TELOPT_LINEMODE)) {
 	printf("?Need to have LINEMODE option enabled first.\r\n");
@@ -1328,8 +1326,6 @@ shell(int argc, char **argv)
 static int
 bye(int argc, char **argv)
 {
-    extern int resettermname;
-
     if (connected) {
 	shutdown(net, 2);
 	printf("Connection closed.\r\n");
@@ -1551,7 +1547,6 @@ env_find(unsigned char *var)
 void
 env_init(void)
 {
-	extern char **environ;
 	char **epp, *cp;
 	struct env_lst *ep;
 
@@ -1972,7 +1967,7 @@ status(int argc, char **argv)
 /*
  * Function that gets called when SIGINFO is received.
  */
-void
+RETSIGTYPE
 ayt_status(int ignore)
 {
     call(status, "status", "notmuch", 0);
@@ -2117,6 +2112,7 @@ tn(int argc, char **argv)
 	goto usage;
 
     strlcpy (_hostname, hostp, sizeof(_hostname));
+    hostp = _hostname;
     if (hostp[0] == '@' || hostp[0] == '!') {
 	char *p;
 	hostname = NULL;
diff --git a/crypto/heimdal/appl/telnet/telnet/externs.h b/crypto/heimdal/appl/telnet/telnet/externs.h
index 10d8dcc..14337af 100644
--- a/crypto/heimdal/appl/telnet/telnet/externs.h
+++ b/crypto/heimdal/appl/telnet/telnet/externs.h
@@ -33,7 +33,7 @@
  *	@(#)externs.h	8.3 (Berkeley) 5/30/95
  */
 
-/* $Id: externs.h,v 1.20 2000/11/15 23:01:29 assar Exp $ */
+/* $Id: externs.h,v 1.21 2001/03/06 20:10:13 assar Exp $ */
 
 #ifndef	BSD
 # define BSD 43
@@ -223,7 +223,7 @@ int 	EncryptStatus (void);
 #endif
 
 #ifdef SIGINFO
-void ayt_status(int);
+RETSIGTYPE ayt_status(int);
 #endif
 int tn(int argc, char **argv);
 void command(int top, char *tbuf, int cnt);
@@ -428,3 +428,8 @@ extern Ring
     ttyoring,
     ttyiring;
 
+extern int resettermname;
+extern int linemode;
+#ifdef KLUDGELINEMODE
+extern int kludgelinemode;
+#endif
diff --git a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
index e47079e..9b3f9da 100644
--- a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
+++ b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: sys_bsd.c,v 1.26 2000/10/19 21:19:57 assar Exp $");
+RCSID("$Id: sys_bsd.c,v 1.27 2001/03/06 20:10:14 assar Exp $");
 
 /*
  * The following routines try to encapsulate what is system dependent
@@ -118,9 +118,6 @@ TerminalAutoFlush(void)
 #endif	/* LNOFLSH */
 }
 
-#ifdef	KLUDGELINEMODE
-extern int kludgelinemode;
-#endif
 /*
  * TerminalSpecialChars()
  *
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.cat1 b/crypto/heimdal/appl/telnet/telnet/telnet.cat1
new file mode 100644
index 0000000..708994e
--- /dev/null
+++ b/crypto/heimdal/appl/telnet/telnet/telnet.cat1
@@ -0,0 +1,718 @@
+
+TELNET(1)                    UNIX Reference Manual                   TELNET(1)
+
+NNAAMMEE
+     tteellnneett - user interface to the TELNET protocol
+
+SSYYNNOOPPSSIISS
+     tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m]
+            [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]]
+
+DDEESSCCRRIIPPTTIIOONN
+     The tteellnneett command is used to communicate with another host using the
+     TELNET protocol.  If tteellnneett is invoked without the _h_o_s_t argument, it en-
+     ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it
+     accepts and executes the commands listed below.  If it is invoked with
+     arguments, it performs an ooppeenn command with those arguments.
+
+     Options:
+
+     --88      Specifies an 8-bit data path.  This causes an attempt to negoti-
+             ate the TELNET BINARY option on both input and output.
+
+     --77      Do not try to negotiate TELNET BINARY option.
+
+     --EE      Stops any character from being recognized as an escape character.
+
+     --FF      If Kerberos V5 authentication is being used, the --FF option allows
+             the local credentials to be forwarded to the remote system, in-
+             cluding any credentials that have already been forwarded into the
+             local environment.
+
+     --KK      Specifies no automatic login to the remote system.
+
+     --LL      Specifies an 8-bit data path on output.  This causes the BINARY
+             option to be negotiated on output.
+
+     --SS _t_o_s  Sets the IP type-of-service (TOS) option for the telnet connec-
+             tion to the value _t_o_s, which can be a numeric TOS value or, on
+             systems that support it, a symbolic TOS name found in the
+             /etc/iptos file.
+
+     --XX _a_t_y_p_e
+             Disables the _a_t_y_p_e type of authentication.
+
+     --aa      Attempt automatic login.  Currently, this sends the user name via
+             the USER variable of the ENVIRON option if supported by the re-
+             mote system.  The name used is that of the current user as re-
+             turned by getlogin(2) if it agrees with the current user ID, oth-
+             erwise it is the name associated with the user ID.
+
+     --cc      Disables the reading of the user's _._t_e_l_n_e_t_r_c file.  (See the
+             ttooggggllee sskkiipprrcc command on this man page.)
+
+     --dd      Sets the initial value of the ddeebbuugg toggle to TRUE
+
+     --ee _e_s_c_a_p_e _c_h_a_r
+             Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r.
+             If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac-
+             ter.
+
+     --ff      If Kerberos V5 authentication is being used, the --ff option allows
+             the local credentials to be forwarded to the remote system.
+
+     --kk _r_e_a_l_m
+             If Kerberos authentication is being used, the --kk option requests
+             that telnet obtain tickets for the remote host in realm realm in-
+             stead of the remote host's realm, as determined by
+             krb_realmofhost(3).
+
+     --ll _u_s_e_r
+             When connecting to the remote system, if the remote system under-
+             stands the ENVIRON option, then _u_s_e_r will be sent to the remote
+             system as the value for the variable USER.  This option implies
+             the --aa option.  This option may also be used with the ooppeenn com-
+             mand.
+
+     --nn _t_r_a_c_e_f_i_l_e
+             Opens _t_r_a_c_e_f_i_l_e for recording trace information.  See the sseett
+             ttrraacceeffiillee command below.
+
+     --rr      Specifies a user interface similar to rlogin(1).  In this mode,
+             the escape character is set to the tilde (~) character, unless
+             modified by the -e option.
+
+     --xx      Turns on encryption of the data stream if possible. This is cur-
+             rently the default and when it fails a warning is issued.
+
+     _h_o_s_t    Indicates the official name, an alias, or the Internet address of
+             a remote host.
+
+     _p_o_r_t    Indicates a port number (address of an application).  If a number
+             is not specified, the default tteellnneett port is used.
+
+     When in rlogin mode, a line of the form ~.  disconnects from the remote
+     host; ~ is the telnet escape character.  Similarly, the line ~^Z suspends
+     the telnet session.  The line ~^] escapes to the normal telnet escape
+     prompt.
+
+     Once a connection has been opened, tteellnneett will attempt to enable the
+     TELNET LINEMODE option.  If this fails, then tteellnneett will revert to one of
+     two input modes: either ``character at a time'' or ``old line by line''
+     depending on what the remote system supports.
+
+     When LINEMODE is enabled, character processing is done on the local sys-
+     tem, under the control of the remote system.  When input editing or char-
+     acter echoing is to be disabled, the remote system will relay that infor-
+     mation.  The remote system will also relay changes to any special charac-
+     ters that happen on the remote system, so that they can take effect on
+     the local system.
+
+     In ``character at a time'' mode, most text typed is immediately sent to
+     the remote host for processing.
+
+     In ``old line by line'' mode, all text is echoed locally, and (normally)
+     only completed lines are sent to the remote host.  The ``local echo char-
+     acter'' (initially ``^E'') may be used to turn off and on the local echo
+     (this would mostly be used to enter passwords without the password being
+     echoed).
+
+     If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE
+     (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr,
+     and fflluusshh characters are trapped locally, and sent as TELNET protocol se-
+     quences to the remote side.  If LINEMODE has ever been enabled, then the
+     user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt
+     is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee
+     aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush
+     subsequent output to the terminal (until the remote host acknowledges the
+     TELNET sequence) and flush previous terminal input (in the case of qquuiitt
+     and iinnttrr).
+
+
+     While connected to a remote host, tteellnneett command mode may be entered by
+     typing the tteellnneett ``escape character'' (initially ``^]'').  When in com-
+     mand mode, the normal terminal editing conventions are available.
+
+     The following tteellnneett commands are available.  Only enough of each command
+     to uniquely identify it need be typed (this is also true for arguments to
+     the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands).
+
+     aauutthh _a_r_g_u_m_e_n_t _._._.
+                The auth command manipulates the information sent through the
+                TELNET AUTHENTICATE option.  Valid arguments for the auth com-
+                mand are as follows:
+
+                ddiissaabbllee _t_y_p_e  Disables the specified type of authentication.
+                              To obtain a list of available types, use the
+                              aauutthh ddiissaabbllee ?? command.
+
+                eennaabbllee _t_y_p_e   Enables the specified type of authentication.
+                              To obtain a list of available types, use the
+                              aauutthh eennaabbllee ?? command.
+
+                ssttaattuuss        Lists the current status of the various types of
+                              authentication.
+
+     cclloossee      Close a TELNET session and return to command mode.
+
+     ddiissppllaayy _a_r_g_u_m_e_n_t _._._.
+                Displays all, or some, of the sseett and ttooggggllee values (see be-
+                low).
+
+     eennccrryypptt _a_r_g_u_m_e_n_t _._._.
+                The encrypt command manipulates the information sent through
+                the TELNET ENCRYPT option.
+
+                Note:  Because of export controls, the TELNET ENCRYPT option
+                is not supported outside of the United States and Canada.
+
+                Valid arguments for the encrypt command are as follows:
+
+                ddiissaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
+                              Disables the specified type of encryption.  If
+                              you omit the input and output, both input and
+                              output are disabled.  To obtain a list of avail-
+                              able types, use the eennccrryypptt ddiissaabbllee ?? command.
+
+                eennaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
+                              Enables the specified type of encryption.  If
+                              you omit input and output, both input and output
+                              are enabled.  To obtain a list of available
+                              types, use the eennccrryypptt eennaabbllee ?? command.
+
+                iinnppuutt         This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com-
+                              mand.
+
+                --iinnppuutt        This is the same as the eennccrryypptt ssttoopp iinnppuutt com-
+                              mand.
+
+                oouuttppuutt        This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt
+                              command.
+
+                --oouuttppuutt       This is the same as the eennccrryypptt ssttoopp oouuttppuutt com-
+                              mand.
+
+                ssttaarrtt [iinnppuutt | oouuttppuutt]
+                              Attempts to start encryption.  If you omit iinnppuutt
+                              and oouuttppuutt, both input and output are enabled.
+                              To obtain a list of available types, use the
+                              eennccrryypptt eennaabbllee ?? command.
+
+                ssttaattuuss        Lists the current status of encryption.
+
+                ssttoopp [iinnppuutt | oouuttppuutt]
+                              Stops encryption.  If you omit input and output,
+                              encryption is on both input and output.
+
+                ttyyppee _t_y_p_e     Sets the default type of encryption to be used
+                              with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com-
+                              mands.
+
+     eennvviirroonn _a_r_g_u_m_e_n_t_s _._._.
+                The eennvviirroonn command is used to manipulate the the variables
+                that my be sent through the TELNET ENVIRON option.  The ini-
+                tial set of variables is taken from the users environment,
+                with only the DISPLAY and PRINTER variables being exported by
+                default.  The USER variable is also exported if the --aa or --ll
+                options are used.
+
+                Valid arguments for the eennvviirroonn command are:
+
+                ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e
+                            Define the variable _v_a_r_i_a_b_l_e to have a value of
+                            _v_a_l_u_e. Any variables defined by this command are
+                            automatically exported.  The _v_a_l_u_e may be enclosed
+                            in single or double quotes so that tabs and spaces
+                            may be included.
+
+                uunnddeeffiinnee _v_a_r_i_a_b_l_e
+                            Remove _v_a_r_i_a_b_l_e from the list of environment vari-
+                            ables.
+
+                eexxppoorrtt _v_a_r_i_a_b_l_e
+                            Mark the variable _v_a_r_i_a_b_l_e to be exported to the
+                            remote side.
+
+                uunneexxppoorrtt _v_a_r_i_a_b_l_e
+                            Mark the variable _v_a_r_i_a_b_l_e to not be exported un-
+                            less explicitly asked for by the remote side.
+
+                lliisstt        List the current set of environment variables.
+                            Those marked with a ** will be sent automatically,
+                            other variables will only be sent if explicitly
+                            requested.
+
+                ??           Prints out help information for the eennvviirroonn com-
+                            mand.
+
+     llooggoouutt     Sends the TELNET LOGOUT option to the remote side.  This com-
+                mand is similar to a cclloossee command; however, if the remote
+                side does not support the LOGOUT option, nothing happens.  If,
+                however, the remote side does support the LOGOUT option, this
+                command should cause the remote side to close the TELNET con-
+                nection.  If the remote side also supports the concept of sus-
+                pending a user's session for later reattachment, the logout
+                argument indicates that you should terminate the session imme-
+                diately.
+
+     mmooddee _t_y_p_e  _T_y_p_e is one of several options, depending on the state of the
+                TELNET session.  The remote host is asked for permission to go
+                into the requested mode.  If the remote host is capable of en-
+                tering that mode, the requested mode will be entered.
+
+                cchhaarraacctteerr     Disable the TELNET LINEMODE option, or, if the
+                              remote side does not understand the LINEMODE op-
+                              tion, then enter ``character at a time`` mode.
+
+                lliinnee          Enable the TELNET LINEMODE option, or, if the
+                              remote side does not understand the LINEMODE op-
+                              tion, then attempt to enter ``old-line-by-line``
+                              mode.
+
+                iissiigg (--iissiigg)  Attempt to enable (disable) the TRAPSIG mode of
+                              the LINEMODE option.  This requires that the
+                              LINEMODE option be enabled.
+
+                eeddiitt (--eeddiitt)  Attempt to enable (disable) the EDIT mode of the
+                              LINEMODE option.  This requires that the
+                              LINEMODE option be enabled.
+
+                ssooffttttaabbss (--ssooffttttaabbss)
+                              Attempt to enable (disable) the SOFT_TAB mode of
+                              the LINEMODE option.  This requires that the
+                              LINEMODE option be enabled.
+
+                lliitteecchhoo (--lliitteecchhoo)
+                              Attempt to enable (disable) the LIT_ECHO mode of
+                              the LINEMODE option.  This requires that the
+                              LINEMODE option be enabled.
+
+                ??             Prints out help information for the mmooddee com-
+                              mand.
+
+     ooppeenn _h_o_s_t [--ll _u_s_e_r] [[--]_p_o_r_t]
+                Open a connection to the named host.  If no port number is
+                specified, tteellnneett will attempt to contact a TELNET server at
+                the default port.  The host specification may be either a host
+                name (see hosts(5))  or an Internet address specified in the
+                ``dot notation'' (see inet(3)).  The [--ll] option may be used
+                to specify the user name to be passed to the remote system via
+                the ENVIRON option.  When connecting to a non-standard port,
+                tteellnneett omits any automatic initiation of TELNET options.  When
+                the port number is preceded by a minus sign, the initial op-
+                tion negotiation is done.  After establishing a connection,
+                the file _._t_e_l_n_e_t_r_c in the users home directory is opened.
+                Lines beginning with a # are comment lines.  Blank lines are
+                ignored.  Lines that begin without white space are the start
+                of a machine entry.  The first thing on the line is the name
+                of the machine that is being connected to.  The rest of the
+                line, and successive lines that begin with white space are as-
+                sumed to be tteellnneett commands and are processed as if they had
+                been typed in manually to the tteellnneett command prompt.
+
+     qquuiitt       Close any open TELNET session and exit tteellnneett. An end of file
+                (in command mode) will also close a session and exit.
+
+     sseenndd _a_r_g_u_m_e_n_t_s
+                Sends one or more special character sequences to the remote
+                host.  The following are the arguments which may be specified
+                (more than one argument may be specified at a time):
+
+                aabboorrtt   Sends the TELNET ABORT (Abort processes) sequence.
+
+                aaoo      Sends the TELNET AO (Abort Output) sequence, which
+                        should cause the remote system to flush all output
+                        _f_r_o_m the remote system _t_o the user's terminal.
+
+                aayytt     Sends the TELNET AYT (Are You There) sequence, to
+                        which the remote system may or may not choose to re-
+
+                        spond.
+
+                bbrrkk     Sends the TELNET BRK (Break) sequence, which may have
+                        significance to the remote system.
+
+                eecc      Sends the TELNET EC (Erase Character) sequence, which
+                        should cause the remote system to erase the last char-
+                        acter entered.
+
+                eell      Sends the TELNET EL (Erase Line) sequence, which
+                        should cause the remote system to erase the line cur-
+                        rently being entered.
+
+                eeooff     Sends the TELNET EOF (End Of File) sequence.
+
+                eeoorr     Sends the TELNET EOR (End of Record) sequence.
+
+                eessccaappee  Sends the current tteellnneett escape character (initially
+                        ``^'').
+
+                ggaa      Sends the TELNET GA (Go Ahead) sequence, which likely
+                        has no significance to the remote system.
+
+                ggeettssttaattuuss
+                        If the remote side supports the TELNET STATUS command,
+                        ggeettssttaattuuss will send the subnegotiation to request that
+                        the server send its current option status.
+
+                iipp      Sends the TELNET IP (Interrupt Process) sequence,
+                        which should cause the remote system to abort the cur-
+                        rently running process.
+
+                nnoopp     Sends the TELNET NOP (No OPeration) sequence.
+
+                ssuusspp    Sends the TELNET SUSP (SUSPend process) sequence.
+
+                ssyynncchh   Sends the TELNET SYNCH sequence.  This sequence causes
+                        the remote system to discard all previously typed (but
+                        not yet read) input.  This sequence is sent as TCP ur-
+                        gent data (and may not work if the remote system is a
+                        4.2BSD system -- if it doesn't work, a lower case
+                        ``r'' may be echoed on the terminal).
+
+                ddoo _c_m_d
+
+                ddoonntt _c_m_d
+
+                wwiillll _c_m_d
+
+                wwoonntt _c_m_d
+                        Sends the TELNET DO _c_m_d sequence.  _C_m_d can be either a
+                        decimal number between 0 and 255, or a symbolic name
+                        for a specific TELNET command.  _C_m_d can also be either
+                        hheellpp or ?? to print out help information, including a
+                        list of known symbolic names.
+
+                ??       Prints out help information for the sseenndd command.
+
+     sseett _a_r_g_u_m_e_n_t _v_a_l_u_e
+
+     uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e
+                The sseett command will set any one of a number of tteellnneett vari-
+                ables to a specific value or to TRUE. The special value ooffff
+                turns off the function associated with the variable, this is
+                equivalent to using the uunnsseett command.  The uunnsseett command will
+                disable or set to FALSE any of the specified functions.  The
+                values of variables may be interrogated with the ddiissppllaayy com-
+                mand.  The variables which may be set or unset, but not tog-
+                gled, are listed here.  In addition, any of the variables for
+                the ttooggggllee command may be explicitly set or unset using the
+                sseett and uunnsseett commands.
+
+                aayytt     If TELNET is in localchars mode, or LINEMODE is en-
+                        abled, and the status character is typed, a TELNET AYT
+                        sequence (see sseenndd aayytt preceding) is sent to the re-
+                        mote host.  The initial value for the "Are You There"
+                        character is the terminal's status character.
+
+                eecchhoo    This is the value (initially ``^E'') which, when in
+                        ``line by line'' mode, toggles between doing local
+                        echoing of entered characters (for normal processing),
+                        and suppressing echoing of entered characters (for en-
+                        tering, say, a password).
+
+                eeooff     If tteellnneett is operating in LINEMODE or ``old line by
+                        line'' mode, entering this character as the first
+                        character on a line will cause this character to be
+                        sent to the remote system.  The initial value of the
+                        eof character is taken to be the terminal's eeooff char-
+                        acter.
+
+                eerraassee   If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+                        below), aanndd if tteellnneett is operating in ``character at a
+                        time'' mode, then when this character is typed, a
+                        TELNET EC sequence (see sseenndd eecc above) is sent to the
+                        remote system.  The initial value for the erase char-
+                        acter is taken to be the terminal's eerraassee character.
+
+                eessccaappee  This is the tteellnneett escape character (initially ``^['')
+                        which causes entry into tteellnneett command mode (when con-
+                        nected to a remote system).
+
+                fflluusshhoouuttppuutt
+                        If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+                        below) and the fflluusshhoouuttppuutt character is typed, a
+                        TELNET AO sequence (see sseenndd aaoo above) is sent to the
+                        remote host.  The initial value for the flush charac-
+                        ter is taken to be the terminal's fflluusshh character.
+
+                ffoorrww11
+
+                ffoorrww22   If TELNET is operating in LINEMODE, these are the
+                        characters that, when typed, cause partial lines to be
+                        forwarded to the remote system.  The initial value for
+                        the forwarding characters are taken from the termi-
+                        nal's eol and eol2 characters.
+
+                iinntteerrrruupptt
+                        If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+                        below) and the iinntteerrrruupptt character is typed, a TELNET
+                        IP sequence (see sseenndd iipp above) is sent to the remote
+                        host.  The initial value for the interrupt character
+                        is taken to be the terminal's iinnttrr character.
+
+                kkiillll    If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+                        below), aanndd if tteellnneett is operating in ``character at a
+                        time'' mode, then when this character is typed, a
+                        TELNET EL sequence (see sseenndd eell above) is sent to the
+                        remote system.  The initial value for the kill charac-
+                        ter is taken to be the terminal's kkiillll character.
+
+                llnneexxtt   If tteellnneett is operating in LINEMODE or ``old line by
+                        line`` mode, then this character is taken to be the
+                        terminal's llnneexxtt character.  The initial value for the
+                        lnext character is taken to be the terminal's llnneexxtt
+                        character.
+
+                qquuiitt    If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+                        below) and the qquuiitt character is typed, a TELNET BRK
+                        sequence (see sseenndd bbrrkk above) is sent to the remote
+                        host.  The initial value for the quit character is
+                        taken to be the terminal's qquuiitt character.
+
+                rreepprriinntt
+                        If tteellnneett is operating in LINEMODE or ``old line by
+                        line`` mode, then this character is taken to be the
+                        terminal's rreepprriinntt character.  The initial value for
+                        the reprint character is taken to be the terminal's
+                        rreepprriinntt character.
+
+                rrllooggiinn  This is the rlogin escape character.  If set, the nor-
+                        mal TELNET escape character is ignored unless it is
+                        preceded by this character at the beginning of a line.
+                        This character, at the beginning of a line followed by
+                        a "."  closes the connection; when followed by a ^Z it
+                        suspends the telnet command.  The initial state is to
+                        disable the rlogin escape character.
+
+                ssttaarrtt   If the TELNET TOGGLE-FLOW-CONTROL option has been en-
+                        abled, then this character is taken to be the termi-
+                        nal's ssttaarrtt character.  The initial value for the kill
+                        character is taken to be the terminal's ssttaarrtt charac-
+                        ter.
+
+                ssttoopp    If the TELNET TOGGLE-FLOW-CONTROL option has been en-
+                        abled, then this character is taken to be the termi-
+                        nal's ssttoopp character.  The initial value for the kill
+                        character is taken to be the terminal's ssttoopp charac-
+                        ter.
+
+                ssuusspp    If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en-
+                        abled, and the ssuussppeenndd character is typed, a TELNET
+                        SUSP sequence (see sseenndd ssuusspp above) is sent to the re-
+                        mote host.  The initial value for the suspend charac-
+                        ter is taken to be the terminal's ssuussppeenndd character.
+
+                ttrraacceeffiillee
+                        This is the file to which the output, caused by
+                        nneettddaattaa or ooppttiioonn tracing being TRUE, will be written.
+                        If it is set to ``--'', then tracing information will
+                        be written to standard output (the default).
+
+                wwoorrddeerraassee
+                        If tteellnneett is operating in LINEMODE or ``old line by
+                        line`` mode, then this character is taken to be the
+                        terminal's wwoorrddeerraassee character.  The initial value for
+                        the worderase character is taken to be the terminal's
+                        wwoorrddeerraassee character.
+
+                ??       Displays the legal sseett (uunnsseett) commands.
+
+     ssllcc _s_t_a_t_e  The ssllcc command (Set Local Characters) is used to set or
+                change the state of the the special characters when the TELNET
+                LINEMODE option has been enabled.  Special characters are
+                characters that get mapped to TELNET commands sequences (like
+                iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll).
+
+
+                By default, the local special characters are exported.
+
+                cchheecckk       Verify the current settings for the current spe-
+                            cial characters.  The remote side is requested to
+                            send all the current special character settings,
+                            and if there are any discrepancies with the local
+                            side, the local side will switch to the remote
+                            value.
+
+                eexxppoorrtt      Switch to the local defaults for the special char-
+                            acters.  The local default characters are those of
+                            the local terminal at the time when tteellnneett was
+                            started.
+
+                iimmppoorrtt      Switch to the remote defaults for the special
+                            characters.  The remote default characters are
+                            those of the remote system at the time when the
+                            TELNET connection was established.
+
+                ??           Prints out help information for the ssllcc command.
+
+     ssttaattuuss     Show the current status of tteellnneett. This includes the peer one
+                is connected to, as well as the current mode.
+
+     ttooggggllee _a_r_g_u_m_e_n_t_s _._._.
+                Toggle (between TRUE and FALSE) various flags that control how
+                tteellnneett responds to events.  These flags may be set explicitly
+                to TRUE or FALSE using the sseett and uunnsseett commands listed
+                above.  More than one argument may be specified.  The state of
+                these flags may be interrogated with the ddiissppllaayy command.
+                Valid arguments are:
+
+                aauutthhddeebbuugg     Turns on debugging information for the authenti-
+                              cation code.
+
+                aauuttoofflluusshh     If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then
+                              when the aaoo, or qquuiitt characters are recognized
+                              (and transformed into TELNET sequences; see sseett
+                              above for details), tteellnneett refuses to display
+                              any data on the user's terminal until the remote
+                              system acknowledges (via a TELNET TIMING MARK
+                              option) that it has processed those TELNET se-
+                              quences.  The initial value for this toggle is
+                              TRUE if the terminal user had not done an "stty
+                              noflsh", otherwise FALSE (see stty(1)).
+
+                aauuttooddeeccrryypptt   When the TELNET ENCRYPT option is negotiated, by
+                              default the actual encryption (decryption) of
+                              the data stream does not start automatically.
+                              The autoencrypt (autodecrypt) command states
+                              that encryption of the output (input) stream
+                              should be enabled as soon as possible.
+
+                              Note:  Because of export controls, the TELNET
+                              ENCRYPT option is not supported outside the
+                              United States and Canada.
+
+                aauuttoollooggiinn     If the remote side supports the TELNET
+                              AUTHENTICATION option TELNET attempts to use it
+                              to perform automatic authentication.  If the
+                              AUTHENTICATION option is not supported, the us-
+                              er's login name are propagated through the
+                              TELNET ENVIRON option.  This command is the same
+                              as specifying _a option on the ooppeenn command.
+
+                aauuttoossyynncchh     If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then
+                              when either the iinnttrr or qquuiitt characters is typed
+                              (see sseett above for descriptions of the iinnttrr and
+                              qquuiitt characters), the resulting TELNET sequence
+                              sent is followed by the TELNET SYNCH sequence.
+                              This procedure sshhoouulldd cause the remote system to
+                              begin throwing away all previously typed input
+                              until both of the TELNET sequences have been
+                              read and acted upon.  The initial value of this
+                              toggle is FALSE.
+
+                bbiinnaarryy        Enable or disable the TELNET BINARY option on
+                              both input and output.
+
+                iinnbbiinnaarryy      Enable or disable the TELNET BINARY option on
+                              input.
+
+                oouuttbbiinnaarryy     Enable or disable the TELNET BINARY option on
+                              output.
+
+                ccrrllff          If this is TRUE, then carriage returns will be
+                              sent as <CR><LF>. If this is FALSE, then car-
+                              riage returns will be send as <CR><NUL>. The
+                              initial value for this toggle is FALSE.
+
+                ccrrmmoodd         Toggle carriage return mode.  When this mode is
+                              enabled, most carriage return characters re-
+                              ceived from the remote host will be mapped into
+                              a carriage return followed by a line feed.  This
+                              mode does not affect those characters typed by
+                              the user, only those received from the remote
+                              host.  This mode is not very useful unless the
+                              remote host only sends carriage return, but nev-
+                              er line feed.  The initial value for this toggle
+                              is FALSE.
+
+                ddeebbuugg         Toggles socket level debugging (useful only to
+                              the ssuuppeerr uusseerr). The initial value for this tog-
+                              gle is FALSE.
+
+                eennccddeebbuugg      Turns on debugging information for the encryp-
+                              tion code.
+
+                llooccaallcchhaarrss    If this is TRUE, then the fflluusshh, iinntteerrrruupptt,
+                              qquuiitt, eerraassee, and kkiillll characters (see sseett above)
+                              are recognized locally, and transformed into
+                              (hopefully) appropriate TELNET control sequences
+                              (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd
+                              above).  The initial value for this toggle is
+                              TRUE in ``old line by line'' mode, and FALSE in
+                              ``character at a time'' mode.  When the LINEMODE
+                              option is enabled, the value of llooccaallcchhaarrss is
+                              ignored, and assumed to always be TRUE. If
+                              LINEMODE has ever been enabled, then qquuiitt is
+                              sent as aabboorrtt, and eeooff and ssuussppeenndd are sent as
+                              eeooff and ssuusspp, see sseenndd above).
+
+                nneettddaattaa       Toggles the display of all network data (in hex-
+                              adecimal format).  The initial value for this
+                              toggle is FALSE.
+
+                ooppttiioonnss       Toggles the display of some internal tteellnneett pro-
+                              tocol processing (having to do with TELNET op-
+                              tions).  The initial value for this toggle is
+                              FALSE.
+
+                pprreettttyydduummpp    When the nneettddaattaa toggle is enabled, if
+                              pprreettttyydduummpp is enabled the output from the
+                              nneettddaattaa command will be formatted in a more user
+                              readable format.  Spaces are put between each
+                              character in the output, and the beginning of
+                              any TELNET escape sequence is preceded by a '*'
+                              to aid in locating them.
+
+                sskkiipprrcc        When the skiprc toggle is TRUE, TELNET skips the
+                              reading of the _._t_e_l_n_e_t_r_c file in the users home
+                              directory when connections are opened.  The ini-
+                              tial value for this toggle is FALSE.
+
+                tteerrmmddaattaa      Toggles the display of all terminal data (in
+                              hexadecimal format).  The initial value for this
+                              toggle is FALSE.
+
+                vveerrbboossee__eennccrryypptt
+                              When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET
+                              prints out a message each time encryption is en-
+                              abled or disabled.  The initial value for this
+                              toggle is FALSE. Note:  Because of export con-
+                              trols, data encryption is not supported outside
+                              of the United States and Canada.
+
+                ??             Displays the legal ttooggggllee commands.
+
+     zz          Suspend tteellnneett. This command only works when the user is using
+                the csh(1).
+
+     !! [_c_o_m_m_a_n_d]
+                Execute a single command in a subshell on the local system.
+                If ccoommmmaanndd is omitted, then an interactive subshell is in-
+                voked.
+
+     ?? [_c_o_m_m_a_n_d]
+                Get help.  With no arguments, tteellnneett prints a help summary.
+                If a command is specified, tteellnneett will print the help informa-
+                tion for just that command.
+
+EENNVVIIRROONNMMEENNTT
+     TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari-
+     ables.  Other environment variables may be propagated to the other side
+     via the TELNET ENVIRON option.
+
+FFIILLEESS
+     ~/.telnetrc  user customized telnet startup values
+
+HHIISSTTOORRYY
+     The TTeellnneett command appeared in 4.2BSD.
+
+NNOOTTEESS
+     On some remote systems, echo has to be turned off manually when in ``old
+     line by line'' mode.
+
+     In ``old line by line'' mode or LINEMODE the terminal's eeooff character is
+     only recognized (and sent to the remote system) when it is the first
+     character on a line.
+
+4.2 Berkeley Distribution        June 1, 1994                               11
diff --git a/crypto/heimdal/appl/telnet/telnet/terminal.c b/crypto/heimdal/appl/telnet/telnet/terminal.c
index 4404384..44e1611 100644
--- a/crypto/heimdal/appl/telnet/telnet/terminal.c
+++ b/crypto/heimdal/appl/telnet/telnet/terminal.c
@@ -33,7 +33,7 @@
 
 #include "telnet_locl.h"
 
-RCSID("$Id: terminal.c,v 1.10 1997/12/15 19:53:06 joda Exp $");
+RCSID("$Id: terminal.c,v 1.11 2001/03/06 20:10:14 assar Exp $");
 
 Ring		ttyoring, ttyiring;
 unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
@@ -151,11 +151,7 @@ ttyflush(int drop)
 int
 getconnmode(void)
 {
-    extern int linemode;
     int mode = 0;
-#ifdef	KLUDGELINEMODE
-    extern int kludgelinemode;
-#endif
 
     if (my_want_state_is_dont(TELOPT_ECHO))
 	mode |= MODE_ECHO;
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.am b/crypto/heimdal/appl/telnet/telnetd/Makefile.am
index d8497c3..c375a05 100644
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.am
+++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
+# $Id: Makefile.am,v 1.15 2001/02/07 06:12:02 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -20,4 +20,5 @@ LDADD = \
 	$(LIB_des) \
 	$(LIB_tgetent) \
 	$(LIB_logwtmp) \
+	$(LIB_kdfs) \
 	$(LIB_roken)
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in
index 07ac35b..c62a8ba 100644
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in
+++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
+# $Id: Makefile.am,v 1.15 2001/02/07 06:12:02 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = 
 
 libexec_PROGRAMS = telnetd
@@ -202,6 +205,7 @@ LDADD = \
 	$(LIB_des) \
 	$(LIB_tgetent) \
 	$(LIB_logwtmp) \
+	$(LIB_kdfs) \
 	$(LIB_roken)
 
 subdir = appl/telnet/telnetd
@@ -224,10 +228,16 @@ termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) utility.$(OBJEXT) \
 global.$(OBJEXT) authenc.$(OBJEXT)
 telnetd_OBJECTS =  $(am_telnetd_OBJECTS)
 telnetd_LDADD = $(LDADD)
-@KRB5_FALSE@telnetd_DEPENDENCIES =  ../libtelnet/libtelnet.a
-@KRB5_TRUE@telnetd_DEPENDENCIES =  ../libtelnet/libtelnet.a \
-@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_FALSE@@KRB5_FALSE@telnetd_DEPENDENCIES =  ../libtelnet/libtelnet.a
+@DCE_FALSE@@KRB5_TRUE@telnetd_DEPENDENCIES =  ../libtelnet/libtelnet.a \
+@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@DCE_TRUE@@KRB5_FALSE@telnetd_DEPENDENCIES =  ../libtelnet/libtelnet.a \
+@DCE_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la
+@DCE_TRUE@@KRB5_TRUE@telnetd_DEPENDENCIES =  ../libtelnet/libtelnet.a \
+@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
+@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
 telnetd_LDFLAGS = 
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -249,7 +259,7 @@ OBJECTS = $(am_telnetd_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/telnetd/Makefile
 
@@ -382,6 +392,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/telnet/telnetd/ext.h b/crypto/heimdal/appl/telnet/telnetd/ext.h
index 4c122f8..1cba5b6 100644
--- a/crypto/heimdal/appl/telnet/telnetd/ext.h
+++ b/crypto/heimdal/appl/telnet/telnetd/ext.h
@@ -33,7 +33,7 @@
  *	@(#)ext.h	8.2 (Berkeley) 12/15/93
  */
 
-/* $Id: ext.h,v 1.20 2000/11/15 23:03:38 assar Exp $ */
+/* $Id: ext.h,v 1.22 2001/04/24 23:12:11 assar Exp $ */
 
 #ifndef __EXT_H__
 #define __EXT_H__
@@ -116,15 +116,15 @@ void tty_tspeed (int val);
 void tty_rspeed (int val);
 void getptyslave (void);
 int cleanopen (char *line);
-void startslave (char *host, int autologin, char *autoname);
+void startslave (const char *host, const char *, int autologin, char *autoname);
 void init_env (void);
-void start_login (char *host, int autologin, char *name);
+void start_login (const char *host, int autologin, char *name);
 void cleanup (int sig);
 int main (int argc, char **argv);
 int getterminaltype (char *name, size_t);
 void _gettermname (void);
 int terminaltypeok (char *s);
-void my_telnet (int f, int p, char*, int, char*);
+void my_telnet (int f, int p, const char*, const char *, int, char*);
 void interrupt (void);
 void sendbrk (void);
 void sendsusp (void);
@@ -141,6 +141,7 @@ void netflush (void);
 void writenet (unsigned char *ptr, int len);
 void fatal (int f, char *msg);
 void fatalperror (int f, const char *msg);
+void fatalperror_errno (int f, const char *msg, int error);
 void edithost (char *pat, char *host);
 void putstr (char *s);
 void putchr (int cc);
diff --git a/crypto/heimdal/appl/telnet/telnetd/sys_term.c b/crypto/heimdal/appl/telnet/telnetd/sys_term.c
index 7c529af..067f8da 100644
--- a/crypto/heimdal/appl/telnet/telnetd/sys_term.c
+++ b/crypto/heimdal/appl/telnet/telnetd/sys_term.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: sys_term.c,v 1.97 2000/12/08 23:32:06 assar Exp $");
+RCSID("$Id: sys_term.c,v 1.100 2001/04/24 23:11:43 assar Exp $");
 
 #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
 # define PARENT_DOES_UTMP
@@ -1110,7 +1110,8 @@ make_id (char *tty)
 
 /* ARGSUSED */
 void
-startslave(char *host, int autologin, char *autoname)
+startslave(const char *host, const char *utmp_host,
+	   int autologin, char *autoname)
 {
     int i;
 
@@ -1158,7 +1159,7 @@ startslave(char *host, int autologin, char *autoname)
 	wtmp.ut_type = LOGIN_PROCESS;
 	wtmp.ut_pid = pid;
 	strncpy(wtmp.ut_user,  "LOGIN", sizeof(wtmp.ut_user));
-	strncpy(wtmp.ut_host,  host, sizeof(wtmp.ut_host));
+	strncpy(wtmp.ut_host,  utmp_host, sizeof(wtmp.ut_host));
 	strncpy(wtmp.ut_line,  clean_ttyname(line), sizeof(wtmp.ut_line));
 #ifdef HAVE_STRUCT_UTMP_UT_ID
 	strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id));
@@ -1192,7 +1193,6 @@ extern char **environ;
 void
 init_env(void)
 {
-    extern char *getenv(const char *);
     char **envp;
 
     envp = envinit;
@@ -1259,10 +1259,10 @@ scrub_env(void)
 struct arg_val {
     int size;
     int argc;
-    char **argv;
+    const char **argv;
 };
 
-static void addarg(struct arg_val*, char*);
+static void addarg(struct arg_val*, const char*);
 
 /*
  * start_login(host)
@@ -1272,10 +1272,11 @@ static void addarg(struct arg_val*, char*);
  */
 
 void
-start_login(char *host, int autologin, char *name)
+start_login(const char *host, int autologin, char *name)
 {
     struct arg_val argv;
     char *user;
+    int save_errno;
 
 #ifdef HAVE_UTMPX_H
     int pid = getpid();
@@ -1316,7 +1317,7 @@ start_login(char *host, int autologin, char *name)
     /* init argv structure */ 
     argv.size=0;
     argv.argc=0;
-    argv.argv=(char**)malloc(0); /*so we can call realloc later */
+    argv.argv=malloc(0); /*so we can call realloc later */
     addarg(&argv, "login");
     addarg(&argv, "-h");
     addarg(&argv, host);
@@ -1371,14 +1372,14 @@ start_login(char *host, int autologin, char *name)
     sleep(1);
 
     execv(new_login, argv.argv);
-
+    save_errno = errno;
     syslog(LOG_ERR, "%s: %m\n", new_login);
-    fatalperror(net, new_login);
+    fatalperror_errno(net, new_login, save_errno);
     /*NOTREACHED*/
 }
 
 static void
-addarg(struct arg_val *argv, char *val)
+addarg(struct arg_val *argv, const char *val)
 {
     if(argv->size <= argv->argc+1) {
 	argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10));
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.c b/crypto/heimdal/appl/telnet/telnetd/telnetd.c
index b788574..af63ce1 100644
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.c
+++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.c
@@ -33,7 +33,7 @@
 
 #include "telnetd.h"
 
-RCSID("$Id: telnetd.c,v 1.63 2000/10/08 13:32:28 assar Exp $");
+RCSID("$Id: telnetd.c,v 1.64 2001/02/08 16:06:27 assar Exp $");
 
 #ifdef _SC_CRAY_SECURE_SYS
 #include <sys/sysv.h>
@@ -289,9 +289,14 @@ main(int argc, char **argv)
 #endif
 	    break;
 
-	case 'u':
-	    utmp_len = atoi(optarg);
+	case 'u': {
+	    char *eptr;
+
+	    utmp_len = strtol(optarg, &eptr, 0);
+	    if (optarg == eptr)
+		fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
 	    break;
+	}
 
 	case 'U':
 	    registerd_host_only = 1;
@@ -490,7 +495,6 @@ int
 getterminaltype(char *name, size_t name_sz)
 {
     int retval = -1;
-    void _gettermname();
 
     settimer(baseline);
 #ifdef AUTHENTICATION
@@ -629,7 +633,7 @@ getterminaltype(char *name, size_t name_sz)
 }  /* end of getterminaltype */
 
 void
-_gettermname()
+_gettermname(void)
 {
     /*
      * If the client turned off the option,
@@ -653,9 +657,9 @@ terminaltypeok(char *s)
 }
 
 
-char *hostname;
 char host_name[MaxHostNameLen];
 char remote_host_name[MaxHostNameLen];
+char remote_utmp_name[MaxHostNameLen];
 
 /*
  * Get a pty, scan input lines.
@@ -663,12 +667,10 @@ char remote_host_name[MaxHostNameLen];
 static void
 doit(struct sockaddr *who, int who_len)
 {
-    char *host = NULL;
     int level;
     int ptynum;
     char user_name[256];
     int error;
-    char host_addr[256];
 
     /*
      * Find an available pty to use.
@@ -693,43 +695,42 @@ doit(struct sockaddr *who, int who_len)
     }
 #endif	/* _SC_CRAY_SECURE_SYS */
 
-    error = getnameinfo_verified (who, who_len, host_addr, sizeof(host_addr),
+    error = getnameinfo_verified (who, who_len,
+				  remote_host_name,
+				  sizeof(remote_host_name),
 				  NULL, 0, 
 				  registerd_host_only ? NI_NAMEREQD : 0);
     if (error)
 	fatal(net, "Couldn't resolve your address into a host name.\r\n\
 Please contact your net administrator");
 
-    /*
-     * We must make a copy because Kerberos is probably going
-     * to also do a gethost* and overwrite the static data...
-     */
-    strlcpy(remote_host_name, host_addr, sizeof(remote_host_name));
-    host = remote_host_name;
-
-    /* XXX - should be k_gethostname? */
     gethostname(host_name, sizeof (host_name));
-    hostname = host_name;
+
+    strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name));
 
     /* Only trim if too long (and possible) */
-    if (strlen(remote_host_name) > abs(utmp_len)) {
+    if (strlen(remote_utmp_name) > utmp_len) {
 	char *domain = strchr(host_name, '.');
-	char *p = strchr(remote_host_name, '.');
-	if (domain && p && (strcmp(p, domain) == 0))
-	    *p = 0; /* remove domain part */
+	char *p = strchr(remote_utmp_name, '.');
+	if (domain != NULL && p != NULL && (strcmp(p, domain) == 0))
+	    *p = '\0'; /* remove domain part */
     }
 
-
     /*
      * If hostname still doesn't fit utmp, use ipaddr.
      */
-    if (strlen(remote_host_name) > abs(utmp_len))
-	strlcpy(remote_host_name,
-		host_addr,
-		sizeof(remote_host_name));
+    if (strlen(remote_utmp_name) > utmp_len) {
+	error = getnameinfo (who, who_len,
+			     remote_utmp_name,
+			     sizeof(remote_utmp_name),
+			     NULL, 0,
+			     NI_NUMERICHOST);
+	if (error)
+	    fatal(net, "Couldn't get numeric address\r\n");
+    }
 
 #ifdef AUTHENTICATION
-    auth_encrypt_init(hostname, host, "TELNETD", 1);
+    auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1);
 #endif
 
     init_env();
@@ -750,7 +751,8 @@ Please contact your net administrator");
 #endif	/* _SC_CRAY_SECURE_SYS */
 
     /* begin server processing */
-    my_telnet(net, ourpty, host, level, user_name);
+    my_telnet(net, ourpty, remote_host_name, remote_utmp_name,
+	      level, user_name);
     /*NOTREACHED*/
 }  /* end of doit */
 
@@ -777,7 +779,8 @@ show_issue(void)
  * hand data to telnet receiver finite state machine.
  */
 void
-my_telnet(int f, int p, char *host, int level, char *autoname)
+my_telnet(int f, int p, const char *host, const char *utmp_host,
+	  int level, char *autoname)
 {
     int on = 1;
     char *he;
@@ -960,7 +963,7 @@ my_telnet(int f, int p, char *host, int level, char *autoname)
            indefinitely */
 	if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
 	    startslave_called = 1;
-	    startslave(host, level, autoname);
+	    startslave(host, utmp_host, level, autoname);
 	}
 
 	if (ncc < 0 && pcc < 0)
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8
new file mode 100644
index 0000000..988bf31
--- /dev/null
+++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8
@@ -0,0 +1,297 @@
+
+TELNETD(8)               UNIX System Manager's Manual               TELNETD(8)
+
+NNAAMMEE
+     tteellnneettdd - DARPA TELNET protocol server
+
+SSYYNNOOPPSSIISS
+     tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e]
+             [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     The tteellnneettdd command is a server which supports the DARPA standard TELNET
+     virtual terminal protocol.  TTeellnneettdd is normally invoked by the internet
+     server (see inetd(8))  for requests to connect to the TELNET port as in-
+     dicated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)).  The --ddeebbuugg option
+     may be used to start up tteellnneettdd manually, instead of through inetd(8).
+     If started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alter-
+     nate TCP port number.
+
+     The tteellnneettdd command accepts the following options:
+
+     --aa _a_u_t_h_m_o_d_e  This option may be used for specifying what mode should be
+                  used for authentication.  Note that this option is only use-
+                  ful if tteellnneettdd has been compiled with support for the
+                  AUTHENTICATION option.  There are several valid values for
+                  _a_u_t_h_m_o_d_e:
+
+                  debug  Turns on authentication debugging code.
+
+                  user   Only allow connections when the remote user can pro-
+                         vide valid authentication information to identify the
+                         remote user, and is allowed access to the specified
+                         account without providing a password.
+
+                  valid  Only allow connections when the remote user can pro-
+                         vide valid authentication information to identify the
+                         remote user.  The login(1) command will provide any
+                         additional user verification needed if the remote us-
+                         er is not allowed automatic access to the specified
+                         account.
+
+                  other  Only allow connections that supply some authentica-
+                         tion information.  This option is currently not sup-
+                         ported by any of the existing authentication mecha-
+                         nisms, and is thus the same as specifying --aa vvaalliidd.
+
+                  otp    Only allow authenticated connections (as with --aa
+                         uusseerr) and also logins with one-time passwords (OTPs).
+                         This option will call login with an option so that
+                         only OTPs are accepted.  The user can of course still
+                         type secret information at the prompt.
+
+                  none   This is the default state.  Authentication informa-
+                         tion is not required.  If no or insufficient authen-
+                         tication information is provided, then the login(1)
+                         program will provide the necessary user verification.
+
+                  off    This disables the authentication code.  All user ver-
+                         ification will happen through the login(1) program.
+
+     --BB           Ignored.
+
+     --DD _d_e_b_u_g_m_o_d_e
+                  This option may be used for debugging purposes.  This allows
+                  tteellnneettdd to print out debugging information to the connec-
+                  tion, allowing the user to see what tteellnneettdd is doing.  There
+                  are several possible values for _d_e_b_u_g_m_o_d_e:
+
+                  ooppttiioonnss   Prints information about the negotiation of TELNET
+                            options.
+
+                  rreeppoorrtt    Prints the ooppttiioonnss information, plus some addi-
+                            tional information about what processing is going
+                            on.
+
+                  nneettddaattaa   Displays the data stream received by tteellnneettdd.
+
+                  ppttyyddaattaa   Displays data written to the pty.
+
+                  eexxeerrcciissee  Has not been implemented yet.
+
+     --hh           Disables the printing of host-specific information before
+                  login has been completed.
+
+     --kk
+
+     --ll           Ignored.
+
+     --nn           Disable TCP keep-alives.  Normally tteellnneettdd enables the TCP
+                  keep-alive mechanism to probe connections that have been
+                  idle for some period of time to determine if the client is
+                  still there, so that idle connections from machines that
+                  have crashed or can no longer be reached may be cleaned up.
+
+     --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y
+                  This option is only enabled when tteellnneettdd is compiled for
+                  UNICOS. It specifies an inclusive range of pseudo-terminal
+                  devices to use.  If the system has sysconf variable
+                  _SC_CRAY_NPTY configured, the default pty search range is 0
+                  to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128.
+                  Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing
+                  either end of the search range.  If _l_o_w_p_t_y is omitted, the -
+                  character is still required so that tteellnneettdd can differenti-
+                  ate _h_i_g_h_p_t_y from _l_o_w_p_t_y.
+
+     --SS _t_o_s
+
+     --uu _l_e_n       This option is used to specify the size of the field in the
+                  utmp structure that holds the remote host name.  If the re-
+                  solved host name is longer than _l_e_n, the dotted decimal val-
+                  ue will be used instead.  This allows hosts with very long
+                  host names that overflow this field to still be uniquely
+                  identified.  Specifying --uu00 indicates that only dotted deci-
+                  mal addresses should be put into the _u_t_m_p file.
+
+     --UU           This option causes tteellnneettdd to refuse connections from ad-
+                  dresses that cannot be mapped back into a symbolic name via
+                  the gethostbyaddr(3) routine.
+
+     --XX _a_u_t_h_t_y_p_e  This option is only valid if tteellnneettdd has been built with
+                  support for the authentication option.  It disables the use
+                  of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily
+                  disable a specific authentication type without having to re-
+                  compile tteellnneettdd.
+
+     --LL --ppaatthhnnaammee
+                  Specify pathname to an alternative login program.
+
+     TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4))  for
+     a client, then creating a login process which has the slave side of the
+     pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the mas-
+     ter side of the pseudo-terminal, implementing the TELNET protocol and
+     passing characters between the remote client and the login process.
+
+     When a TELNET session is started up, tteellnneettdd sends TELNET options to the
+     client side indicating a willingness to do the following TELNET options,
+     which are described in more detail below:
+
+           DO AUTHENTICATION
+           WILL ENCRYPT
+           DO TERMINAL TYPE
+           DO TSPEED
+           DO XDISPLOC
+           DO NEW-ENVIRON
+           DO ENVIRON
+           WILL SUPPRESS GO AHEAD
+           DO ECHO
+           DO LINEMODE
+           DO NAWS
+           WILL STATUS
+           DO LFLOW
+           DO TIMING-MARK
+
+     The pseudo-terminal allocated to the client is configured to operate in
+     ``cooked'' mode, and with XTABS and CRMOD enabled (see tty(4)).
+
+     TTeellnneettdd has support for enabling locally the following TELNET options:
+
+     WILL ECHO          When the LINEMODE option is enabled, a WILL ECHO or
+                        WONT ECHO will be sent to the client to indicate the
+                        current state of terminal echoing.  When terminal echo
+                        is not desired, a WILL ECHO is sent to indicate that
+                        telnetd will take care of echoing any data that needs
+                        to be echoed to the terminal, and then nothing is
+                        echoed.  When terminal echo is desired, a WONT ECHO is
+                        sent to indicate that telnetd will not be doing any
+                        terminal echoing, so the client should do any terminal
+                        echoing that is needed.
+
+     WILL BINARY        Indicates that the client is willing to send a 8 bits
+                        of data, rather than the normal 7 bits of the Network
+                        Virtual Terminal.
+
+     WILL SGA           Indicates that it will not be sending IAC GA, go
+                        ahead, commands.
+
+     WILL STATUS        Indicates a willingness to send the client, upon re-
+                        quest, of the current status of all TELNET options.
+
+     WILL TIMING-MARK   Whenever a DO TIMING-MARK command is received, it is
+                        always responded to with a WILL TIMING-MARK
+
+     WILL LOGOUT        When a DO LOGOUT is received, a WILL LOGOUT is sent in
+                        response, and the TELNET session is shut down.
+
+     WILL ENCRYPT       Only sent if tteellnneettdd is compiled with support for data
+                        encryption, and indicates a willingness to decrypt the
+                        data stream.
+
+     TTeellnneettdd has support for enabling remotely the following TELNET options:
+
+     DO BINARY          Sent to indicate that telnetd is willing to receive an
+                        8 bit data stream.
+
+     DO LFLOW           Requests that the client handle flow control charac-
+
+
+                        ters remotely.
+
+     DO ECHO            This is not really supported, but is sent to identify
+                        a 4.2BSD telnet(1) client, which will improperly re-
+                        spond with WILL ECHO. If a WILL ECHO is received, a
+                        DONT ECHO will be sent in response.
+
+     DO TERMINAL-TYPE   Indicates a desire to be able to request the name of
+                        the type of terminal that is attached to the client
+                        side of the connection.
+
+     DO SGA             Indicates that it does not need to receive IAC GA, the
+                        go ahead command.
+
+     DO NAWS            Requests that the client inform the server when the
+                        window (display) size changes.
+
+     DO TERMINAL-SPEED  Indicates a desire to be able to request information
+                        about the speed of the serial line to which the client
+                        is attached.
+
+     DO XDISPLOC        Indicates a desire to be able to request the name of
+                        the X windows display that is associated with the tel-
+                        net client.
+
+     DO NEW-ENVIRON     Indicates a desire to be able to request environment
+                        variable information, as described in RFC 1572.
+
+     DO ENVIRON         Indicates a desire to be able to request environment
+                        variable information, as described in RFC 1408.
+
+     DO LINEMODE        Only sent if tteellnneettdd is compiled with support for
+                        linemode, and requests that the client do line by line
+                        processing.
+
+     DO TIMING-MARK     Only sent if tteellnneettdd is compiled with support for both
+                        linemode and kludge linemode, and the client responded
+                        with WONT LINEMODE. If the client responds with WILL
+                        TM, the it is assumed that the client supports kludge
+                        linemode.  Note that the [--kk] option can be used to
+                        disable this.
+
+     DO AUTHENTICATION  Only sent if tteellnneettdd is compiled with support for au-
+                        thentication, and indicates a willingness to receive
+                        authentication information for automatic login.
+
+     DO ENCRYPT         Only sent if tteellnneettdd is compiled with support for data
+                        encryption, and indicates a willingness to decrypt the
+                        data stream.
+
+EENNVVIIRROONNMMEENNTT
+FFIILLEESS
+     /etc/services
+     /etc/inittab   (UNICOS systems only)
+     /etc/iptos     (if supported)
+
+SSEEEE AALLSSOO
+     telnet(1),  login(1)
+
+SSTTAANNDDAARRDDSS
+     RRFFCC--885544   TELNET PROTOCOL SPECIFICATION
+     RRFFCC--885555   TELNET OPTION SPECIFICATIONS
+     RRFFCC--885566   TELNET BINARY TRANSMISSION
+     RRFFCC--885577   TELNET ECHO OPTION
+
+
+     RRFFCC--885588   TELNET SUPPRESS GO AHEAD OPTION
+     RRFFCC--885599   TELNET STATUS OPTION
+     RRFFCC--886600   TELNET TIMING MARK OPTION
+     RRFFCC--886611   TELNET EXTENDED OPTIONS - LIST OPTION
+     RRFFCC--888855   TELNET END OF RECORD OPTION
+     RRFFCC--11007733  Telnet Window Size Option
+     RRFFCC--11007799  Telnet Terminal Speed Option
+     RRFFCC--11009911  Telnet Terminal-Type Option
+     RRFFCC--11009966  Telnet X Display Location Option
+     RRFFCC--11112233  Requirements for Internet Hosts -- Application and Support
+     RRFFCC--11118844  Telnet Linemode Option
+     RRFFCC--11337722  Telnet Remote Flow Control Option
+     RRFFCC--11441166  Telnet Authentication Option
+     RRFFCC--11441111  Telnet Authentication: Kerberos Version 4
+     RRFFCC--11441122  Telnet Authentication: SPX
+     RRFFCC--11557711  Telnet Environment Option Interoperability Issues
+     RRFFCC--11557722  Telnet Environment Option
+
+BBUUGGSS
+     Some TELNET commands are only partially implemented.
+
+     Because of bugs in the original 4.2 BSD telnet(1),  tteellnneettdd performs some
+     dubious protocol exchanges to try to discover if the remote client is, in
+     fact, a 4.2 BSD telnet(1).
+
+     Binary mode has no common interpretation except between similar operating
+     systems (Unix in this case).
+
+     The terminal type name received from the remote client is converted to
+     lower case.
+
+     TTeellnneettdd never sends TELNET IAC GA (go ahead) commands.
+
+4.2 Berkeley Distribution        June 1, 1994                                5
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.h b/crypto/heimdal/appl/telnet/telnetd/telnetd.h
index fdda3d7..6504607 100644
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.h
+++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.h
@@ -166,7 +166,6 @@ struct hostent  *gethostbyname(const char *);
 #endif
 
 #ifdef KRB4
-#include <des.h>
 #include <krb.h>
 #endif
 
diff --git a/crypto/heimdal/appl/telnet/telnetd/utility.c b/crypto/heimdal/appl/telnet/telnetd/utility.c
index a2e542d..496152c 100644
--- a/crypto/heimdal/appl/telnet/telnetd/utility.c
+++ b/crypto/heimdal/appl/telnet/telnetd/utility.c
@@ -34,7 +34,7 @@
 #define PRINTOPTIONS
 #include "telnetd.h"
 
-RCSID("$Id: utility.c,v 1.23 2000/10/08 13:34:27 assar Exp $");
+RCSID("$Id: utility.c,v 1.25 2001/05/17 00:34:42 assar Exp $");
 
 /*
  * utility functions performing io related tasks
@@ -363,14 +363,20 @@ void fatal(int f, char *msg)
 }
 
 void
-fatalperror(int f, const char *msg)
+fatalperror_errno(int f, const char *msg, int error)
 {
     char buf[BUFSIZ];
     
-    snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
+    snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(error));
     fatal(f, buf);
 }
 
+void
+fatalperror(int f, const char *msg)
+{
+    fatalperror_errno(f, msg, errno);
+}
+
 char editedhost[32];
 
 void edithost(char *pat, char *host)
diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in
index b95c37a..ff1332d 100644
--- a/crypto/heimdal/appl/test/Makefile.in
+++ b/crypto/heimdal/appl/test/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
@@ -309,7 +312,7 @@ OBJECTS = $(am_gssapi_client_OBJECTS) $(am_gssapi_server_OBJECTS) $(am_nt_gss_cl
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/test/Makefile
 
@@ -410,6 +413,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/appl/xnlock/ChangeLog b/crypto/heimdal/appl/xnlock/ChangeLog
new file mode 100644
index 0000000..822b4f7
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/ChangeLog
@@ -0,0 +1,64 @@
+2001-03-15  Johan Danielsson  <joda@pdc.kth.se>
+
+	* xnlock.c: don't explicitly set the krb4 ticket file
+
+2000-12-31  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c (main): handle krb5_init_context failure consistently
+
+2000-04-09  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c (verfiy_krb5): get the v4-realm from the v5-ticket and
+	not from the default one.
+	* xnlock.c (verify_krb5): add obtainting of v4 tickets.
+
+1999-11-17  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: only build when we have X11.  From: Simon Josefsson
+ 	<jas@pdc.kth.se>
+
+Thu Mar 18 11:21:44 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Wed Mar 17 23:35:51 1999  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c (verify): use KRB_VERIFY_SECURE instead of 1
+
+Tue Mar 16 22:29:14 1999  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c: krb_verify_user_multiple -> krb_verify_user
+
+Thu Mar 11 14:59:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* xnlock.c: add some if-braces to keep gcc happy
+
+Sun Nov 22 10:36:45 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Wed Jul  8 01:37:37 1998  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c (main): create place-holder ticket file with
+ 	open(O_EXCL | O_CREAT) instead of creat
+
+Sat Mar 28 12:53:46 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (install, uninstall): transform the man page
+
+Tue Mar 24 05:20:34 1998  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c: remove redundant preprocessor stuff
+
+Sat Mar 21 14:36:21 1998  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c (init_words): recognize both `-p' and `-prog'
+
+Sat Feb  7 10:08:07 1998  Assar Westerlund  <assar@sics.se>
+
+	* xnlock.c: Don't use REALM_SZ + 1, just REALM_SZ
+
+Sat Nov 29 04:58:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* xnlock.c: Make it build w/o krb4.
+
diff --git a/crypto/heimdal/appl/xnlock/Makefile.am b/crypto/heimdal/appl/xnlock/Makefile.am
new file mode 100644
index 0000000..a8e6440
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/Makefile.am
@@ -0,0 +1,30 @@
+# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+if HAVE_X
+
+bin_PROGRAMS = xnlock
+
+else
+
+bin_PROGRAMS =
+
+endif
+
+man_MANS = xnlock.1
+
+EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \
+	nose.down nose.front nose.left.front nose.right.front
+
+LDADD = \
+	$(LIB_kafs) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS)
diff --git a/crypto/heimdal/appl/xnlock/Makefile.in b/crypto/heimdal/appl/xnlock/Makefile.in
new file mode 100644
index 0000000..a023f23
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/Makefile.in
@@ -0,0 +1,633 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
+
+@HAVE_X_TRUE@bin_PROGRAMS = @HAVE_X_TRUE@xnlock
+@HAVE_X_FALSE@bin_PROGRAMS = 
+
+man_MANS = xnlock.1
+
+EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \
+	nose.down nose.front nose.left.front nose.right.front
+
+
+LDADD = \
+	$(LIB_kafs) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS)
+
+subdir = appl/xnlock
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+@HAVE_X_FALSE@bin_PROGRAMS = 
+PROGRAMS =  $(bin_PROGRAMS)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+xnlock_SOURCES = xnlock.c
+xnlock_OBJECTS =  xnlock.$(OBJEXT)
+xnlock_LDADD = $(LDADD)
+@KRB4_FALSE@@KRB5_FALSE@xnlock_DEPENDENCIES = 
+@KRB4_FALSE@@KRB5_TRUE@xnlock_DEPENDENCIES =  \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+@KRB4_TRUE@@KRB5_FALSE@xnlock_DEPENDENCIES =  \
+@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
+@KRB4_TRUE@@KRB5_TRUE@xnlock_DEPENDENCIES =  \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
+xnlock_LDFLAGS = 
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  xnlock.c
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+depcomp = 
+DIST_COMMON =  README ChangeLog Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = xnlock.c
+OBJECTS = xnlock.$(OBJEXT)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/xnlock/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-binPROGRAMS:
+
+clean-binPROGRAMS:
+	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+distclean-binPROGRAMS:
+
+maintainer-clean-binPROGRAMS:
+
+install-binPROGRAMS: $(bin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
+	  else :; fi; \
+	done
+
+uninstall-binPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+	  rm -f $(DESTDIR)$(bindir)/$$f; \
+	done
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+xnlock$(EXEEXT): $(xnlock_OBJECTS) $(xnlock_DEPENDENCIES)
+	@rm -f xnlock$(EXEEXT)
+	$(LINK) $(xnlock_LDFLAGS) $(xnlock_OBJECTS) $(xnlock_LDADD) $(LIBS)
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+install-man1:
+	$(mkinstalldirs) $(DESTDIR)$(man1dir)
+	@list='$(man1_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
+	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
+	done
+
+uninstall-man1:
+	@list='$(man1_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
+	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
+	done
+install-man: $(MANS)
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-man1
+uninstall-man:
+	@$(NORMAL_UNINSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-man1
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-binPROGRAMS
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-man install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+uninstall: uninstall-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-binPROGRAMS mostlyclean-compile \
+		mostlyclean-libtool mostlyclean-tags \
+		mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-binPROGRAMS clean-compile clean-libtool clean-tags \
+		clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-binPROGRAMS distclean-compile distclean-libtool \
+		distclean-tags distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-binPROGRAMS \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-tags maintainer-clean-generic \
+		distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
+maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
+mostlyclean-compile distclean-compile clean-compile \
+maintainer-clean-compile mostlyclean-libtool distclean-libtool \
+clean-libtool maintainer-clean-libtool install-man1 uninstall-man1 \
+install-man uninstall-man tags mostlyclean-tags distclean-tags \
+clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \
+check-local check check-am installcheck-am installcheck install-exec-am \
+install-exec install-data-local install-data-am install-data install-am \
+install uninstall-am uninstall all-local all-redirect all-am all \
+install-strip installdirs mostlyclean-generic distclean-generic \
+clean-generic maintainer-clean-generic clean mostlyclean distclean \
+maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/appl/xnlock/README b/crypto/heimdal/appl/xnlock/README
new file mode 100644
index 0000000..5b16c52
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/README
@@ -0,0 +1,21 @@
+xnlock -- Dan Heller, 1990
+"nlock" is a "new lockscreen" type program... something that prevents
+screen burnout by making most of it "black" while providing something
+of interest to be displayed in case anyone is watching.  The program
+also provides added security.
+
+"xnlock" is the X11 version of the program.
+
+Original sunview version written by Dan Heller 1985 (not included).
+
+For a real description of how this program works, read the
+man page or just try running it.
+
+The one major outstanding bug with this program is that every
+once in a while, two horizontal lines appear below the little
+figure that runs around the screen.  If someone can find and
+fix this bug, *please* let me know -- I don't have time to
+look and if I waited till I had time, you'd never see this
+program...  It has something to do with the "looking down"
+position and then directly moving up and right or left...
+
diff --git a/crypto/heimdal/appl/xnlock/nose.0.left b/crypto/heimdal/appl/xnlock/nose.0.left
new file mode 100644
index 0000000..cb3d152
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.0.left
@@ -0,0 +1,38 @@
+#define nose_0_left_width 64
+#define nose_0_left_height 64
+static unsigned char nose_0_left_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
+ 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
+ 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
+ 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
+ 0x08,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x20,0x00,
+ 0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,0xf0,0x03,0x00,0x00,0x80,0x00,
+ 0x00,0x00,0x0e,0x0c,0x00,0x00,0x80,0x01,0x00,0x00,0x03,0x30,0x00,0x00,0x00,
+ 0x01,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x40,0x00,0xc0,0x00,0x00,
+ 0x00,0x02,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,
+ 0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x00,
+ 0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,
+ 0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
+ 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
+ 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
+ 0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x01,0x00,0x00,
+ 0x18,0x00,0x20,0x00,0x00,0x01,0x00,0x00,0x08,0x00,0x40,0x00,0x80,0x00,0x00,
+ 0x00,0x08,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x0c,0x00,0x00,0x01,0x20,0x00,
+ 0x00,0x00,0x04,0x00,0x00,0x06,0x18,0x00,0x00,0x00,0x06,0x00,0x00,0xf8,0x07,
+ 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0x01,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf8,0x0f,0x00,0x00,0x00,
+ 0x00,0xff,0x00,0x04,0x10,0x00,0x00,0x00,0xc0,0x00,0x03,0x03,0x10,0x00,0x00,
+ 0x00,0x30,0x00,0x0c,0x01,0x20,0x00,0x00,0x00,0x08,0x00,0x98,0x00,0x20,0x00,
+ 0x00,0x00,0x0c,0x03,0x60,0x00,0x20,0x00,0x00,0x00,0xc2,0x00,0xc0,0x00,0x20,
+ 0x00,0x00,0x00,0x42,0x00,0x80,0x00,0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x01,
+ 0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x01,0x20,0x00,0x00,0x00,0x21,0x00,0x00,
+ 0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x01,0x00,
+ 0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x02,
+ 0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
+ 0x18,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x10,0x00,0x00,
+ 0x00,0xc0,0xff,0xff,0xff,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.0.right b/crypto/heimdal/appl/xnlock/nose.0.right
new file mode 100644
index 0000000..f387baa
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.0.right
@@ -0,0 +1,38 @@
+#define nose_0_right_width 64
+#define nose_0_right_height 64
+static unsigned char nose_0_right_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00,
+ 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,
+ 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,
+ 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,
+ 0x04,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x10,0x00,
+ 0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x01,0x00,0x00,0xc0,0x0f,
+ 0x00,0x00,0x80,0x01,0x00,0x00,0x30,0x70,0x00,0x00,0x80,0x00,0x00,0x00,0x0c,
+ 0xc0,0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x40,0x00,0x00,0x00,
+ 0x03,0x00,0x02,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x20,0x00,0x00,
+ 0x00,0x00,0x00,0x08,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00,
+ 0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
+ 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
+ 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
+ 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,
+ 0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x18,0x00,0x00,0x80,0x00,
+ 0x00,0x08,0x00,0x10,0x00,0x00,0x80,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,
+ 0x01,0x00,0x02,0x00,0x30,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x20,0x00,0x00,
+ 0x00,0x04,0x80,0x00,0x00,0x60,0x00,0x00,0x00,0x18,0x60,0x00,0x00,0x40,0x00,
+ 0x00,0x00,0xe0,0x1f,0x00,0x00,0x80,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf0,0x1f,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x08,0x20,0x00,0xff,0x00,0x00,0x00,0x00,0x08,0xc0,0xc0,0x00,0x03,0x00,
+ 0x00,0x00,0x04,0x80,0x30,0x00,0x0c,0x00,0x00,0x00,0x04,0x00,0x19,0x00,0x10,
+ 0x00,0x00,0x00,0x04,0x00,0x06,0xc0,0x30,0x00,0x00,0x00,0x04,0x00,0x03,0x00,
+ 0x43,0x00,0x00,0x00,0x04,0x00,0x01,0x00,0x42,0x00,0x00,0x00,0x04,0x80,0x00,
+ 0x00,0x84,0x00,0x00,0x00,0x04,0x80,0x00,0x00,0x84,0x00,0x00,0x00,0x04,0x00,
+ 0x00,0x00,0x84,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,
+ 0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,
+ 0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,
+ 0x00,0x04,0x00,0x00,0x00,0x18,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x0e,0x00,
+ 0x00,0x00,0xf0,0xff,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.1.left b/crypto/heimdal/appl/xnlock/nose.1.left
new file mode 100644
index 0000000..8a6b829
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.1.left
@@ -0,0 +1,38 @@
+#define nose_1_left_width 64
+#define nose_1_left_height 64
+static unsigned char nose_1_left_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
+ 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
+ 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
+ 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
+ 0x08,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x20,0x00,
+ 0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,0xf0,0x03,0x00,0x00,0x80,0x00,
+ 0x00,0x00,0x0e,0x0c,0x00,0x00,0x80,0x01,0x00,0x00,0x03,0x30,0x00,0x00,0x00,
+ 0x01,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x40,0x00,0xc0,0x00,0x00,
+ 0x00,0x02,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,
+ 0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x00,
+ 0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,
+ 0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
+ 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
+ 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
+ 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x01,0x00,0x00,
+ 0x18,0x00,0x10,0x00,0x00,0x01,0x00,0x00,0x08,0x00,0x20,0x00,0x80,0x00,0x00,
+ 0x00,0x08,0x00,0x40,0x00,0x40,0x00,0x00,0x00,0x0c,0x00,0x80,0x00,0x20,0x00,
+ 0x00,0x00,0xe4,0x00,0x00,0x03,0x18,0x00,0x00,0x00,0x26,0x03,0x00,0xfc,0x07,
+ 0x00,0x00,0x00,0x12,0x0c,0x00,0x00,0xf8,0xff,0xff,0xff,0x11,0x10,0x80,0x1f,
+ 0x00,0x00,0x00,0x00,0x08,0x20,0x60,0x60,0xc0,0x07,0x00,0x00,0x04,0x40,0x10,
+ 0xc0,0x20,0x08,0x00,0x1f,0x02,0x40,0x08,0x00,0x21,0x10,0xc0,0x60,0x02,0x40,
+ 0x04,0x00,0x12,0x20,0x20,0x80,0x02,0x20,0xc2,0x00,0x14,0x40,0x18,0x00,0x03,
+ 0x20,0x22,0x00,0x0c,0x80,0x04,0x03,0x02,0x10,0x12,0x00,0x08,0x80,0x86,0x00,
+ 0x04,0x10,0x12,0x00,0x10,0x80,0x42,0x00,0x18,0x08,0x12,0x00,0x10,0x40,0x42,
+ 0x00,0x00,0x04,0x02,0x00,0x20,0x40,0x42,0x00,0x00,0x04,0x02,0x00,0x00,0x20,
+ 0x42,0x00,0x00,0x02,0x04,0x00,0x00,0x20,0x02,0x00,0x00,0x01,0x04,0x00,0x00,
+ 0x20,0x02,0x00,0x00,0x01,0x08,0x00,0x00,0x20,0x04,0x00,0x80,0x00,0x10,0x00,
+ 0x00,0x20,0x0c,0x00,0x80,0x00,0x60,0x00,0x00,0x10,0x08,0x00,0x40,0x00,0x80,
+ 0xff,0xff,0x0f,0x30,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0x0f,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.1.right b/crypto/heimdal/appl/xnlock/nose.1.right
new file mode 100644
index 0000000..f7c8962
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.1.right
@@ -0,0 +1,38 @@
+#define nose_1_right_width 64
+#define nose_1_right_height 64
+static unsigned char nose_1_right_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00,
+ 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,
+ 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,
+ 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,
+ 0x04,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x10,0x00,
+ 0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x01,0x00,0x00,0xc0,0x0f,
+ 0x00,0x00,0x80,0x01,0x00,0x00,0x30,0x70,0x00,0x00,0x80,0x00,0x00,0x00,0x0c,
+ 0xc0,0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x40,0x00,0x00,0x00,
+ 0x03,0x00,0x02,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x20,0x00,0x00,
+ 0x00,0x00,0x00,0x08,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00,
+ 0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
+ 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
+ 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
+ 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,
+ 0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x18,0x00,0x00,0x80,0x00,
+ 0x00,0x08,0x00,0x10,0x00,0x00,0x80,0x00,0x00,0x08,0x00,0x10,0x00,0x00,0x00,
+ 0x01,0x00,0x04,0x00,0x30,0x00,0x00,0x00,0x02,0x00,0x02,0x00,0x27,0x00,0x00,
+ 0x00,0x04,0x00,0x01,0xc0,0x64,0x00,0x00,0x00,0x18,0xc0,0x00,0x30,0x48,0x00,
+ 0x00,0x00,0xe0,0x3f,0x00,0x08,0x88,0xff,0xff,0xff,0x1f,0x00,0x00,0x04,0x10,
+ 0x00,0x00,0x00,0x00,0xf8,0x01,0x02,0x20,0x00,0x00,0xe0,0x03,0x06,0x06,0x02,
+ 0x40,0xf8,0x00,0x10,0x04,0x03,0x08,0x02,0x40,0x06,0x03,0x08,0x84,0x00,0x10,
+ 0x04,0x40,0x01,0x04,0x04,0x48,0x00,0x20,0x04,0xc0,0x00,0x18,0x02,0x28,0x00,
+ 0x43,0x08,0x40,0xc0,0x20,0x01,0x30,0x00,0x44,0x08,0x20,0x00,0x61,0x01,0x10,
+ 0x00,0x48,0x10,0x18,0x00,0x42,0x01,0x08,0x00,0x48,0x20,0x00,0x00,0x42,0x02,
+ 0x08,0x00,0x48,0x20,0x00,0x00,0x42,0x02,0x04,0x00,0x40,0x40,0x00,0x00,0x42,
+ 0x04,0x00,0x00,0x40,0x80,0x00,0x00,0x40,0x04,0x00,0x00,0x20,0x80,0x00,0x00,
+ 0x40,0x04,0x00,0x00,0x20,0x00,0x01,0x00,0x20,0x04,0x00,0x00,0x10,0x00,0x01,
+ 0x00,0x30,0x04,0x00,0x00,0x08,0x00,0x02,0x00,0x10,0x08,0x00,0x00,0x06,0x00,
+ 0x0c,0x00,0x0c,0xf0,0xff,0xff,0x01,0x00,0xf0,0xff,0x03,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.down b/crypto/heimdal/appl/xnlock/nose.down
new file mode 100644
index 0000000..e8bdba4
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.down
@@ -0,0 +1,38 @@
+#define nose_down_width 64
+#define nose_down_height 64
+static unsigned char nose_down_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0xfc,0xff,0x01,0x00,0x00,0x00,0x00,0xc0,0x03,0x00,0x1e,0x00,
+ 0x00,0x00,0x00,0x38,0x00,0x00,0xe0,0x00,0x00,0x00,0x00,0x06,0x00,0x00,0x00,
+ 0x03,0x00,0x00,0x80,0x01,0x00,0x00,0x00,0x04,0x00,0x00,0x40,0x00,0x00,0x00,
+ 0x00,0x08,0x00,0x00,0x20,0x00,0x00,0x00,0x00,0x30,0x00,0x00,0x10,0x00,0x80,
+ 0x1f,0x00,0x40,0x00,0x00,0x08,0x00,0x60,0x60,0x00,0x80,0x00,0x00,0x08,0x00,
+ 0x10,0x80,0x00,0x80,0x00,0x00,0x04,0x00,0x08,0x00,0x01,0x00,0x01,0x00,0x04,
+ 0x00,0x08,0x00,0x01,0x00,0x01,0x00,0x02,0x00,0x18,0x80,0x01,0x00,0x02,0x00,
+ 0x02,0x00,0x68,0x60,0x01,0x00,0x02,0x00,0x02,0x00,0x88,0x1f,0x01,0x00,0x02,
+ 0x00,0x02,0x00,0x08,0x00,0x01,0x00,0x02,0x00,0x02,0x00,0x10,0x80,0x00,0x00,
+ 0x03,0x00,0x06,0x00,0x60,0x60,0x00,0x80,0x02,0x00,0x0c,0x00,0x80,0x1f,0x00,
+ 0x40,0x01,0x00,0x14,0x00,0x00,0x00,0x00,0x20,0x01,0x00,0x28,0x00,0x00,0x00,
+ 0x00,0x90,0x00,0x00,0x50,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0xa0,0x01,0x00,
+ 0x00,0x00,0x26,0x00,0x00,0x40,0x1e,0x00,0x00,0xc0,0x11,0x00,0x00,0x80,0xe1,
+ 0x03,0x00,0x3c,0x0c,0x00,0x00,0x00,0x0e,0xfc,0xff,0x83,0x03,0x00,0x00,0x00,
+ 0xf0,0x01,0x00,0x78,0x00,0x00,0x00,0x00,0x00,0xfe,0xff,0x0f,0x00,0x00,0x00,
+ 0x00,0x80,0x03,0x00,0x0c,0x00,0x00,0x00,0x00,0x80,0x02,0x00,0x14,0x00,0x00,
+ 0x00,0x00,0x60,0x04,0x00,0x12,0x00,0x00,0xc0,0x7f,0x10,0x04,0x00,0x22,0xe0,
+ 0x01,0x70,0xc0,0x18,0x08,0x00,0x61,0x1c,0x06,0x10,0x00,0x0f,0x30,0xc0,0x80,
+ 0x07,0x08,0x08,0x00,0x06,0xc0,0x3f,0x80,0x01,0x08,0x08,0x00,0x18,0x00,0x02,
+ 0xc0,0x00,0x10,0x04,0x00,0x30,0x00,0x05,0x30,0x00,0x10,0x04,0x00,0x00,0x80,
+ 0x08,0x18,0x00,0x20,0x04,0x00,0x00,0x80,0x08,0x00,0x00,0x20,0x04,0x00,0x00,
+ 0x40,0x10,0x00,0x00,0x20,0x24,0x00,0x00,0x40,0x10,0x00,0x00,0x22,0x24,0x00,
+ 0x00,0x40,0x10,0x00,0x00,0x22,0x44,0x00,0x00,0x40,0x10,0x00,0x00,0x11,0x84,
+ 0x01,0x00,0xc0,0x18,0x00,0xc0,0x10,0x08,0x00,0x00,0x80,0x08,0x00,0x00,0x08,
+ 0x30,0x00,0x00,0x80,0x08,0x00,0x00,0x04,0xe0,0xff,0xff,0xff,0xf8,0xff,0xff,
+ 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.front b/crypto/heimdal/appl/xnlock/nose.front
new file mode 100644
index 0000000..64b8201
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.front
@@ -0,0 +1,38 @@
+#define nose_front_width 64
+#define nose_front_height 64
+static unsigned char nose_front_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
+ 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
+ 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
+ 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
+ 0x08,0x00,0xc0,0x1f,0x00,0x20,0x00,0x00,0x08,0x00,0x30,0x60,0x00,0x20,0x00,
+ 0x00,0xf8,0xff,0x0f,0x80,0xff,0x3f,0x00,0x00,0x00,0x02,0x02,0x00,0x82,0x00,
+ 0x00,0x00,0x00,0x03,0x01,0x00,0x84,0x01,0x00,0x00,0x00,0x81,0x00,0x00,0x08,
+ 0x01,0x00,0x00,0x80,0x80,0x00,0x00,0x08,0x02,0x00,0x00,0x80,0x40,0x00,0x00,
+ 0x10,0x02,0x00,0x00,0x40,0x40,0x00,0x00,0x10,0x04,0x00,0x00,0x40,0x20,0x00,
+ 0x00,0x20,0x04,0x00,0x00,0x60,0x20,0x00,0x00,0x20,0x0c,0x00,0x00,0x20,0x20,
+ 0x00,0x00,0x20,0x08,0x00,0x00,0x20,0x20,0x00,0x00,0x20,0x08,0x00,0x00,0x10,
+ 0x20,0x00,0x00,0x20,0x10,0x00,0x00,0x10,0x20,0x00,0x00,0x20,0x10,0x00,0x00,
+ 0x10,0x20,0x00,0x00,0x20,0x10,0x00,0x00,0x10,0x40,0x00,0x00,0x10,0x10,0x00,
+ 0x00,0x10,0x40,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x80,0x00,0x00,0x08,0x10,
+ 0x00,0x00,0x10,0x80,0x00,0x00,0x08,0x10,0x00,0x00,0x30,0x00,0x01,0x00,0x04,
+ 0x18,0x00,0x00,0x20,0x00,0x02,0x00,0x02,0x08,0x00,0x00,0x20,0x00,0x0c,0x80,
+ 0x01,0x08,0x00,0x00,0x60,0x00,0x30,0x60,0x00,0x0c,0x00,0x00,0x40,0x00,0xc0,
+ 0x1f,0x00,0x04,0x00,0x00,0xc0,0x00,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x01,
+ 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xfe,0xff,0xff,0xff,0x01,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x0f,0xc0,0x0f,0x00,0x00,0x00,
+ 0x00,0x40,0x10,0x20,0x10,0x00,0x00,0x00,0x00,0x20,0x60,0x30,0x20,0x00,0x00,
+ 0x00,0x00,0x20,0xc0,0x18,0x20,0x00,0x00,0xc0,0x7f,0x10,0x80,0x0d,0x40,0xe0,
+ 0x01,0x70,0xc0,0x18,0x00,0x05,0x40,0x1c,0x06,0x10,0x00,0x0f,0x00,0x05,0x80,
+ 0x07,0x08,0x08,0x00,0x06,0x00,0x05,0x80,0x01,0x08,0x08,0x00,0x18,0x00,0x05,
+ 0xc0,0x00,0x10,0x04,0x00,0x30,0x00,0x05,0x30,0x00,0x10,0x04,0x00,0x00,0x80,
+ 0x08,0x18,0x00,0x20,0x04,0x00,0x00,0x80,0x08,0x00,0x00,0x20,0x04,0x00,0x00,
+ 0x40,0x10,0x00,0x00,0x20,0x24,0x00,0x00,0x40,0x10,0x00,0x00,0x22,0x24,0x00,
+ 0x00,0x40,0x10,0x00,0x00,0x22,0x44,0x00,0x00,0x40,0x10,0x00,0x00,0x11,0x84,
+ 0x01,0x00,0xc0,0x18,0x00,0xc0,0x10,0x08,0x00,0x00,0x80,0x08,0x00,0x00,0x08,
+ 0x30,0x00,0x00,0x80,0x08,0x00,0x00,0x04,0xe0,0xff,0xff,0xff,0xf8,0xff,0xff,
+ 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.left.front b/crypto/heimdal/appl/xnlock/nose.left.front
new file mode 100644
index 0000000..3a871ea
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.left.front
@@ -0,0 +1,38 @@
+#define nose_left_front_width 64
+#define nose_left_front_height 64
+static unsigned char nose_left_front_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
+ 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
+ 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
+ 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
+ 0x08,0x00,0xe0,0x0f,0x00,0x20,0x00,0x00,0x08,0x00,0x18,0x30,0x00,0x20,0x00,
+ 0x00,0xf8,0xff,0x07,0xc0,0xff,0x3f,0x00,0x00,0x00,0x02,0x01,0x00,0x81,0x00,
+ 0x00,0x00,0x00,0x83,0x00,0x00,0x82,0x01,0x00,0x00,0x00,0x41,0x00,0x00,0x04,
+ 0x01,0x00,0x00,0x80,0x40,0x00,0x00,0x04,0x02,0x00,0x00,0x80,0x20,0x00,0x00,
+ 0x08,0x02,0x00,0x00,0x40,0x20,0x00,0x00,0x08,0x04,0x00,0x00,0x40,0x10,0x00,
+ 0x00,0x10,0x04,0x00,0x00,0x60,0x10,0x00,0x00,0x10,0x0c,0x00,0x00,0x20,0x10,
+ 0x00,0x00,0x10,0x08,0x00,0x00,0x30,0x10,0x00,0x00,0x10,0x08,0x00,0x00,0x10,
+ 0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,
+ 0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x20,0x00,0x00,0x08,0x10,0x00,
+ 0x00,0x10,0x20,0x00,0x00,0x08,0x10,0x00,0x00,0x10,0x40,0x00,0x00,0x04,0x10,
+ 0x00,0x00,0x30,0x40,0x00,0x00,0x04,0x10,0x00,0x00,0x20,0x80,0x00,0x00,0x02,
+ 0x18,0x00,0x00,0x20,0x00,0x01,0x00,0x01,0x08,0x00,0x00,0x60,0x00,0x06,0xc0,
+ 0x00,0x08,0x00,0x00,0x80,0x00,0x18,0x30,0x00,0x0c,0x00,0x00,0x80,0x00,0xe0,
+ 0x0f,0x00,0x04,0x00,0x00,0x80,0x01,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x01,
+ 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xfe,0xff,0xff,0xff,0x01,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf8,0x0f,0x00,0x00,0x00,
+ 0x00,0xff,0x00,0x04,0x10,0x00,0x00,0x00,0xe0,0x00,0x07,0x02,0x10,0x00,0x00,
+ 0x00,0x30,0x00,0x8c,0x01,0x20,0x00,0x00,0x00,0x0c,0x00,0x90,0x00,0x20,0x00,
+ 0x00,0x00,0x04,0x03,0x60,0x00,0x20,0x00,0x00,0x00,0xc2,0x00,0xc0,0x00,0x20,
+ 0x00,0x00,0x00,0x42,0x00,0x00,0x01,0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x02,
+ 0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x06,0x20,0x00,0x00,0x00,0x21,0x00,0x00,
+ 0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x03,0x00,
+ 0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x02,
+ 0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
+ 0x18,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x10,0x00,0x00,
+ 0x00,0xc0,0xff,0xff,0xff,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.right.front b/crypto/heimdal/appl/xnlock/nose.right.front
new file mode 100644
index 0000000..f821417
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/nose.right.front
@@ -0,0 +1,38 @@
+#define nose_right_front_width 64
+#define nose_right_front_height 64
+static unsigned char nose_right_front_bits[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00,
+ 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,
+ 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,
+ 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,
+ 0x04,0x00,0xf0,0x07,0x00,0x10,0x00,0x00,0x04,0x00,0x0c,0x18,0x00,0x10,0x00,
+ 0x00,0xfc,0xff,0x03,0xe0,0xff,0x1f,0x00,0x00,0x00,0x81,0x00,0x80,0x40,0x00,
+ 0x00,0x00,0x80,0x41,0x00,0x00,0xc1,0x00,0x00,0x00,0x80,0x20,0x00,0x00,0x82,
+ 0x00,0x00,0x00,0x40,0x20,0x00,0x00,0x02,0x01,0x00,0x00,0x40,0x10,0x00,0x00,
+ 0x04,0x01,0x00,0x00,0x20,0x10,0x00,0x00,0x04,0x02,0x00,0x00,0x20,0x08,0x00,
+ 0x00,0x08,0x02,0x00,0x00,0x30,0x08,0x00,0x00,0x08,0x06,0x00,0x00,0x10,0x08,
+ 0x00,0x00,0x08,0x04,0x00,0x00,0x10,0x08,0x00,0x00,0x08,0x0c,0x00,0x00,0x08,
+ 0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,
+ 0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x10,0x00,0x00,0x04,0x08,0x00,
+ 0x00,0x08,0x10,0x00,0x00,0x04,0x08,0x00,0x00,0x08,0x20,0x00,0x00,0x02,0x08,
+ 0x00,0x00,0x08,0x20,0x00,0x00,0x02,0x0c,0x00,0x00,0x18,0x40,0x00,0x00,0x01,
+ 0x04,0x00,0x00,0x10,0x80,0x00,0x80,0x00,0x04,0x00,0x00,0x10,0x00,0x03,0x60,
+ 0x00,0x06,0x00,0x00,0x30,0x00,0x0c,0x18,0x00,0x01,0x00,0x00,0x20,0x00,0xf0,
+ 0x07,0x00,0x01,0x00,0x00,0x60,0x00,0x00,0x00,0x80,0x01,0x00,0x00,0x40,0x00,
+ 0x00,0x00,0x80,0x00,0x00,0x00,0x80,0xff,0xff,0xff,0x7f,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf0,0x1f,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x08,0x20,0x00,0xff,0x00,0x00,0x00,0x00,0x08,0x40,0xe0,0x00,0x07,0x00,
+ 0x00,0x00,0x04,0x80,0x31,0x00,0x0c,0x00,0x00,0x00,0x04,0x00,0x09,0x00,0x30,
+ 0x00,0x00,0x00,0x04,0x00,0x06,0xc0,0x20,0x00,0x00,0x00,0x04,0x00,0x03,0x00,
+ 0x43,0x00,0x00,0x00,0x04,0x80,0x00,0x00,0x42,0x00,0x00,0x00,0x04,0x40,0x00,
+ 0x00,0x84,0x00,0x00,0x00,0x04,0x60,0x00,0x00,0x84,0x00,0x00,0x00,0x04,0x00,
+ 0x00,0x00,0x84,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,
+ 0x00,0x00,0x00,0xc0,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,
+ 0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,
+ 0x00,0x04,0x00,0x00,0x00,0x18,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x0e,0x00,
+ 0x00,0x00,0xf0,0xff,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/xnlock.1 b/crypto/heimdal/appl/xnlock/xnlock.1
new file mode 100644
index 0000000..c62417d
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/xnlock.1
@@ -0,0 +1,123 @@
+.\" xnlock -- Dan Heller 1985 <argv@sun.com>
+.TH XNLOCK 1L "19 April 1990"
+.SH NAME
+xnlock \- amusing lock screen program with message for passers-by
+.SH SYNOPSIS
+.B xnlock
+[
+\fIoptions\fP
+]
+[
+\fImessage\fP
+]
+.SH DESCRIPTION
+.I xnlock
+is a program that acts as a screen saver for workstations running X11.
+It also "locks" the screen such that the workstation can be left
+unattended without worry that someone else will walk up to it and
+mess everything up.  When \fIxnlock\fP is running, a little man with
+a big nose and a hat runs around spewing out messages to the screen.
+By default, the messages are "humorous", but that depends on your
+sense of humor.
+.LP
+If a key or mouse button is pressed, a prompt is printed requesting the
+user's password.  If a RETURN is not typed within 30 seconds,
+the little man resumes running around.
+.LP
+Text on the command line is used as the message.  For example:
+.br
+	% xnlock I\'m out to lunch for a couple of hours.
+.br
+Note the need to quote shell metacharacters.
+.LP
+In the absence of flags or text, \fIxnlock\fP displays random fortunes.
+.SH OPTIONS
+Command line options override all resource specifications.
+All arguments that are not associated with a command line option
+is taken to be message text that the little man will "say" every
+once in a while.  The resource \fBxnlock.text\fP may be set to
+a string.
+.TP
+.BI \-fn " fontname"
+The default font is the first 18 point font in the \fInew century schoolbook\fP
+family.  While larger fonts are recokmmended over smaller ones, any font
+in the server's font list will work.  The resource to use for this option
+is \fBxnlock.font\fP.
+.TP
+.BI \-filename "  filename"
+Take the message to be displayed from the file \fIfilename\fP.
+If \fIfilename\fP is not specified, \fI$HOME/.msgfile\fP is used.
+If the contents of the file are changed during runtime, the most recent text
+of the file is used (allowing the displayed message to be altered remotely).
+Carriage returns within the text are allowed, but tabs or other control
+characters are not translated and should not be used.
+The resource available for this option is \fBxnlock.file\fP.
+.TP
+.BI \-ar
+Accept root's password to unlock screen.  This option is true by
+default.  The reason for this is so that someone's screen may be
+unlocked by autorized users in case of emergency and the person
+running the program is still out to lunch.  The resource available
+for specifying this option is \fBxnlock.acceptRootPasswd\fP.
+.TP
+.BI \-noar
+Don't accept root's password.  This option is for paranoids who
+fear their peers might breakin using root's password and remove
+their files anyway.  Specifying this option on the command line
+overrides the \fBxnlock.acceptRootPasswd\fP if set to True.
+.TP
+.BI \-ip
+Ignore password prompt.
+The resource available for this option is \fBxnlock.ignorePasswd\fP.
+.TP
+.BI \-noip
+Don't ignore password prompt.  This is available in order to
+override the resource \fBignorePasswd\fP if set to True.
+.TP
+.BI -fg " color"
+Specifies the foreground color.  The resource available for this
+is \fBxnlock.foreground\fP.
+.TP
+.BI -bg " color"
+Specifies the background color.  The resource available for this
+is \fBxnlock.background\fP.
+.TP
+.BI \-rv
+Reverse the foreground and background colors.
+The resource for this is \fBxvnlock.reverseVideo\fP.
+.TP
+.BI \-norv
+Don't use reverse video.  This is available to override the reverseVideo
+resource if set to True.
+.TP
+.BI \-prog " program"
+Receive message text from the running program \fIprogram\fP. If there
+are arguments to \fIprogram\fP, encase them with the name of the program in
+quotes (e.g. xnlock -t "fortune -o").
+The resource for this is \fBxnlock.program\fP.
+.SH RESOURCES
+.br
+xnlock.font:               fontname
+.br
+xnlock.foreground:         color
+.br
+xnlock.background:         color
+.br
+xnlock.reverseVideo:       True/False
+.br
+xnlock.text:               Some random text string
+.br
+xnlock.program:            program [args]
+.br
+xnlock.ignorePasswd:       True/False
+.br
+xnlock.acceptRootPasswd:   True/False
+.SH FILES
+\fIxnlock\fP               executable file
+.br
+~/.msgfile                 default message file
+.SH AUTHOR
+Dan Heller <argv@sun.com>  Copyright (c) 1985, 1990.
+.br
+The original version of this program was written using pixrects on
+a Sun 2 running SunOS 1.1.
diff --git a/crypto/heimdal/appl/xnlock/xnlock.c b/crypto/heimdal/appl/xnlock/xnlock.c
new file mode 100644
index 0000000..da61baf
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/xnlock.c
@@ -0,0 +1,1117 @@
+/*
+ * xnlock -- Dan Heller, 1990
+ * "nlock" is a "new lockscreen" type program... something that prevents
+ * screen burnout by making most of it "black" while providing something
+ * of interest to be displayed in case anyone is watching.
+ * "xnlock" is the X11 version of the program.
+ * Original sunview version written by Dan Heller 1985 (not included here).
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: xnlock.c,v 1.85 2001/03/15 17:13:13 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <X11/StringDefs.h>
+#include <X11/Intrinsic.h>
+#include <X11/keysym.h>
+#include <X11/Shell.h>
+#include <X11/Xos.h>
+#ifdef strerror
+#undef strerror
+#endif
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#include <kafs.h>
+#endif
+
+#include <roken.h>
+#include <err.h>
+
+static char login[16];
+static char userprompt[128];
+#ifdef KRB4
+static char name[ANAME_SZ];
+static char inst[INST_SZ];
+static char realm[REALM_SZ];
+#endif
+#ifdef KRB5
+static krb5_context context;
+static krb5_principal client;
+#endif
+
+#define font_height(font)	  	(font->ascent + font->descent)
+
+static char *SPACE_STRING = "                                                      ";
+static char STRING[] = "****************";
+
+#define STRING_LENGTH (sizeof(STRING))
+#define MAX_PASSWD_LENGTH 256
+/* (sizeof(STRING)) */
+
+#define PROMPT	    "Password: "
+#define FAIL_MSG    "Sorry, try again"
+#define LEFT 	001
+#define RIGHT 	002
+#define DOWN 	004
+#define UP 	010
+#define FRONT	020
+#define X_INCR 3
+#define Y_INCR 2
+#define XNLOCK_CTRL 1
+#define XNLOCK_NOCTRL 0
+
+static XtAppContext	app;
+static Display        *dpy;
+static unsigned short	Width, Height;
+static Widget		widget;
+static GC		gc;
+static XtIntervalId	timeout_id;
+static char	       *words;
+static int		x, y;
+static Pixel		Black, White;
+static XFontStruct    *font;
+static char		root_cpass[128];
+static char		user_cpass[128];
+static int		time_left, prompt_x, prompt_y, time_x, time_y;
+static unsigned long	interval;
+static Pixmap		left0, left1, right0, right1, left_front,
+			right_front, front, down;
+
+#define MAXLINES 40
+
+#define IS_MOVING  1
+#define GET_PASSWD 2
+static int state; /* indicates states: walking or getting passwd */
+
+static int ALLOW_LOGOUT = (60*10);	/* Allow logout after nn seconds */
+#define LOGOUT_PASSWD "enuHDmTo5Lq4g" /* when given password "LOGOUT" */
+static time_t locked_at;
+
+struct appres_t {
+    Pixel bg;
+    Pixel fg;
+    XFontStruct *font;
+    Boolean ignore_passwd;
+    Boolean do_reverse;
+    Boolean accept_root;
+    char *text, *text_prog, *file, *logoutPasswd;
+    Boolean no_screensaver;
+    Boolean destroytickets;
+} appres;
+
+static XtResource resources[] = {
+    { XtNbackground, XtCBackground, XtRPixel, sizeof(Pixel), 
+      XtOffsetOf(struct appres_t, bg), XtRString, "black" },
+
+    { XtNforeground, XtCForeground, XtRPixel, sizeof(Pixel), 
+      XtOffsetOf(struct appres_t, fg), XtRString, "white" },
+
+    { XtNfont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
+      XtOffsetOf(struct appres_t, font), 
+      XtRString, "-*-new century schoolbook-*-*-*-18-*" },
+
+    { "ignorePasswd", "IgnorePasswd", XtRBoolean, sizeof(Boolean),
+      XtOffsetOf(struct appres_t,ignore_passwd),XtRImmediate,(XtPointer)False },
+
+    { "acceptRootPasswd", "AcceptRootPasswd", XtRBoolean, sizeof(Boolean),
+      XtOffsetOf(struct appres_t, accept_root), XtRImmediate, (XtPointer)True },
+
+    { "text", "Text", XtRString, sizeof(String),
+      XtOffsetOf(struct appres_t, text), XtRString, "I'm out running around." },
+    
+    { "program", "Program", XtRString, sizeof(String),
+      XtOffsetOf(struct appres_t, text_prog), XtRImmediate, NULL },
+
+    { "file", "File", XtRString, sizeof(String),
+      XtOffsetOf(struct appres_t,file), XtRImmediate, NULL },
+
+    { "logoutPasswd", "logoutPasswd", XtRString, sizeof(String),
+      XtOffsetOf(struct appres_t, logoutPasswd), XtRString, LOGOUT_PASSWD },
+    
+    { "noScreenSaver", "NoScreenSaver", XtRBoolean, sizeof(Boolean),
+      XtOffsetOf(struct appres_t,no_screensaver), XtRImmediate, (XtPointer)True },
+
+    { "destroyTickets", "DestroyTickets", XtRBoolean, sizeof(Boolean),
+      XtOffsetOf(struct appres_t,destroytickets), XtRImmediate, (XtPointer)True },
+};
+
+static XrmOptionDescRec options[] = {
+    { "-fg", ".foreground", XrmoptionSepArg, NULL }, 
+    { "-foreground", ".foreground", XrmoptionSepArg, NULL }, 
+    { "-fn", ".font", XrmoptionSepArg, NULL }, 
+    { "-font", ".font", XrmoptionSepArg, NULL }, 
+    { "-ip", ".ignorePasswd", XrmoptionNoArg, "True" },
+    { "-noip", ".ignorePasswd", XrmoptionNoArg, "False" },
+    { "-ar",  ".acceptRootPasswd", XrmoptionNoArg, "True" },
+    { "-noar", ".acceptRootPasswd", XrmoptionNoArg, "False" },
+    { "-nonoscreensaver", ".noScreenSaver", XrmoptionNoArg, "False" },
+    { "-nodestroytickets", ".destroyTickets", XrmoptionNoArg, "False" },
+};
+
+static char*
+get_words(void)
+{
+    FILE *pp = NULL;
+    static char buf[512];
+    long n;
+
+    if (appres.text_prog) {
+	pp = popen(appres.text_prog, "r");
+	if (!pp) {
+	    warn("popen %s", appres.text_prog);
+	    return appres.text;
+	}
+	n = fread(buf, 1, sizeof(buf) - 1, pp);
+	buf[n] = 0;
+	pclose(pp);
+	return buf;
+    }
+    if (appres.file) {
+	pp = fopen(appres.file, "r");
+	if (!pp) {
+	    warn("fopen %s", appres.file);
+	    return appres.text;
+	}
+	n = fread(buf, 1, sizeof(buf) - 1, pp);
+	buf[n] = 0;
+	fclose(pp);
+	return buf;
+    }
+
+    return appres.text;
+}
+
+static void
+usage(void)
+{
+    fprintf(stderr, "usage: %s [options] [message]\n", getprogname());
+    fprintf(stderr, "-fg color     foreground color\n");
+    fprintf(stderr, "-bg color     background color\n");
+    fprintf(stderr, "-rv           reverse foreground/background colors\n");
+    fprintf(stderr, "-nrv          no reverse video\n");
+    fprintf(stderr, "-ip           ignore passwd\n");
+    fprintf(stderr, "-nip          don't ignore passwd\n");
+    fprintf(stderr, "-ar           accept root's passwd to unlock\n");
+    fprintf(stderr, "-nar          don't accept root's passwd\n");
+    fprintf(stderr, "-f [file]     message is read from file or ~/.msgfile\n");
+    fprintf(stderr, "-prog program  text is gotten from executing `program'\n");
+    fprintf(stderr, "-nodestroytickets keep kerberos tickets\n");
+    exit(1);
+}
+
+static void
+init_words (int argc, char **argv)
+{
+    int i = 0;
+
+    while(argv[i]) {
+	if(strcmp(argv[i], "-p") == 0
+	   || strcmp(argv[i], "-prog") == 0) {
+	    i++;
+	    if(argv[i]) {
+		appres.text_prog = argv[i];
+		i++;
+	    } else {
+		warnx ("-p requires an argument");
+		usage();
+	    }
+	} else if(strcmp(argv[i], "-f") == 0) {
+	    i++;
+	    if(argv[i]) {
+		appres.file = argv[i];
+		i++;
+	    } else {
+		asprintf (&appres.file,
+			  "%s/.msgfile", getenv("HOME"));
+		if (appres.file == NULL)
+		    errx (1, "cannot allocate memory for message");
+	    }
+	} else {
+	    int j;
+	    int len = 1;
+	    for(j = i; argv[j]; j++)
+		len += strlen(argv[j]) + 1;
+	    appres.text = malloc(len);
+	    if (appres.text == NULL)
+		errx (1, "cannot allocate memory for message");
+	    appres.text[0] = 0;
+	    for(; i < j; i++){
+		strlcat(appres.text, argv[i], len);
+		strlcat(appres.text, " ", len);
+	    }
+	}
+    }
+}
+
+static void
+ScreenSaver(int save)
+{
+    static int timeout, interval, prefer_blank, allow_exp;
+    if(!appres.no_screensaver){
+	if (save) {
+	    XGetScreenSaver(dpy, &timeout, &interval, 
+			    &prefer_blank, &allow_exp);
+	    XSetScreenSaver(dpy, 0, interval, prefer_blank, allow_exp);
+	} else
+	    /* restore state */
+	    XSetScreenSaver(dpy, timeout, interval, prefer_blank, allow_exp);
+    }
+}
+
+/* Forward decls necessary */
+static void talk(int force_erase);
+static unsigned long look(void);
+
+static int
+zrefresh(void)
+{
+  switch (fork()) {
+  case -1:
+      warn ("zrefresh: fork");
+      return -1;
+  case 0:
+      /* Child */
+      execlp("zrefresh", "zrefresh", 0);
+      execl(BINDIR "/zrefresh", "zrefresh", 0);
+      return -1;
+  default:
+      /* Parent */
+      break;
+  }
+  return 0;
+}
+
+static void
+leave(void)
+{
+    XUngrabPointer(dpy, CurrentTime);
+    XUngrabKeyboard(dpy, CurrentTime);
+    ScreenSaver(0);
+    XCloseDisplay(dpy);
+    zrefresh();
+    exit(0);
+}
+
+static void
+walk(int dir)
+{
+    int incr = 0;
+    static int lastdir;
+    static int up = 1;
+    static Pixmap frame;
+
+    XSetForeground(dpy, gc, White);
+    XSetBackground(dpy, gc, Black);
+    if (dir & (LEFT|RIGHT)) { /* left/right movement (mabye up/down too) */
+	up = -up; /* bouncing effect (even if hit a wall) */
+	if (dir & LEFT) {
+	    incr = X_INCR;
+	    frame = (up < 0) ? left0 : left1;
+	} else {
+	    incr = -X_INCR;
+	    frame = (up < 0) ? right0 : right1;
+	}
+	if ((lastdir == FRONT || lastdir == DOWN) && dir & UP) {
+	    /* workaround silly bug that leaves screen dust when
+	     * guy is facing forward or down and moves up-left/right.
+	     */
+	    XCopyPlane(dpy, frame, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L);
+	    XFlush(dpy);
+	}
+	/* note that maybe neither UP nor DOWN is set! */
+	if (dir & UP && y > Y_INCR)
+	    y -= Y_INCR;
+	else if (dir & DOWN && y < (int)Height - 64)
+	    y += Y_INCR;
+    }
+    /* Explicit up/down movement only (no left/right) */
+    else if (dir == UP)
+	XCopyPlane(dpy, front, XtWindow(widget), gc,
+	    0,0, 64,64, x, y -= Y_INCR, 1L);
+    else if (dir == DOWN)
+	XCopyPlane(dpy, down, XtWindow(widget), gc,
+	    0,0, 64,64, x, y += Y_INCR, 1L);
+    else if (dir == FRONT && frame != front) {
+	if (up > 0)
+	    up = -up;
+	if (lastdir & LEFT)
+	    frame = left_front;
+	else if (lastdir & RIGHT)
+	    frame = right_front;
+	else
+	    frame = front;
+	XCopyPlane(dpy, frame, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L);
+    }
+    if (dir & LEFT)
+	while(--incr >= 0) {
+	    XCopyPlane(dpy, frame, XtWindow(widget), gc,
+		0,0, 64,64, --x, y+up, 1L);
+	    XFlush(dpy);
+	}
+    else if (dir & RIGHT)
+	while(++incr <= 0) {
+	    XCopyPlane(dpy, frame, XtWindow(widget), gc,
+		0,0, 64,64, ++x, y+up, 1L);
+	    XFlush(dpy);
+	}
+    lastdir = dir;
+}
+
+static int
+think(void)
+{
+    if (rand() & 1)
+	walk(FRONT);
+    if (rand() & 1) {
+	words = get_words();
+	return 1;
+    }
+    return 0;
+}
+
+static void
+move(XtPointer _p, XtIntervalId *_id)
+{
+    static int length, dir;
+
+    if (!length) {
+	int tries = 0;
+	dir = 0;
+	if ((rand() & 1) && think()) {
+	    talk(0); /* sets timeout to itself */
+	    return;
+	}
+	if (!(rand() % 3) && (interval = look())) {
+	    timeout_id = XtAppAddTimeOut(app, interval, move, NULL);
+	    return;
+	}
+	interval = 20 + rand() % 100;
+	do  {
+	    if (!tries)
+		length = Width/100 + rand() % 90, tries = 8;
+	    else
+		tries--;
+	    switch (rand() % 8) {
+		case 0:
+		    if (x - X_INCR*length >= 5)
+			dir = LEFT;
+		case 1:
+		    if (x + X_INCR*length <= (int)Width - 70)
+			dir = RIGHT;
+		case 2:
+		    if (y - (Y_INCR*length) >= 5)
+			dir = UP, interval = 40;
+		case 3:
+		    if (y + Y_INCR*length <= (int)Height - 70)
+			dir = DOWN, interval = 20;
+		case 4:
+		    if (x - X_INCR*length >= 5 && y - (Y_INCR*length) >= 5)
+			dir = (LEFT|UP);
+		case 5:
+		    if (x + X_INCR * length <= (int)Width - 70 &&
+			y-Y_INCR * length >= 5)
+			dir = (RIGHT|UP);
+		case 6:
+		    if (x - X_INCR * length >= 5 &&
+			y + Y_INCR * length <= (int)Height - 70)
+			dir = (LEFT|DOWN);
+		case 7:
+		    if (x + X_INCR*length <= (int)Width - 70 &&
+			y + Y_INCR*length <= (int)Height - 70)
+			dir = (RIGHT|DOWN);
+	    }
+	} while (!dir);
+    }
+    walk(dir);
+    --length;
+    timeout_id = XtAppAddTimeOut(app, interval, move, NULL);
+}
+
+static void
+post_prompt_box(Window window)
+{
+    int width = (Width / 3);
+    int height = font_height(font) * 6;
+    int box_x, box_y;
+
+    /* make sure the entire nose icon fits in the box */
+    if (height < 100)
+	height = 100;
+
+    if(width < 105 + font->max_bounds.width*STRING_LENGTH)
+	width = 105 + font->max_bounds.width*STRING_LENGTH;
+    box_x = (Width - width) / 2;
+    time_x = prompt_x = box_x + 105;
+
+    time_y = prompt_y = Height / 2;
+    box_y = prompt_y - 3 * font_height(font);
+
+    /* erase current guy -- text message may still exist */
+    XSetForeground(dpy, gc, Black);
+    XFillRectangle(dpy, window, gc, x, y, 64, 64);
+    talk(1); /* forcefully erase message if one is being displayed */
+    /* Clear area in middle of screen for prompt box */
+    XSetForeground(dpy, gc, White);
+    XFillRectangle(dpy, window, gc, box_x, box_y, width, height);
+
+    /* make a box that's 5 pixels thick. Then add a thin box inside it */
+    XSetForeground(dpy, gc, Black);
+    XSetLineAttributes(dpy, gc, 5, 0, 0, 0);
+    XDrawRectangle(dpy, window, gc, box_x+5, box_y+5, width-10, height-10);
+    XSetLineAttributes(dpy, gc, 0, 0, 0, 0);
+    XDrawRectangle(dpy, window, gc, box_x+12, box_y+12, width-23, height-23);
+
+    XDrawString(dpy, window, gc,
+		prompt_x, prompt_y-font_height(font), 
+		userprompt, strlen(userprompt));
+    XDrawString(dpy, window, gc, prompt_x, prompt_y, PROMPT, strlen(PROMPT));
+    /* set background for copyplane and DrawImageString; need reverse video */
+    XSetBackground(dpy, gc, White);
+    XCopyPlane(dpy, right0, window, gc, 0,0, 64,64,
+	       box_x + 20, box_y + (height - 64)/2, 1L);
+    prompt_x += XTextWidth(font, PROMPT, strlen(PROMPT));
+    time_y += 2*font_height(font);
+}
+
+static void
+RaiseWindow(Widget w, XEvent *ev, String *s, Cardinal *n)
+{
+  Widget x;
+  if(!XtIsRealized(w))
+    return;
+  x = XtParent(w);
+  XRaiseWindow(dpy, XtWindow(x));
+}
+
+
+static void
+ClearWindow(Widget w, XEvent *_event, String *_s, Cardinal *_n)
+{
+    XExposeEvent *event = (XExposeEvent *)_event;
+    if (!XtIsRealized(w))
+	return;
+    XClearArea(dpy, XtWindow(w), event->x, event->y, 
+	       event->width, event->height, False);
+    if (state == GET_PASSWD)
+	post_prompt_box(XtWindow(w));
+    if (timeout_id == 0 && event->count == 0) {
+	timeout_id = XtAppAddTimeOut(app, 1000L, move, NULL);
+	/* first grab the input focus */
+	XSetInputFocus(dpy, XtWindow(w), RevertToPointerRoot, CurrentTime);
+	/* now grab the pointer and keyboard and contrain to this window */
+	XGrabPointer(dpy, XtWindow(w), TRUE, 0, GrabModeAsync,
+	     GrabModeAsync, XtWindow(w), None, CurrentTime);
+    }
+}
+
+static void
+countdown(XtPointer _t, XtIntervalId *_d)
+{
+    int *timeout = (int *)_t;
+    char buf[128];
+    time_t seconds;
+
+    if (--(*timeout) < 0) {
+	XExposeEvent event;
+	XtRemoveTimeOut(timeout_id);
+	state = IS_MOVING;
+	event.x = event.y = 0;
+	event.width = Width, event.height = Height;
+	ClearWindow(widget, (XEvent *)&event, 0, 0);
+	timeout_id = XtAppAddTimeOut(app, 200L, move, NULL);
+	return;
+    }
+    seconds = time(0) - locked_at;
+    if (seconds >= 3600)
+      snprintf(buf, sizeof(buf),
+	       "Locked for %d:%02d:%02d    ",
+	       (int)seconds/3600, (int)seconds/60%60, (int)seconds%60);
+    else
+      snprintf(buf, sizeof(buf),
+	       "Locked for %2d:%02d    ",
+	       (int)seconds/60, (int)seconds%60);
+      
+    XDrawImageString(dpy, XtWindow(widget), gc,
+	time_x, time_y, buf, strlen(buf));
+    XtAppAddTimeOut(app, 1000L, countdown, timeout);
+    return;
+}
+
+#ifdef KRB5
+static int
+verify_krb5(const char *password)
+{
+    krb5_error_code ret;
+    krb5_ccache id;
+    
+    krb5_cc_default(context, &id);
+    ret = krb5_verify_user(context,
+			   client, 
+			   id,
+			   password, 
+			   0,
+			   NULL);
+    if (ret == 0){
+#ifdef KRB4
+	if (krb5_config_get_bool(context, NULL,
+				 "libdefaults",
+				 "krb4_get_tickets",
+				 NULL)) {
+	    CREDENTIALS c;
+	    krb5_creds mcred, cred;
+	    char krb4tkfile[MAXPATHLEN];
+
+	    krb5_make_principal(context, &mcred.server,
+				client->realm,
+				"krbtgt",
+				client->realm,
+				NULL);
+	    ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
+	    if(ret == 0) {
+		ret = krb524_convert_creds_kdc(context, id, &cred, &c);
+		if(ret == 0) 
+		    tf_setup(&c, c.pname, c.pinst);
+		memset(&c, 0, sizeof(c));
+		krb5_free_creds_contents(context, &cred);
+	    }
+	    krb5_free_principal(context, mcred.server);
+	}
+	if (k_hasafs())
+	    krb5_afslog(context, id, NULL, NULL);
+#endif
+	return 0;
+    }
+    if (ret != KRB5KRB_AP_ERR_MODIFIED)
+	krb5_warn(context, ret, "verify_krb5");
+    
+    return -1;
+}
+#endif
+
+static int
+verify(char *password)
+{
+    int ret;
+
+    /*
+     * First try with root password, if allowed.
+     */
+    if (   appres.accept_root
+	&& strcmp(crypt(password, root_cpass), root_cpass) == 0)
+      return 0;
+
+    /*
+     * Password that log out user
+     */
+    if (getuid() != 0 &&
+	geteuid() != 0 &&
+	(time(0) - locked_at) > ALLOW_LOGOUT &&
+	strcmp(crypt(password, appres.logoutPasswd), appres.logoutPasswd) == 0)
+	    {
+		signal(SIGHUP, SIG_IGN);
+		kill(-1, SIGHUP);
+		sleep(5);
+		/* If the X-server shut down then so will we, else
+		 * continue */
+		signal(SIGHUP, SIG_DFL);
+	    }
+
+    /*
+     * Try copy of users password.
+     */
+    if (strcmp(crypt(password, user_cpass), user_cpass) == 0)
+      return 0;
+
+    /*
+     * Try to verify as user in case password change.
+     */
+    if (unix_verify_user(login, password) == 0)
+	return 0;
+
+#ifdef KRB5
+    /*
+     * Try to verify as user with kerberos 5.
+     */
+    if(verify_krb5(password) == 0)
+	return 0;
+#endif
+
+#ifdef KRB4
+    /*
+     * Try to verify as user with kerberos 4.
+     */
+    ret = krb_verify_user(name, inst, realm, password,
+			  KRB_VERIFY_NOT_SECURE, NULL);
+    if (ret == KSUCCESS){
+	if (k_hasafs())
+	    krb_afslog(NULL, NULL);
+	return 0;
+    }
+    if (ret != INTK_BADPW)
+	warnx ("warning: %s",
+	       (ret < 0) ? strerror(ret) : krb_get_err_text(ret));
+#endif
+    
+    return -1;
+}
+
+
+static void
+GetPasswd(Widget w, XEvent *_event, String *_s, Cardinal *_n)
+{
+    XKeyEvent *event = (XKeyEvent *)_event;
+    static char passwd[MAX_PASSWD_LENGTH];
+    static int cnt;
+    static int is_ctrl = XNLOCK_NOCTRL;
+    char c;
+    KeySym keysym;
+    int echolen;
+    int old_state = state;
+
+    if (event->type == ButtonPress) {
+	x = event->x, y = event->y;
+	return;
+    }
+    if (state == IS_MOVING) {
+	/* guy is running around--change to post prompt box. */
+	XtRemoveTimeOut(timeout_id);
+	state = GET_PASSWD;
+	if (appres.ignore_passwd || !strlen(user_cpass))
+	    leave();
+	post_prompt_box(XtWindow(w));
+	cnt = 0;
+	time_left = 30;
+	countdown((XtPointer)&time_left, 0);
+    }
+    if (event->type == KeyRelease) {
+      keysym = XLookupKeysym(event, 0);
+      if (keysym == XK_Control_L || keysym == XK_Control_R) {
+	is_ctrl = XNLOCK_NOCTRL;
+      }
+    }
+    if (event->type != KeyPress)
+	return;
+
+    time_left = 30;
+    
+    keysym = XLookupKeysym(event, 0);
+    if (keysym == XK_Control_L || keysym == XK_Control_R) {
+      is_ctrl = XNLOCK_CTRL;
+      return;
+    }
+    if (!XLookupString(event, &c, 1, &keysym, 0))
+	return;
+    if (keysym == XK_Return || keysym == XK_Linefeed) {
+	passwd[cnt] = 0;
+	if(old_state == IS_MOVING)
+	    return;
+	XtRemoveTimeOut(timeout_id);
+
+	if(verify(passwd) == 0)
+	    leave();
+
+	cnt = 0;
+
+	XDrawImageString(dpy, XtWindow(widget), gc,
+	    time_x, time_y, FAIL_MSG, strlen(FAIL_MSG));
+	time_left = 0;
+	timeout_id = XtAppAddTimeOut(app, 2000L, countdown, &time_left);
+	return;
+    }
+    if (keysym == XK_BackSpace || keysym == XK_Delete || keysym == XK_Left) {
+	if (cnt)
+	    passwd[cnt--] = ' ';
+    } else if (keysym == XK_u && is_ctrl == XNLOCK_CTRL) {
+      while (cnt) {
+	passwd[cnt--] = ' ';
+	echolen = min(cnt, STRING_LENGTH);
+	XDrawImageString(dpy, XtWindow(w), gc,
+		    prompt_x, prompt_y, STRING, echolen);
+	XDrawImageString(dpy, XtWindow(w), gc,
+			 prompt_x + XTextWidth(font, STRING, echolen),
+			 prompt_y, SPACE_STRING, STRING_LENGTH - echolen + 1);
+      }
+    } else if (isprint(c)) {
+	if ((cnt + 1) >= MAX_PASSWD_LENGTH)
+	    XBell(dpy, 50);
+	else
+	    passwd[cnt++] = c;
+    } else
+	return;
+    echolen = min(cnt, STRING_LENGTH);
+    XDrawImageString(dpy, XtWindow(w), gc,
+	prompt_x, prompt_y, STRING, echolen);
+    XDrawImageString(dpy, XtWindow(w), gc,
+	prompt_x + XTextWidth(font, STRING, echolen),
+	prompt_y, SPACE_STRING, STRING_LENGTH - echolen +1);
+}
+
+#include "nose.0.left"
+#include "nose.1.left"
+#include "nose.0.right"
+#include "nose.1.right"
+#include "nose.left.front"
+#include "nose.right.front"
+#include "nose.front"
+#include "nose.down"
+
+static void
+init_images(void)
+{
+    static Pixmap *images[] = {
+	&left0, &left1, &right0, &right1,
+	&left_front, &right_front, &front, &down 
+    };
+    static unsigned char *bits[] = {
+	nose_0_left_bits, nose_1_left_bits, nose_0_right_bits,
+	nose_1_right_bits, nose_left_front_bits, nose_right_front_bits,
+	nose_front_bits, nose_down_bits
+    };
+    int i;
+
+    for (i = 0; i < XtNumber(images); i++)
+	if (!(*images[i] =
+		XCreatePixmapFromBitmapData(dpy, DefaultRootWindow(dpy),
+		    (char*)(bits[i]), 64, 64, 1, 0, 1)))
+	    XtError("Can't load nose images");
+}
+
+static void
+talk(int force_erase)
+{
+    int width = 0, height, Z, total = 0;
+    static int X, Y, talking;
+    static struct { int x, y, width, height; } s_rect;
+    char *p, *p2;
+    char buf[BUFSIZ], args[MAXLINES][256];
+
+    /* clear what we've written */
+    if (talking || force_erase) {
+	if (!talking)
+	    return;
+	if (talking == 2) {
+	    XSetForeground(dpy, gc, Black);
+	    XDrawString(dpy, XtWindow(widget), gc, X, Y, words, strlen(words));
+	} else if (talking == 1) {
+	    XSetForeground(dpy, gc, Black);
+	    XFillRectangle(dpy, XtWindow(widget), gc, s_rect.x-5, s_rect.y-5,
+			   s_rect.width+10, s_rect.height+10);
+	}
+	talking = 0;
+	if (!force_erase)
+	    timeout_id = XtAppAddTimeOut(app, 40L,
+					 (XtTimerCallbackProc)move,
+					 NULL);
+	return;
+    }
+    XSetForeground(dpy, gc, White);
+    talking = 1;
+    walk(FRONT);
+    strlcpy (buf, words, sizeof(buf));
+    p = buf;
+
+    /* possibly avoid a lot of work here
+     * if no CR or only one, then just print the line
+     */
+    if (!(p2 = strchr(p, '\n')) || !p2[1]) {
+	int w;
+
+	if (p2)
+	    *p2 = 0;
+	w = XTextWidth(font, words, strlen(words));
+	X = x + 32 - w/2;
+	Y = y - 5 - font_height(font);
+	/* give us a nice 5 pixel margin */
+	if (X < 5)
+	    X = 5;
+	else if (X + w + 15 > (int)Width + 5)
+	    X = Width - w - 5;
+	if (Y < 5)
+	    Y = y + 64 + 5 + font_height(font);
+	XDrawString(dpy, XtWindow(widget), gc, X, Y, words, strlen(words));
+	timeout_id = XtAppAddTimeOut(app, 5000L, (XtTimerCallbackProc)talk, 
+				     NULL);
+	talking++;
+	return;
+    }
+
+    /* p2 now points to the first '\n' */
+    for (height = 0; p; height++) {
+	int w;
+	*p2 = 0;
+	if ((w = XTextWidth(font, p, p2 - p)) > width)
+	    width = w;
+	total += p2 - p; /* total chars; count to determine reading time */
+	strlcpy(args[height], p, sizeof(args[height]));
+	if (height == MAXLINES - 1) {
+	    puts("Message too long!");
+	    break;
+	}
+	p = p2+1;
+	if (!(p2 = strchr(p, '\n')))
+	    break;
+    }
+    height++;
+
+    /* Figure out the height and width in pixels (height, width) extend
+     * the new box by 15 pixels on the sides (30 total) top and bottom.
+     */
+    s_rect.width = width + 30;
+    s_rect.height = height * font_height(font) + 30;
+    if (x - s_rect.width - 10 < 5)
+	s_rect.x = 5;
+    else
+	if ((s_rect.x = x+32-(s_rect.width+15)/2)
+					 + s_rect.width+15 > (int)Width-5)
+	    s_rect.x = Width - 15 - s_rect.width;
+    if (y - s_rect.height - 10 < 5)
+	s_rect.y = y + 64 + 5;
+    else
+	s_rect.y = y - 5 - s_rect.height;
+
+    XSetForeground(dpy, gc, White);
+    XFillRectangle(dpy, XtWindow(widget), gc,
+       s_rect.x-5, s_rect.y-5, s_rect.width+10, s_rect.height+10);
+
+    /* make a box that's 5 pixels thick. Then add a thin box inside it */
+    XSetForeground(dpy, gc, Black);
+    XSetLineAttributes(dpy, gc, 5, 0, 0, 0);
+    XDrawRectangle(dpy, XtWindow(widget), gc,
+		   s_rect.x, s_rect.y, s_rect.width-1, s_rect.height-1);
+    XSetLineAttributes(dpy, gc, 0, 0, 0, 0);
+    XDrawRectangle(dpy, XtWindow(widget), gc,
+		   s_rect.x + 7, s_rect.y + 7, s_rect.width - 15, 
+		   s_rect.height - 15);
+
+    X = 15;
+    Y = 15 + font_height(font);
+
+    /* now print each string in reverse order (start at bottom of box) */
+    for (Z = 0; Z < height; Z++) {
+	XDrawString(dpy, XtWindow(widget), gc, s_rect.x+X, s_rect.y+Y,
+	    args[Z], strlen(args[Z]));
+	Y += font_height(font);
+    }
+    timeout_id = XtAppAddTimeOut(app, (total/15) * 1000, 
+				 (XtTimerCallbackProc)talk, NULL);
+}
+
+static unsigned long
+look(void)
+{
+    XSetForeground(dpy, gc, White);
+    XSetBackground(dpy, gc, Black);
+    if (rand() % 3) {
+	XCopyPlane(dpy, (rand() & 1)? down : front, XtWindow(widget), gc,
+	    0, 0, 64,64, x, y, 1L);
+	return 1000L;
+    }
+    if (!(rand() % 5))
+	return 0;
+    if (rand() % 3) {
+	XCopyPlane(dpy, (rand() & 1)? left_front : right_front,
+	    XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L);
+	return 1000L;
+    }
+    if (!(rand() % 5))
+	return 0;
+    XCopyPlane(dpy, (rand() & 1)? left0 : right0, XtWindow(widget), gc,
+	0, 0, 64,64, x, y, 1L);
+    return 1000L;
+}
+
+int
+main (int argc, char **argv)
+{
+    int i;
+    Widget override;
+    XGCValues gcvalues;
+
+    setprogname (argv[0]);
+
+    /*
+     * Must be setuid root to read /etc/shadow, copy encrypted
+     * passwords here and then switch to sane uid.
+     */
+    {
+      struct passwd *pw;
+      uid_t uid = getuid();
+      if (!(pw = k_getpwuid(0)))
+	errx (1, "can't get root's passwd!");
+      strlcpy(root_cpass, pw->pw_passwd, sizeof(root_cpass));
+
+      if (!(pw = k_getpwuid(uid)))
+	errx (1, "Can't get your password entry!");
+      strlcpy(user_cpass, pw->pw_passwd, sizeof(user_cpass));
+      setuid(uid);
+      if (uid != 0 && setuid(0) != -1) {
+	fprintf(stderr, "Failed to drop privileges!\n");
+	exit(1);
+      }
+      /* Now we're no longer running setuid root. */
+      strlcpy(login, pw->pw_name, sizeof(login));
+    }
+
+    srand(getpid());
+    for (i = 0; i < STRING_LENGTH; i++)
+	STRING[i] = ((unsigned long)rand() % ('~' - ' ')) + ' ';
+
+    locked_at = time(0);
+
+    snprintf(userprompt, sizeof(userprompt), "User: %s", login);
+#ifdef KRB4
+    krb_get_default_principal(name, inst, realm);
+    snprintf(userprompt, sizeof(userprompt), "User: %s", 
+	     krb_unparse_name_long(name, inst, realm));
+#endif
+#ifdef KRB5
+    {
+	krb5_error_code ret;
+	char *str;
+
+	ret = krb5_init_context(&context);
+	if (ret)
+	    errx (1, "krb5_init_context failed: %d", ret);
+	krb5_get_default_principal(context, &client);
+	krb5_unparse_name(context, client, &str);
+	snprintf(userprompt, sizeof(userprompt), "User: %s", str);
+	free(str);
+    }
+#endif
+
+    override = XtVaAppInitialize(&app, "XNlock", options, XtNumber(options),
+				 (Cardinal*)&argc, argv, NULL, 
+				 XtNoverrideRedirect, True, 
+				 NULL);
+    
+    XtVaGetApplicationResources(override,(XtPointer)&appres,
+				resources,XtNumber(resources),
+				NULL);
+    /* the background is black and the little guy is white */
+    Black = appres.bg;
+    White = appres.fg;
+
+    if (appres.destroytickets) {
+#ifdef KRB4
+	int fd;
+
+        dest_tkt();		/* Nuke old ticket file */
+				/* but keep a place holder */
+	fd = open (TKT_FILE, O_WRONLY | O_CREAT | O_EXCL, 0600);
+	if (fd >= 0)
+	    close (fd);
+#endif
+    }
+
+    dpy = XtDisplay(override);
+    
+    if (dpy == 0)
+      errx (1, "Error: Can't open display");
+
+    Width = DisplayWidth(dpy, DefaultScreen(dpy)) + 2;
+    Height = DisplayHeight(dpy, DefaultScreen(dpy)) + 2;
+    
+    for(i = 0; i < ScreenCount(dpy); i++){
+	Widget shell, core;
+
+	struct xxx{
+	    Pixel bg;
+	}res;
+	
+	XtResource Res[] = {
+	    { XtNbackground, XtCBackground, XtRPixel, sizeof(Pixel),
+	      XtOffsetOf(struct xxx, bg), XtRString, "black" }
+	};
+
+	if(i == DefaultScreen(dpy))
+	    continue;
+      
+	shell = XtVaAppCreateShell(NULL,NULL, applicationShellWidgetClass, dpy, 
+				   XtNscreen, ScreenOfDisplay(dpy, i), 
+				   XtNoverrideRedirect, True, 
+				   XtNx, -1, 
+				   XtNy, -1,
+				   NULL);
+      
+	XtVaGetApplicationResources(shell, (XtPointer)&res, 
+				    Res, XtNumber(Res),
+				    NULL);
+
+	core = XtVaCreateManagedWidget("_foo", widgetClass, shell,
+				       XtNwidth, DisplayWidth(dpy, i),
+				       XtNheight, DisplayHeight(dpy, i),
+				       XtNbackground, res.bg, 
+				       NULL);
+	XtRealizeWidget(shell);
+    }
+
+    widget = XtVaCreateManagedWidget("_foo", widgetClass, override,
+				     XtNwidth,	Width,
+				     XtNheight,	Height,
+				     XtNbackground, Black, 
+				     NULL);
+
+    init_words(--argc, ++argv);
+    init_images();
+
+    gcvalues.foreground = Black;
+    gcvalues.background = White;
+
+
+    font = appres.font;
+    gcvalues.font = font->fid;
+    gcvalues.graphics_exposures = False;
+    gc = XCreateGC(dpy, DefaultRootWindow(dpy),
+	GCForeground | GCBackground | GCGraphicsExposures | GCFont,
+	&gcvalues);
+
+    x = Width / 2;
+    y = Height / 2;
+    srand (time(0));
+    state = IS_MOVING;
+
+    {
+	static XtActionsRec actions[] = {
+	    { "ClearWindow",	ClearWindow  },
+	    { "GetPasswd",	GetPasswd    },
+	    { "RaiseWindow", 	RaiseWindow  },
+	};
+	XtAppAddActions(app, actions, XtNumber(actions));
+	XtOverrideTranslations(widget,
+	       XtParseTranslationTable(
+				       "<Expose>:	ClearWindow()	\n"
+				       "<BtnDown>:	GetPasswd()	\n"
+				       "<Visible>: RaiseWindow() \n"
+				       "<KeyRelease>:  GetPasswd()     \n"
+				       "<KeyPress>:	GetPasswd()"));
+    }
+
+    XtRealizeWidget(override);
+    if((i = XGrabPointer(dpy, XtWindow(widget), True, 0, GrabModeAsync,
+			 GrabModeAsync, XtWindow(widget), 
+			 None, CurrentTime)) != 0) 
+	errx(1, "Failed to grab pointer (%d)", i);
+	
+    if((i = XGrabKeyboard(dpy, XtWindow(widget), True, GrabModeAsync,
+			  GrabModeAsync, CurrentTime)) != 0)
+	errx(1, "Failed to grab keyboard (%d)", i);
+    ScreenSaver(1);
+    XtAppMainLoop(app);
+    exit(0);
+}
+
diff --git a/crypto/heimdal/appl/xnlock/xnlock.cat1 b/crypto/heimdal/appl/xnlock/xnlock.cat1
new file mode 100644
index 0000000..dde8eef
--- /dev/null
+++ b/crypto/heimdal/appl/xnlock/xnlock.cat1
@@ -0,0 +1,132 @@
+
+
+
+XNLOCK(1L)                                                         XNLOCK(1L)
+
+
+
+NAME
+  xnlock - amusing lock screen program with message for passers-by
+
+SYNOPSIS
+  xxnnlloocckk [ _o_p_t_i_o_n_s ] [ _m_e_s_s_a_g_e ]
+
+DESCRIPTION
+  _x_n_l_o_c_k is a program that acts as a screen saver for workstations running
+  X11.  It also "locks" the screen such that the workstation can be left
+  unattended without worry that someone else will walk up to it and mess
+  everything up.  When _x_n_l_o_c_k is running, a little man with a big nose and a
+  hat runs around spewing out messages to the screen.  By default, the mes-
+  sages are "humorous", but that depends on your sense of humor.
+
+  If a key or mouse button is pressed, a prompt is printed requesting the
+  user's password.  If a RETURN is not typed within 30 seconds, the little
+  man resumes running around.
+
+  Text on the command line is used as the message.  For example:
+          % xnlock I'm out to lunch for a couple of hours.
+  Note the need to quote shell metacharacters.
+
+  In the absence of flags or text, _x_n_l_o_c_k displays random fortunes.
+
+OPTIONS
+  Command line options override all resource specifications.  All arguments
+  that are not associated with a command line option is taken to be message
+  text that the little man will "say" every once in a while.  The resource
+  xxnnlloocckk..tteexxtt may be set to a string.
+
+  --ffnn _f_o_n_t_n_a_m_e
+       The default font is the first 18 point font in the _n_e_w _c_e_n_t_u_r_y _s_c_h_o_o_l_-
+       _b_o_o_k family.  While larger fonts are recokmmended over smaller ones,
+       any font in the server's font list will work.  The resource to use for
+       this option is xxnnlloocckk..ffoonntt.
+
+  --ffiilleennaammee  _f_i_l_e_n_a_m_e
+       Take the message to be displayed from the file _f_i_l_e_n_a_m_e.  If _f_i_l_e_n_a_m_e
+       is not specified, _$_H_O_M_E_/_._m_s_g_f_i_l_e is used.  If the contents of the file
+       are changed during runtime, the most recent text of the file is used
+       (allowing the displayed message to be altered remotely).  Carriage
+       returns within the text are allowed, but tabs or other control charac-
+       ters are not translated and should not be used.  The resource avail-
+       able for this option is xxnnlloocckk..ffiillee.
+
+  --aarr  Accept root's password to unlock screen.  This option is true by
+       default.  The reason for this is so that someone's screen may be
+       unlocked by autorized users in case of emergency and the person run-
+       ning the program is still out to lunch.  The resource available for
+       specifying this option is xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd.
+
+  --nnooaarr
+       Don't accept root's password.  This option is for paranoids who fear
+       their peers might breakin using root's password and remove their files
+       anyway.  Specifying this option on the command line overrides the
+       xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd if set to True.
+
+  --iipp  Ignore password prompt.  The resource available for this option is
+       xxnnlloocckk..iiggnnoorreePPaasssswwdd.
+
+  --nnooiipp
+       Don't ignore password prompt.  This is available in order to override
+       the resource iiggnnoorreePPaasssswwdd if set to True.
+
+  --ffgg _c_o_l_o_r
+       Specifies the foreground color.  The resource available for this is
+       xxnnlloocckk..ffoorreeggrroouunndd.
+
+  --bbgg _c_o_l_o_r
+       Specifies the background color.  The resource available for this is
+       xxnnlloocckk..bbaacckkggrroouunndd.
+
+  --rrvv  Reverse the foreground and background colors.  The resource for this
+       is xxvvnnlloocckk..rreevveerrsseeVViiddeeoo.
+
+  --nnoorrvv
+       Don't use reverse video.  This is available to override the reverseV-
+       ideo resource if set to True.
+
+  --pprroogg _p_r_o_g_r_a_m
+       Receive message text from the running program _p_r_o_g_r_a_m. If there are
+       arguments to _p_r_o_g_r_a_m, encase them with the name of the program in
+       quotes (e.g. xnlock -t "fortune -o").  The resource for this is
+       xxnnlloocckk..pprrooggrraamm.
+
+RESOURCES
+  xnlock.font:               fontname
+  xnlock.foreground:         color
+  xnlock.background:         color
+  xnlock.reverseVideo:       True/False
+  xnlock.text:               Some random text string
+  xnlock.program:            program [args]
+  xnlock.ignorePasswd:       True/False
+  xnlock.acceptRootPasswd:   True/False
+
+FILES
+  _x_n_l_o_c_k               executable file
+  ~/.msgfile                 default message file
+
+AUTHOR
+  Dan Heller <argv@sun.com>  Copyright (c) 1985, 1990.
+  The original version of this program was written using pixrects on a Sun 2
+  running SunOS 1.1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/crypto/heimdal/cf/ChangeLog b/crypto/heimdal/cf/ChangeLog
index 77eec6d..e56198a 100644
--- a/crypto/heimdal/cf/ChangeLog
+++ b/crypto/heimdal/cf/ChangeLog
@@ -1,3 +1,17 @@
+2001-03-26  Assar Westerlund  <assar@sics.se>
+
+	* broken-glob.m4: also test for GLOB_LIMIT
+	* krb-ipv6.m4: restore CFLAGS if v6 is not detected
+
+2001-02-20  Assar Westerlund  <assar@sics.se>
+
+	* roken-frag.m4: check for getprogname, setprogname
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (LIB_kdfs): set.  use it.  from Ake Sandgren
+ 	<ake@cs.umu.se>
+
 2000-12-26  Assar Westerlund  <assar@sics.se>
 
 	* krb-ipv6.m4: remove some dnl that weren't the correct with
diff --git a/crypto/heimdal/cf/Makefile.am.common b/crypto/heimdal/cf/Makefile.am.common
index 6e31c74..963460c 100644
--- a/crypto/heimdal/cf/Makefile.am.common
+++ b/crypto/heimdal/cf/Makefile.am.common
@@ -1,4 +1,4 @@
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
 
@@ -176,3 +176,6 @@ LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
 LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
 endif
 
+if DCE
+LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+endif
diff --git a/crypto/heimdal/cf/broken-glob.m4 b/crypto/heimdal/cf/broken-glob.m4
index 8d52792..149c957 100644
--- a/crypto/heimdal/cf/broken-glob.m4
+++ b/crypto/heimdal/cf/broken-glob.m4
@@ -1,4 +1,4 @@
-dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
+dnl $Id: broken-glob.m4,v 1.3 2001/03/26 11:40:24 assar Exp $
 dnl
 dnl check for glob(3)
 dnl
@@ -8,12 +8,13 @@ ac_cv_func_glob_working=yes
 AC_TRY_LINK([
 #include <stdio.h>
 #include <glob.h>],[
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT,
+NULL, NULL);
 ],:,ac_cv_func_glob_working=no,:))
 
 if test "$ac_cv_func_glob_working" = yes; then
 	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
-	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
 fi
 if test "$ac_cv_func_glob_working" = yes; then
 AC_NEED_PROTO([#include <stdio.h>
diff --git a/crypto/heimdal/cf/krb-ipv6.m4 b/crypto/heimdal/cf/krb-ipv6.m4
index 785d69e..bb494c1 100644
--- a/crypto/heimdal/cf/krb-ipv6.m4
+++ b/crypto/heimdal/cf/krb-ipv6.m4
@@ -1,4 +1,4 @@
-dnl $Id: krb-ipv6.m4,v 1.9 2000/12/26 20:27:30 assar Exp $
+dnl $Id: krb-ipv6.m4,v 1.10 2001/03/26 03:28:03 assar Exp $
 dnl
 dnl test for IPv6
 dnl
@@ -8,6 +8,7 @@ AC_ARG_WITH(ipv6,
 if test "$withval" = "no"; then
 	ac_cv_lib_ipv6=no
 fi])
+save_CFLAGS="${CFLAGS}"
 AC_CACHE_VAL(ac_cv_lib_ipv6,
 [dnl check for different v6 implementations (by itojun)
 v6type=unknown
@@ -118,5 +119,7 @@ AC_MSG_CHECKING(for IPv6)
 AC_MSG_RESULT($ac_cv_lib_ipv6)
 if test "$ac_cv_lib_ipv6" = yes; then
   AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
+else
+  CFLAGS="${save_CFLAGS}"
 fi
 ])
diff --git a/crypto/heimdal/cf/roken-frag.m4 b/crypto/heimdal/cf/roken-frag.m4
index c6b552e..fb0c14be 100644
--- a/crypto/heimdal/cf/roken-frag.m4
+++ b/crypto/heimdal/cf/roken-frag.m4
@@ -1,4 +1,4 @@
-dnl $Id: roken-frag.m4,v 1.19 2000/12/15 14:29:54 assar Exp $
+dnl $Id: roken-frag.m4,v 1.21 2001/05/11 13:58:21 joda Exp $
 dnl
 dnl some code to get roken working
 dnl
@@ -72,6 +72,7 @@ AC_CHECK_HEADERS([\
 	rpcsvc/dbm.h				\
 	rpcsvc/ypclnt.h				\
 	shadow.h				\
+	sys/bswap.h				\
 	sys/ioctl.h				\
 	sys/param.h				\
 	sys/proc.h				\
@@ -163,8 +164,10 @@ AC_CHECK_FUNCS([				\
 	asprintf				\
 	cgetent					\
 	getconfattr				\
+	getprogname				\
 	getrlimit				\
 	getspnam				\
+	setprogname				\
 	strsvis					\
 	strunvis				\
 	strvis					\
@@ -241,6 +244,16 @@ AC_NEED_PROTO([
 vasnprintf)dnl
 fi
 
+AC_FIND_FUNC_NO_LIBS(bswap16,,
+[#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif],0)
+
+AC_FIND_FUNC_NO_LIBS(bswap32,,
+[#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif],0)
+
 AC_FIND_FUNC_NO_LIBS(pidfile,util,
 [#ifdef HAVE_UTIL_H
 #include <util.h>
diff --git a/crypto/heimdal/configure b/crypto/heimdal/configure
index 31b792f..65cc39b 100755
--- a/crypto/heimdal/configure
+++ b/crypto/heimdal/configure
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.in Revision: 1.270 .
+# From configure.in Revision: 1.278 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by Autoconf 2.49d for heimdal 0.3e.
+# Generated by Autoconf 2.49b for heimdal 0.3f.
 #
 # Report bugs to <heimdal-bugs@pdc.kth.se>.
 #
@@ -23,43 +23,6 @@ if expr a : '\(a\)' >/dev/null 2>&1; then
 else
   as_expr=false
 fi
-
-rm -f conftest conftest.exe conftest.file
-echo >conftest.file
-if ln -s conftest.file conftest 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conftest.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conftest.file conftest 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conftest conftest.exe conftest.file
-
-# Find out how to test for executable files. Don't use a zero-byte file,
-# as systems may use methods other than mode bits to determine executability.
-cat >conftest.file <<_ASEOF
-#! /bin/sh
-exit 0
-_ASEOF
-chmod +x conftest.file
-if test -x conftest.file >/dev/null 2>&1; then
-  as_executable_p="test -x"
-elif test -f conftest.file >/dev/null 2>&1; then
-  as_executable_p="test -f"
-else
-  { { echo "$as_me:57: error: cannot check whether a file is executable on this system" >&5
-echo "$as_me: error: cannot check whether a file is executable on this system" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-rm -f conftest.file
-
 # Support unset when possible.
 if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
   as_unset=unset
@@ -79,72 +42,55 @@ $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; ex
 
 # IFS
 # We need space, tab and new line, in precisely that order.
-as_nl='
+ac_nl='
 '
-IFS=" 	$as_nl"
+IFS=" 	$ac_nl"
 
 # CDPATH.
 $as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; }
 
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-# Name of the executable.
-as_me=`echo "$0" | sed 's,.*/,,'`
-
-cat >config.log <<EOF
+cat >config.log << EOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by $as_me (heimdal 0.3e) 2.49d, executed with
+It was created by $as_me (heimdal 0.3f) 2.49b, executed with
  > $0 $@
 
-EOF
-{
-cat <<_ASUNAME
-## ---------- ##
-## Platform.  ##
-## ---------- ##
+on `(hostname || uname -n) 2>/dev/null | sed 1q`:
 
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
 uname -m = `(uname -m) 2>/dev/null || echo unknown`
 uname -r = `(uname -r) 2>/dev/null || echo unknown`
 uname -s = `(uname -s) 2>/dev/null || echo unknown`
 uname -v = `(uname -v) 2>/dev/null || echo unknown`
 
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
 
-/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-hostinfo               = `(hostinfo) 2>/dev/null               || echo unknown`
-/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
-/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/machine           = `(/bin/machine) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
 
 PATH = $PATH
-
-_ASUNAME
-} >>config.log
-
-cat >>config.log <<EOF
-## ------------ ##
-## Core tests.  ##
-## ------------ ##
-
 EOF
 
 # File descriptor usage:
 # 0 standard input
 # 1 file creation
 # 2 errors and warnings
-# 5 compiler messages saved in config.log
+# 3 some systems may open it to /dev/tty
+# 4 used on the Kubota Titan
 # 6 checking for... messages and results
+# 5 compiler messages saved in config.log
+if test "$silent" = yes; then
+  exec 6>/dev/null
+else
+  exec 6>&1
+fi
 exec 5>>config.log
-exec 6>&1
 
 #
 # Initializations.
@@ -160,6 +106,14 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # only ac_max_sed_lines should be used.
 : ${ac_max_here_lines=38}
 
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+# Name of the executable.
+as_me=`echo "$0" | sed 's,.*/,,'`
+
 # Avoid depending upon Character Ranges.
 ac_cr_az='abcdefghijklmnopqrstuvwxyz'
 ac_cr_AZ='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
@@ -170,7 +124,12 @@ ac_cr_alnum=$ac_cr_az$ac_cr_AZ$ac_cr_09
 ac_tr_sh="sed y%*+%pp%;s%[^_$ac_cr_alnum]%_%g"
 ac_tr_cpp="sed y%*$ac_cr_az%P$ac_cr_AZ%;s%[^_$ac_cr_alnum]%_%g"
 
-ac_default_prefix=/usr/heimdal
+# By default always use an empty string as the executable extension.
+# Only change it if the script calls AC_EXEEXT.
+ac_exeext=
+# By default assume that objects files use an extension of .o.  Only
+# change it if the script calls AC_OBJEXT.
+ac_objext=o
 # Factoring default headers for most tests.
 ac_includes_default="\
 #include <stdio.h>
@@ -200,6 +159,7 @@ ac_includes_default="\
 #if HAVE_UNISTD_H
 # include <unistd.h>
 #endif"
+ac_default_prefix=/usr/heimdal
 
 # Initialize some variables set by options.
 ac_init_help=
@@ -220,12 +180,6 @@ srcdir=
 verbose=
 x_includes=NONE
 x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
 bindir='${exec_prefix}/bin'
 sbindir='${exec_prefix}/sbin'
 libexecdir='${exec_prefix}/libexec'
@@ -239,13 +193,6 @@ oldincludedir='/usr/include'
 infodir='${prefix}/info'
 mandir='${prefix}/man'
 
-# Identity of this package.
-PACKAGE_NAME='heimdal'
-PACKAGE_TARNAME='heimdal'
-PACKAGE_VERSION='0.3e'
-PACKAGE_STRING='heimdal 0.3e'
-PACKAGE_BUGREPORT='heimdal-bugs@pdc.kth.se'
-
 ac_prev=
 for ac_option
 do
@@ -292,9 +239,8 @@ do
     ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_feature" : ".*[^-_$ac_cr_alnum]" >/dev/null &&
-      { { echo "$as_me:295: error: invalid feature name: $ac_feature" >&5
-echo "$as_me: error: invalid feature name: $ac_feature" >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: invalid feature name: $ac_feature" >&2
+  { (exit 1); exit; }; }
     ac_feature=`echo $ac_feature | sed 's/-/_/g'`
     eval "enable_$ac_feature=no" ;;
 
@@ -302,9 +248,8 @@ echo "$as_me: error: invalid feature name: $ac_feature" >&2;}
     ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_feature" : ".*[^-_$ac_cr_alnum]" >/dev/null &&
-      { { echo "$as_me:305: error: invalid feature name: $ac_feature" >&5
-echo "$as_me: error: invalid feature name: $ac_feature" >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: invalid feature name: $ac_feature" >&2
+  { (exit 1); exit; }; }
     ac_feature=`echo $ac_feature | sed 's/-/_/g'`
     case $ac_option in
       *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
@@ -485,9 +430,8 @@ echo "$as_me: error: invalid feature name: $ac_feature" >&2;}
     ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_package" : ".*[^-_$ac_cr_alnum]" >/dev/null &&
-      { { echo "$as_me:488: error: invalid package name: $ac_package" >&5
-echo "$as_me: error: invalid package name: $ac_package" >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: invalid package name: $ac_package" >&2
+  { (exit 1); exit; }; }
     ac_package=`echo $ac_package| sed 's/-/_/g'`
     case $ac_option in
       *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
@@ -499,9 +443,8 @@ echo "$as_me: error: invalid package name: $ac_package" >&2;}
     ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_package" : ".*[^-_$ac_cr_alnum]" >/dev/null &&
-      { { echo "$as_me:502: error: invalid package name: $ac_package" >&5
-echo "$as_me: error: invalid package name: $ac_package" >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: invalid package name: $ac_package" >&2
+  { (exit 1); exit; }; }
     ac_package=`echo $ac_package | sed 's/-/_/g'`
     eval "with_$ac_package=no" ;;
 
@@ -523,31 +466,28 @@ echo "$as_me: error: invalid package name: $ac_package" >&2;}
   | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
     x_libraries=$ac_optarg ;;
 
-  -*) { { echo "$as_me:526: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; }
+  -*) {  echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+  { (exit 1); exit; }; }
     ;;
 
   *=*)
     ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
     # Reject names that are not valid shell variable names.
     expr "x$ac_envvar" : ".*[^_$ac_cr_alnum]" >/dev/null &&
-      { { echo "$as_me:537: error: invalid variable name: $ac_envvar" >&5
-echo "$as_me: error: invalid variable name: $ac_envvar" >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+  { (exit 1); exit; }; }
     ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
     eval "$ac_envvar='$ac_optarg'"
     export $ac_envvar ;;
 
   *)
     # FIXME: should be removed in autoconf 3.0.
-    { echo "$as_me:546: WARNING: you should use --build, --host, --target" >&5
-echo "$as_me: WARNING: you should use --build, --host, --target" >&2;}
+    { echo "$as_me:486: WARNING: you should use --build, --host, --target" >&5
+echo "$as_me: warning: you should use --build, --host, --target" >&2; }
     expr "x$ac_option" : ".*[^-._$ac_cr_alnum]" >/dev/null &&
-      { echo "$as_me:549: WARNING: invalid host type: $ac_option" >&5
-echo "$as_me: WARNING: invalid host type: $ac_option" >&2;}
+      { echo "$as_me:489: WARNING: invalid host type: $ac_option" >&5
+echo "$as_me: warning: invalid host type: $ac_option" >&2; }
     : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
     ;;
 
@@ -556,9 +496,8 @@ done
 
 if test -n "$ac_prev"; then
   ac_option=--`echo $ac_prev | sed 's/_/-/g'`
-  { { echo "$as_me:559: error: missing argument to $ac_option" >&5
-echo "$as_me: error: missing argument to $ac_option" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: missing argument to $ac_option" >&2
+  { (exit 1); exit; }; }
 fi
 
 # Be sure to have absolute paths.
@@ -570,9 +509,8 @@ do
   case $ac_val in
     [\\/$]* | ?:[\\/]* ) ;;
     NONE ) ;;
-    *)  { { echo "$as_me:573: error: expected an absolute path for --$ac_var: $ac_val" >&5
-echo "$as_me: error: expected an absolute path for --$ac_var: $ac_val" >&2;}
-   { (exit 1); exit 1; }; };;
+    *)  {  echo "$as_me: error: expected an absolute path for --$ac_var: $ac_val" >&2
+  { (exit 1); exit; }; };;
   esac
 done
 
@@ -586,10 +524,10 @@ target=$target_alias
 if test "x$host_alias" != x; then
   if test "x$build_alias" = x; then
     cross_compiling=maybe
-    { echo "$as_me:589: WARNING: If you wanted to set the --build type, don't use --host.
+    { echo "$as_me:527: WARNING: If you wanted to set the --build type, don't use --host.
     If a cross compiler is detected then cross compile mode will be used." >&5
-echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
-    If a cross compiler is detected then cross compile mode will be used." >&2;}
+echo "$as_me: warning: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2; }
   elif test "x$build_alias" != "x$host_alias"; then
     cross_compiling=yes
   fi
@@ -598,8 +536,6 @@ fi
 ac_tool_prefix=
 test -n "$host_alias" && ac_tool_prefix=$host_alias-
 
-test "$silent" = yes && exec 6>/dev/null
-
 # Find the source files, if location was not specified.
 if test -z "$srcdir"; then
   ac_srcdir_defaulted=yes
@@ -616,13 +552,11 @@ else
 fi
 if test ! -r $srcdir/$ac_unique_file; then
   if test "$ac_srcdir_defaulted" = yes; then
-    { { echo "$as_me:619: error: cannot find sources in $ac_confdir or .." >&5
-echo "$as_me: error: cannot find sources in $ac_confdir or .." >&2;}
-   { (exit 1); exit 1; }; }
+    {  echo "$as_me: error: cannot find sources in $ac_confdir or .." >&2
+  { (exit 1); exit; }; }
   else
-    { { echo "$as_me:623: error: cannot find sources in $srcdir" >&5
-echo "$as_me: error: cannot find sources in $srcdir" >&2;}
-   { (exit 1); exit 1; }; }
+    {  echo "$as_me: error: cannot find sources in $srcdir" >&2
+  { (exit 1); exit; }; }
   fi
 fi
 srcdir=`echo "$srcdir" | sed 's%\([^/]\)/*$%\1%'`
@@ -650,10 +584,6 @@ ac_env_LDFLAGS_set=${LDFLAGS+set}
 ac_env_LDFLAGS_value=$LDFLAGS
 ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
 ac_cv_env_LDFLAGS_value=$LDFLAGS
-ac_env_CPP_set=${CPP+set}
-ac_env_CPP_value=$CPP
-ac_cv_env_CPP_set=${CPP+set}
-ac_cv_env_CPP_value=$CPP
 ac_env_CPPFLAGS_set=${CPPFLAGS+set}
 ac_env_CPPFLAGS_value=$CPPFLAGS
 ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
@@ -666,7 +596,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<EOF
-\`configure' configures heimdal 0.3e to adapt to many kinds of systems.
+\`configure' configures heimdal 0.3f to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -736,7 +666,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of heimdal 0.3e:";;
+     short | recursive ) echo "Configuration of heimdal 0.3f:";;
    esac
   cat <<\EOF
 
@@ -785,7 +715,6 @@ Some influential environment variables:
   CFLAGS      C compiler flags
   LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
               nonstandard directory <lib dir>
-  CPP         C preprocessor
   CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
               headers in a nonstandard directory <include dir>
 
@@ -821,13 +750,12 @@ if test "$ac_init_help" = "recursive"; then
     elif test -f $ac_sub_srcdir/configure; then
       echo
       $SHELL $ac_sub_srcdir/configure  --help=recursive
-    elif test -f $ac_sub_srcdir/configure.ac ||
-           test -f $ac_sub_srcdir/configure.in; then
+    elif test -f $ac_sub_srcdir/configure.in; then
       echo
       $ac_configure --help
     else
-      { echo "$as_me:829: WARNING: no configuration information is in $ac_subdir" >&5
-echo "$as_me: WARNING: no configuration information is in $ac_subdir" >&2;}
+      { echo "$as_me:757: WARNING: no configuration information is in $ac_subdir" >&5
+echo "$as_me: warning: no configuration information is in $ac_subdir" >&2; }
     fi
     cd $ac_popdir
   done
@@ -836,7 +764,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\EOF
-configure (heimdal 0.3e) 2.49d
+configure (heimdal 0.3f) 2.49b
 
 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000
 Free Software Foundation, Inc.
@@ -869,40 +797,8 @@ do
 done
 
 # When interrupted or exit'd, cleanup temporary files, and complete
-# config.log.  We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
+# config.log.
 trap 'exit_status=$?
-  # Save into config.log some information that might help in debugging.
-  echo >&5
-  echo "## ----------------- ##" >&5
-  echo "## Cache variables.  ##" >&5
-  echo "## ----------------- ##" >&5
-  echo >&5
-  # The following way of writing the cache mishandles newlines in values,
-{
-  (set) 2>&1 |
-    case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
-    *ac_space=\ *)
-      sed -n \
-        "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
-    	  s/^\\([_$ac_cr_alnum]*_cv_[_$ac_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
-      ;;
-    *)
-      sed -n \
-        "s/^\\([_$ac_cr_alnum]*_cv_[_$ac_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
-      ;;
-    esac;
-} >&5
-  sed "/^$/d" confdefs.h >conftest.log
-  if test -s conftest.log; then
-    echo >&5
-    echo "## ------------ ##" >&5
-    echo "## confdefs.h.  ##" >&5
-    echo "## ------------ ##" >&5
-    echo >&5
-    cat conftest.log >&5
-  fi
-  (echo; echo) >&5
   test "$ac_signal" != 0 &&
     echo "$as_me: caught signal $ac_signal" >&5
   echo "$as_me: exit $exit_status" >&5
@@ -910,7 +806,7 @@ trap 'exit_status=$?
     exit $exit_status
      ' 0
 for ac_signal in 1 2 13 15; do
-  trap 'ac_status=$?; ac_signal='$ac_signal'; { (exit $ac_status); exit $ac_status; }' $ac_signal
+  trap 'ac_status=$?; ac_signal='$ac_signal'; exit $ac_status' $ac_signal
 done
 ac_signal=0
 
@@ -939,16 +835,16 @@ if test -r "$cache_file"; then
   # Some versions of bash will fail to source /dev/null (special
   # files actually), so we avoid doing that.
   if test -f "$cache_file"; then
-    { echo "$as_me:942: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
+    { echo "$as_me:838: loading cache $cache_file" >&5
+echo "loading cache $cache_file" >&6;}
     case $cache_file in
       [\\/]* | ?:[\\/]* ) . $cache_file;;
       *)                      . ./$cache_file;;
     esac
   fi
 else
-  { echo "$as_me:950: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
+  { echo "$as_me:846: creating cache $cache_file" >&5
+echo "creating cache $cache_file" >&6;}
   >$cache_file
 fi
 
@@ -963,37 +859,37 @@ for ac_var in `(set) 2>&1 |
   eval ac_new_val="\$ac_env_${ac_var}_value"
   case $ac_old_set,$ac_new_set in
     set,)
-      { echo "$as_me:966: WARNING: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: WARNING: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      { echo "$as_me:862: WARNING: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: warning: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2; }
       ac_suggest_removing_cache=: ;;
     ,set)
-      { echo "$as_me:970: WARNING: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: WARNING: \`$ac_var' was not set in the previous run" >&2;}
+      { echo "$as_me:866: WARNING: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: warning: \`$ac_var' was not set in the previous run" >&2; }
       ac_suggest_removing_cache=: ;;
     ,);;
     *)
       if test "x$ac_old_val" != "x$ac_new_val"; then
-        { echo "$as_me:976: WARNING: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: WARNING: \`$ac_var' has changed since the previous run:" >&2;}
-        { echo "$as_me:978: WARNING:   former value:  $ac_old_val" >&5
-echo "$as_me: WARNING:   former value:  $ac_old_val" >&2;}
-        { echo "$as_me:980: WARNING:   current value: $ac_new_val" >&5
-echo "$as_me: WARNING:   current value: $ac_new_val" >&2;}
+        { echo "$as_me:872: WARNING: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: warning: \`$ac_var' has changed since the previous run:" >&2; }
+        { echo "$as_me:874: WARNING:   former value:  $ac_old_val" >&5
+echo "$as_me: warning:   former value:  $ac_old_val" >&2; }
+        { echo "$as_me:876: WARNING:   current value: $ac_new_val" >&5
+echo "$as_me: warning:   current value: $ac_new_val" >&2; }
         ac_suggest_removing_cache=:
       fi;;
   esac
 done
 if $ac_suggest_removing_cache; then
-  { echo "$as_me:987: WARNING: changes in the environment can compromise the build" >&5
-echo "$as_me: WARNING: changes in the environment can compromise the build" >&2;}
-  { echo "$as_me:989: WARNING: consider removing $cache_file and starting over" >&5
-echo "$as_me: WARNING: consider removing $cache_file and starting over" >&2;}
+  { echo "$as_me:883: WARNING: changes in the environment can compromise the build" >&5
+echo "$as_me: warning: changes in the environment can compromise the build" >&2; }
+  { echo "$as_me:885: WARNING: consider removing $cache_file and starting over" >&5
+echo "$as_me: warning: consider removing $cache_file and starting over" >&2; }
 fi
 
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='${CC-cc} -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
@@ -1005,17 +901,18 @@ esac
 
 ac_config_headers="$ac_config_headers include/config.h"
 
-ac_config_commands="$ac_config_commands default-1"
+  ac_config_commands="$ac_config_commands default-1"
 
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='${CC-cc} -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:1018: checking for $ac_word" >&5
+echo "$as_me:915: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1028,7 +925,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_CC="${ac_tool_prefix}gcc"
 break
 done
@@ -1037,10 +934,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1040: result: $CC" >&5
+  echo "$as_me:937: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1043: result: no" >&5
+  echo "$as_me:940: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1049,7 +946,7 @@ if test -z "$ac_cv_prog_CC"; then
   ac_ct_CC=$CC
   # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
-echo "$as_me:1052: checking for $ac_word" >&5
+echo "$as_me:949: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1062,7 +959,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_CC="gcc"
 break
 done
@@ -1071,10 +968,10 @@ fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:1074: result: $ac_ct_CC" >&5
+  echo "$as_me:971: result: $ac_ct_CC" >&5
 echo "${ECHO_T}$ac_ct_CC" >&6
 else
-  echo "$as_me:1077: result: no" >&5
+  echo "$as_me:974: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1087,7 +984,7 @@ if test -z "$CC"; then
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:1090: checking for $ac_word" >&5
+echo "$as_me:987: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1100,7 +997,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_CC="${ac_tool_prefix}cc"
 break
 done
@@ -1109,10 +1006,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1112: result: $CC" >&5
+  echo "$as_me:1009: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1115: result: no" >&5
+  echo "$as_me:1012: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1121,7 +1018,7 @@ if test -z "$ac_cv_prog_CC"; then
   ac_ct_CC=$CC
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo "$as_me:1124: checking for $ac_word" >&5
+echo "$as_me:1021: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1134,7 +1031,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_CC="cc"
 break
 done
@@ -1143,10 +1040,10 @@ fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:1146: result: $ac_ct_CC" >&5
+  echo "$as_me:1043: result: $ac_ct_CC" >&5
 echo "${ECHO_T}$ac_ct_CC" >&6
 else
-  echo "$as_me:1149: result: no" >&5
+  echo "$as_me:1046: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1159,7 +1056,7 @@ fi
 if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo "$as_me:1162: checking for $ac_word" >&5
+echo "$as_me:1059: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1173,7 +1070,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
   ac_prog_rejected=yes
   continue
@@ -1200,10 +1097,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1203: result: $CC" >&5
+  echo "$as_me:1100: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1206: result: no" >&5
+  echo "$as_me:1103: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1214,7 +1111,7 @@ if test -z "$CC"; then
   do
     # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:1217: checking for $ac_word" >&5
+echo "$as_me:1114: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1227,7 +1124,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
 break
 done
@@ -1236,10 +1133,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1239: result: $CC" >&5
+  echo "$as_me:1136: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1242: result: no" >&5
+  echo "$as_me:1139: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1252,7 +1149,7 @@ if test -z "$CC"; then
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:1255: checking for $ac_word" >&5
+echo "$as_me:1152: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1265,7 +1162,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_CC="$ac_prog"
 break
 done
@@ -1274,10 +1171,10 @@ fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:1277: result: $ac_ct_CC" >&5
+  echo "$as_me:1174: result: $ac_ct_CC" >&5
 echo "${ECHO_T}$ac_ct_CC" >&6
 else
-  echo "$as_me:1280: result: no" >&5
+  echo "$as_me:1177: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1289,131 +1186,13 @@ fi
 
 fi
 
-test -z "$CC" && { { echo "$as_me:1292: error: no acceptable cc found in \$PATH" >&5
-echo "$as_me: error: no acceptable cc found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
+test -z "$CC" && {  echo "$as_me: error: no acceptable cc found in \$PATH" >&2
+  { (exit 1); exit; }; }
 
-echo "$as_me:1296: checking for object suffix" >&5
-echo $ECHO_N "checking for object suffix... $ECHO_C" >&6
-if test "${ac_cv_objext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 1302 "configure"
-#include "confdefs.h"
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:1314: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1317: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
-       break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:1329: error: cannot compute OBJEXT: cannot compile" >&5
-echo "$as_me: error: cannot compute OBJEXT: cannot compile" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-echo "$as_me:1336: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-echo "$as_me:1340: checking for executable suffix" >&5
-echo $ECHO_N "checking for executable suffix... $ECHO_C" >&6
-if test "${ac_cv_exeext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 1346 "configure"
-#include "confdefs.h"
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-# Try without -o first, disregard a.out.
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:1359: \"$ac_link_default\"") >&5
-  (eval $ac_link_default) 2>&5
-  ac_status=$?
-  echo "$as_me:1362: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  for ac_file in `ls a.exe conftest.exe a.* conftest conftest.* 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.out | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-          export ac_cv_exeext
-          break;;
-    * ) break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-
-rm -f a.out a.exe conftest$ac_cv_exeext
-
-# We have not set ac_exeext yet which is needed by `ac_link'.
-ac_exeext=$ac_cv_exeext
-if { (eval echo "$as_me:1382: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:1385: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-          export ac_cv_exeext
-          break;;
-    * ) break;;
-  esac
-done
-else
-  { { echo "$as_me:1401: error: cannot compute EXEEXT: cannot compile and link" >&5
-echo "$as_me: error: cannot compute EXEEXT: cannot compile and link" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext
-
-fi
-echo "$as_me:1409: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-echo "$as_me:1413: checking whether the C compiler works" >&5
+echo "$as_me:1192: checking whether the C compiler works" >&5
 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 1416 "configure"
+#line 1195 "configure"
 #include "confdefs.h"
 
 int
@@ -1425,68 +1204,52 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:1428: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:1431: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1433: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:1436: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:1207: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   # FIXME: these cross compiler hacks should be removed for autoconf 3.0
 # If not cross compiling, check that we can run a simple program.
 if test "$cross_compiling" != yes; then
-  if { (eval echo "$as_me:1441: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:1444: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+  if { ac_try='./conftest$ac_exeext'; { (eval echo $as_me:1211: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; }; then
     cross_compiling=no
   else
     if test "$cross_compiling" = maybe; then
       cross_compiling=yes
     else
-      { { echo "$as_me:1451: error: cannot run C compiled programs.
-To enable cross compilation, use \`--host'." >&5
-echo "$as_me: error: cannot run C compiled programs.
-To enable cross compilation, use \`--host'." >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: cannot run C compiled programs.
+To enable cross compilation, use \`--host'." >&2
+  { (exit 1); exit; }; }
     fi
   fi
 fi
-echo "$as_me:1459: result: yes" >&5
+echo "$as_me:1223: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-echo "$as_me:1464: result: no" >&5
+  cat conftest.$ac_ext >&5
+  echo "$as_me:1228: result: no" >&5
 echo "${ECHO_T}no" >&6
-{ { echo "$as_me:1466: error: C compiler cannot create executables" >&5
-echo "$as_me: error: C compiler cannot create executables" >&2;}
-   { (exit 77); exit 77; }; }
+{  echo "$as_me: error: C compiler cannot create executables" >&2
+  { (exit 77); exit; }; }
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
-echo "$as_me:1471: checking whether we are cross compiling" >&5
+echo "$as_me:1234: checking whether we are cross compiling" >&5
 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:1473: result: $cross_compiling" >&5
+echo "$as_me:1236: result: $cross_compiling" >&5
 echo "${ECHO_T}$cross_compiling" >&6
 
-echo "$as_me:1476: checking whether we are using the GNU C compiler" >&5
+echo "$as_me:1239: checking whether we are using the GNU C compiler" >&5
 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
 if test "${ac_cv_c_compiler_gnu+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1482 "configure"
+#line 1245 "configure"
 #include "confdefs.h"
 
 int
 main ()
 {
 #ifndef __GNUC__
-       choke me
+  choke me
 #endif
 
   ;
@@ -1494,39 +1257,27 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1497: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1500: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1502: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:1505: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:1260: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_compiler_gnu=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_compiler_gnu=no
+  cat conftest.$ac_ext >&5
+  ac_compiler_gnu=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
 
 fi
-echo "$as_me:1517: result: $ac_cv_c_compiler_gnu" >&5
+echo "$as_me:1271: result: $ac_cv_c_compiler_gnu" >&5
 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
 GCC=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:1523: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_g+set}" = set; then
+echo "$as_me:1274: checking for object suffix" >&5
+echo $ECHO_N "checking for object suffix... $ECHO_C" >&6
+if test "${ac_cv_objext+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1529 "configure"
+#line 1280 "configure"
 #include "confdefs.h"
 
 int
@@ -1537,153 +1288,119 @@ main ()
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1541: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1544: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1546: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:1549: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  ac_cv_prog_cc_g=yes
+if { (eval echo $as_me:1291: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; }; then
+  for ac_file in `ls conftest.o conftest.obj conftest.* 2>/dev/null`; do
+    case $ac_file in
+      *.$ac_ext | *.tds | *.d ) ;;
+      *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+         break;;
+    esac
+  done
+  rm -f conftest.$ac_objext conftest.$ac_ext
 else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_prog_cc_g=no
+  {  echo "$as_me: error: cannot compile" >&2
+  { (exit 1); exit; }; }
 fi
-rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:1559: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
-if test "$ac_test_CFLAGS" = set; then
-  CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
-  if test "$GCC" = yes; then
-    CFLAGS="-g -O2"
-  else
-    CFLAGS="-g"
-  fi
+echo "$as_me:1305: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6
+OBJEXT=$ac_cv_objext
+ac_objext=$ac_cv_objext
+
+echo "$as_me:1310: checking for executable suffix" >&5
+echo $ECHO_N "checking for executable suffix... $ECHO_C" >&6
+if test "${ac_cv_exeext+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if test "$GCC" = yes; then
-    CFLAGS="-O2"
-  else
-    CFLAGS=
-  fi
-fi
-# Some people use a C++ compiler to compile C.  Since we use `exit',
-# in C++ we need to declare it.  In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-#ifndef __cplusplus
-  choke me
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1586: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1589: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1591: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:1594: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  for ac_declaration in \
-   ''\
-   '#include <stdlib.h>' \
-   'extern "C" void std::exit (int) throw (); using std::exit;' \
-   'extern "C" void std::exit (int); using std::exit;' \
-   'extern "C" void exit (int) throw ();' \
-   'extern "C" void exit (int);' \
-   'void exit (int);'
-do
-  cat >conftest.$ac_ext <<_ACEOF
-#line 1606 "configure"
+  case "$CYGWIN $MINGW32 $EMXOS2" in
+  *yes*) ac_cv_exeext=.exe ;;
+  *)
+    cat >conftest.$ac_ext <<_ACEOF
+#line 1319 "configure"
 #include "confdefs.h"
-#include <stdlib.h>
-$ac_declaration
+
 int
 main ()
 {
-exit (42);
+
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1619: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1622: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1624: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:1627: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-continue
+    if { (eval echo $as_me:1330: \"$ac_link\") >&5; (eval $ac_link) 2>&5; }; then
+      # If both `conftest.exe' and `conftest' are `present' (well, observable)
+      # catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+      # work properly (i.e., refer to `conftest.exe'), while it won't with
+      # `rm'.
+      for ac_file in `ls conftest.exe conftest conftest.* 2>/dev/null`; do
+    	case $ac_file in
+    	  *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d) ;;
+    	  *) ac_cv_exeext=`expr "$ac_file" : 'conftest\(.*\)'`
+    	     break;;
+    	esac
+      done
+      rm -f conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+    else
+      {  echo "$as_me: error: cannot compile and link" >&2
+  { (exit 1); exit; }; }
+    fi
+    ;;
+esac
 fi
-rm -f conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:1350: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+CFLAGS="-g"
+echo "$as_me:1358: checking whether ${CC-cc} accepts -g" >&5
+echo $ECHO_N "checking whether ${CC-cc} accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1637 "configure"
+#line 1364 "configure"
 #include "confdefs.h"
-$ac_declaration
+
 int
 main ()
 {
-exit (42);
+
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1649: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1652: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1654: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:1657: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  break
+if { (eval echo $as_me:1376: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
+  ac_cv_prog_cc_g=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
-done
-echo '#ifdef __cplusplus' >>confdefs.h
-echo $ac_declaration      >>confdefs.h
-echo '#endif'             >>confdefs.h
-
+fi
+echo "$as_me:1385: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
 else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
 fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:1686: checking how to run the C preprocessor" >&5
+echo "$as_me:1403: checking how to run the C preprocessor" >&5
 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
@@ -1694,28 +1411,22 @@ if test -z "$CPP"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
       # Double quotes because CPP needs to be expanded
-    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    for CPP in "${CC-cc} -E" "${CC-cc} -E -traditional-cpp" "/lib/cpp"
     do
       # Use a header file that comes with gcc, so configuring glibc
 # with a fresh cross-compiler works.
 # On the NeXT, cc -E runs the code through the compiler's parser,
 # not just through cpp. "Syntax error" is here to catch this case.
-ac_c_preproc_warn_flag=maybe
 cat >conftest.$ac_ext <<_ACEOF
-#line 1705 "configure"
+#line 1421 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax error
 _ACEOF
-if { (eval echo "$as_me:1710: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:1716: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_c_preproc_warn_flag=maybe
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:1428: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -1723,24 +1434,18 @@ if { (eval echo "$as_me:1710: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
-if test -z "$ac_cpp_err"; then
-  # Now check whether non-existent headers can be detected and how
+
+# Now check whether non-existent headers can be detected and how
 # Skip if ac_cpp_err is not empty - ac_cpp is broken
 if test -z "$ac_cpp_err"; then
   cat >conftest.$ac_ext <<_ACEOF
-#line 1731 "configure"
+#line 1442 "configure"
 #include "confdefs.h"
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:1735: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:1741: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+  ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:1447: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -1748,27 +1453,21 @@ if { (eval echo "$as_me:1735: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
-if test -z "$ac_cpp_err"; then
-  # cannot detect missing includes at all
-ac_cpp_err=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  if test "x$ac_cpp_err" = xmaybe; then
+
+  if test -z "$ac_cpp_err"; then
+    # cannot detect missing includes at all
+    ac_cpp_err=yes
+  else
+    if test "x$ac_cpp_err" = xmaybe; then
       ac_c_preproc_warn_flag=yes
     else
       ac_c_preproc_warn_flag=
     fi
     ac_cpp_err=
+  fi
 fi
-rm -f conftest.err conftest.$ac_ext
-fi
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
+rm -f conftest*
 
-fi
-rm -f conftest.err conftest.$ac_ext
       if test -z "$ac_cpp_err"; then
         break
       fi
@@ -1782,22 +1481,16 @@ else
 # with a fresh cross-compiler works.
 # On the NeXT, cc -E runs the code through the compiler's parser,
 # not just through cpp. "Syntax error" is here to catch this case.
-ac_c_preproc_warn_flag=maybe
 cat >conftest.$ac_ext <<_ACEOF
-#line 1787 "configure"
+#line 1485 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax error
 _ACEOF
-if { (eval echo "$as_me:1792: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:1798: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_c_preproc_warn_flag=maybe
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:1492: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -1805,24 +1498,18 @@ if { (eval echo "$as_me:1792: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
-if test -z "$ac_cpp_err"; then
-  # Now check whether non-existent headers can be detected and how
+
+# Now check whether non-existent headers can be detected and how
 # Skip if ac_cpp_err is not empty - ac_cpp is broken
 if test -z "$ac_cpp_err"; then
   cat >conftest.$ac_ext <<_ACEOF
-#line 1813 "configure"
+#line 1506 "configure"
 #include "confdefs.h"
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:1817: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:1823: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+  ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:1511: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -1830,51 +1517,39 @@ if { (eval echo "$as_me:1817: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
-if test -z "$ac_cpp_err"; then
-  # cannot detect missing includes at all
-ac_cpp_err=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  if test "x$ac_cpp_err" = xmaybe; then
+
+  if test -z "$ac_cpp_err"; then
+    # cannot detect missing includes at all
+    ac_cpp_err=yes
+  else
+    if test "x$ac_cpp_err" = xmaybe; then
       ac_c_preproc_warn_flag=yes
     else
       ac_c_preproc_warn_flag=
     fi
     ac_cpp_err=
+  fi
 fi
-rm -f conftest.err conftest.$ac_ext
-fi
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
+rm -f conftest*
 
-fi
-rm -f conftest.err conftest.$ac_ext
   ac_cv_prog_CPP=$CPP
 fi
-echo "$as_me:1856: result: $CPP" >&5
+echo "$as_me:1537: result: $CPP" >&5
 echo "${ECHO_T}$CPP" >&6
 if test -n "$ac_cpp_err"; then
-  { { echo "$as_me:1859: error: C preprocessor \"$CPP\" fails sanity check" >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2
+  { (exit 1); exit; }; }
 fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
-echo "$as_me:1869: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
+echo "$as_me:1544: checking for ${CC-cc} option to accept ANSI C" >&5
+echo $ECHO_N "checking for ${CC-cc} option to accept ANSI C... $ECHO_C" >&6
 if test "${ac_cv_prog_cc_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_cv_prog_cc_stdc=no
 ac_save_CC=$CC
 cat >conftest.$ac_ext <<_ACEOF
-#line 1877 "configure"
+#line 1552 "configure"
 #include "confdefs.h"
 #include <stdarg.h>
 #include <stdio.h>
@@ -1923,35 +1598,26 @@ for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIO
 do
   CC="$ac_save_CC $ac_arg"
   rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1926: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1929: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:1931: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:1934: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:1601: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_prog_cc_stdc=$ac_arg
+rm -f conftest.$ac_ext conftest.$ac_objext
 break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext
 done
-rm -f conftest.$ac_ext conftest.$ac_objext
 CC=$ac_save_CC
 
 fi
 
 case "x$ac_cv_prog_cc_stdc" in
   x|xno)
-    echo "$as_me:1951: result: none needed" >&5
+    echo "$as_me:1617: result: none needed" >&5
 echo "${ECHO_T}none needed" >&6 ;;
   *)
-    echo "$as_me:1954: result: $ac_cv_prog_cc_stdc" >&5
+    echo "$as_me:1620: result: $ac_cv_prog_cc_stdc" >&5
 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
     CC="$CC $ac_cv_prog_cc_stdc" ;;
 esac
@@ -1973,9 +1639,8 @@ for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
   fi
 done
 if test -z "$ac_aux_dir"; then
-  { { echo "$as_me:1976: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
-echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2
+  { (exit 1); exit; }; }
 fi
 ac_config_guess="$SHELL $ac_aux_dir/config.guess"
 ac_config_sub="$SHELL $ac_aux_dir/config.sub"
@@ -1993,7 +1658,7 @@ ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
 # AFS /usr/afsws/bin/install, which mishandles nonexistent args
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:1996: checking for a BSD compatible install" >&5
+echo "$as_me:1661: checking for a BSD compatible install" >&5
 echo $ECHO_N "checking for a BSD compatible install... $ECHO_C" >&6
 if test -z "$INSTALL"; then
 if test "${ac_cv_path_install+set}" = set; then
@@ -2042,7 +1707,7 @@ fi
     INSTALL=$ac_install_sh
   fi
 fi
-echo "$as_me:2045: result: $INSTALL" >&5
+echo "$as_me:1710: result: $INSTALL" >&5
 echo "${ECHO_T}$INSTALL" >&6
 
 # Use test -z because SunOS4 sh mishandles braces in ${var-val}.
@@ -2053,7 +1718,7 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
 
 test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
-echo "$as_me:2056: checking whether build environment is sane" >&5
+echo "$as_me:1721: checking whether build environment is sane" >&5
 echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
 # Just in case
 sleep 1
@@ -2076,11 +1741,9 @@ if (
       # if, for instance, CONFIG_SHELL is bash and it inherits a
       # broken ls alias from the environment.  This has actually
       # happened.  Such a system could not be considered "sane".
-      { { echo "$as_me:2079: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&5
-echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&2;}
-   { (exit 1); exit 1; }; }
+      {  echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2
+  { (exit 1); exit; }; }
    fi
 
    test "$2" = conftestfile
@@ -2089,14 +1752,12 @@ then
    # Ok.
    :
 else
-   { { echo "$as_me:2092: error: newly created file is older than distributed files!
-Check your system clock" >&5
-echo "$as_me: error: newly created file is older than distributed files!
-Check your system clock" >&2;}
-   { (exit 1); exit 1; }; }
+   {  echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2
+  { (exit 1); exit; }; }
 fi
 rm -f conftest*
-echo "$as_me:2099: result: yes" >&5
+echo "$as_me:1760: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 if test "$program_transform_name" = s,x,x,; then
   program_transform_name=
@@ -2118,21 +1779,22 @@ test "$program_suffix" != NONE &&
 test -z "$program_transform_name" && program_transform_name="s,x,x,"
 
 test x"${MISSING+set}" = xset || \
-  MISSING="\${SHELL} `CDPATH=: && cd $ac_aux_dir && pwd`/missing"
+  MISSING="\${SHELL} `CDPATH=:; cd $ac_aux_dir && pwd`/missing"
+# Use eval to expand $SHELL
 if eval "$MISSING --run :"; then
   am_missing_run="$MISSING --run "
 else
   am_missing_run=
   am_backtick='`'
-  { echo "$as_me:2127: WARNING: ${am_backtick}missing' script is too old or missing" >&5
-echo "$as_me: WARNING: ${am_backtick}missing' script is too old or missing" >&2;}
+  { echo "$as_me:1789: WARNING: ${am_backtick}missing' script is too old or missing" >&5
+echo "$as_me: warning: ${am_backtick}missing' script is too old or missing" >&2; }
 fi
 
 for ac_prog in mawk gawk nawk awk
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:2135: checking for $ac_word" >&5
+echo "$as_me:1797: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_AWK+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2145,7 +1807,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_AWK="$ac_prog"
 break
 done
@@ -2154,17 +1816,17 @@ fi
 fi
 AWK=$ac_cv_prog_AWK
 if test -n "$AWK"; then
-  echo "$as_me:2157: result: $AWK" >&5
+  echo "$as_me:1819: result: $AWK" >&5
 echo "${ECHO_T}$AWK" >&6
 else
-  echo "$as_me:2160: result: no" >&5
+  echo "$as_me:1822: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
   test -n "$AWK" && break
 done
 
-echo "$as_me:2167: checking whether ${MAKE-make} sets \${MAKE}" >&5
+echo "$as_me:1829: checking whether ${MAKE-make} sets \${MAKE}" >&5
 echo $ECHO_N "checking whether ${MAKE-make} sets \${MAKE}... $ECHO_C" >&6
 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,./+-,__p_,'`
 if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
@@ -2184,11 +1846,11 @@ fi
 rm -f conftestmake
 fi
 if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
-  echo "$as_me:2187: result: yes" >&5
+  echo "$as_me:1849: result: yes" >&5
 echo "${ECHO_T}yes" >&6
   SET_MAKE=
 else
-  echo "$as_me:2191: result: no" >&5
+  echo "$as_me:1853: result: no" >&5
 echo "${ECHO_T}no" >&6
   SET_MAKE="MAKE=${MAKE-make}"
 fi
@@ -2217,6 +1879,9 @@ fi
 
 if test -d .deps || mkdir .deps 2> /dev/null || test -d .deps; then
   DEPDIR=.deps
+  # We redirect because .deps might already exist and be populated.
+  # In this situation we don't want to see an error.
+  rmdir .deps > /dev/null 2>&1
 else
   DEPDIR=_deps
 fi
@@ -2224,16 +1889,15 @@ fi
 ac_config_commands="$ac_config_commands default-2"
 
 # test to see if srcdir already configured
-if test "`CDPATH=: && cd $srcdir && pwd`" != "`pwd`" &&
+if test "`CDPATH=:; cd $srcdir && pwd`" != "`pwd`" &&
    test -f $srcdir/config.status; then
-  { { echo "$as_me:2229: error: source directory already configured; run \"make distclean\" there first" >&5
-echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2
+  { (exit 1); exit; }; }
 fi
 
 # Define the identity of the package.
 PACKAGE=heimdal
-VERSION=0.3e
+VERSION=0.3f
 
 cat >>confdefs.h <<EOF
 #define PACKAGE "$PACKAGE"
@@ -2264,9 +1928,12 @@ if test -z "$install_sh"; then
          install_sh="`echo $install_sh | sed -e 's/\${SHELL}//'`"
 fi
 
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+
 depcc="$CC"
 depcpp="$CPP"
-echo "$as_me:2269: checking dependency style of $depcc" >&5
+echo "$as_me:1936: checking dependency style of $depcc" >&5
 echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
 if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2290,10 +1957,13 @@ if test -z "$AMDEP"; then
       ;;
     none) break ;;
     esac
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.
     if depmode="$depmode" \
        source=conftest.c object=conftest.o \
        depfile=conftest.Po tmpdepfile=conftest.TPo \
-       $SHELL $am_depcomp $depcc -c conftest.c 2>/dev/null &&
+       $SHELL $am_depcomp $depcc -c conftest.c -o conftest.o >/dev/null 2>&1 &&
        grep conftest.h conftest.Po > /dev/null 2>&1; then
       am_cv_CC_dependencies_compiler_type="$depmode"
       break
@@ -2307,17 +1977,16 @@ fi
 
 fi
 
-echo "$as_me:2310: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "$as_me:1980: result: $am_cv_CC_dependencies_compiler_type" >&5
 echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
 CCDEPMODE="depmode=$am_cv_CC_dependencies_compiler_type"
 
 # Make sure we can run config.sub.
 $ac_config_sub sun4 >/dev/null 2>&1 ||
-  { { echo "$as_me:2316: error: cannot run $ac_config_sub" >&5
-echo "$as_me: error: cannot run $ac_config_sub" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: cannot run $ac_config_sub" >&2
+  { (exit 1); exit; }; }
 
-echo "$as_me:2320: checking build system type" >&5
+echo "$as_me:1989: checking build system type" >&5
 echo $ECHO_N "checking build system type... $ECHO_C" >&6
 if test "${ac_cv_build+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2326,23 +1995,21 @@ else
 test -z "$ac_cv_build_alias" &&
   ac_cv_build_alias=`$ac_config_guess`
 test -z "$ac_cv_build_alias" &&
-  { { echo "$as_me:2329: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: cannot guess build type; you must specify one" >&2
+  { (exit 1); exit; }; }
 ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
-  { { echo "$as_me:2333: error: $ac_config_sub $ac_cv_build_alias failed." >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed." >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed." >&2
+  { (exit 1); exit; }; }
 
 fi
-echo "$as_me:2338: result: $ac_cv_build" >&5
+echo "$as_me:2005: result: $ac_cv_build" >&5
 echo "${ECHO_T}$ac_cv_build" >&6
 build=$ac_cv_build
 build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
 build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
 build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 
-echo "$as_me:2345: checking host system type" >&5
+echo "$as_me:2012: checking host system type" >&5
 echo $ECHO_N "checking host system type... $ECHO_C" >&6
 if test "${ac_cv_host+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2351,12 +2018,11 @@ else
 test -z "$ac_cv_host_alias" &&
   ac_cv_host_alias=$ac_cv_build_alias
 ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
-  { { echo "$as_me:2354: error: $ac_config_sub $ac_cv_host_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2
+  { (exit 1); exit; }; }
 
 fi
-echo "$as_me:2359: result: $ac_cv_host" >&5
+echo "$as_me:2025: result: $ac_cv_host" >&5
 echo "${ECHO_T}$ac_cv_host" >&6
 host=$ac_cv_host
 host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
@@ -2404,7 +2070,7 @@ for ac_prog in 'bison -y' byacc
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:2407: checking for $ac_word" >&5
+echo "$as_me:2073: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_YACC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2417,7 +2083,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_YACC="$ac_prog"
 break
 done
@@ -2426,10 +2092,10 @@ fi
 fi
 YACC=$ac_cv_prog_YACC
 if test -n "$YACC"; then
-  echo "$as_me:2429: result: $YACC" >&5
+  echo "$as_me:2095: result: $YACC" >&5
 echo "${ECHO_T}$YACC" >&6
 else
-  echo "$as_me:2432: result: no" >&5
+  echo "$as_me:2098: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2441,7 +2107,7 @@ for ac_prog in flex lex
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:2444: checking for $ac_word" >&5
+echo "$as_me:2110: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_LEX+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2454,7 +2120,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_LEX="$ac_prog"
 break
 done
@@ -2463,10 +2129,10 @@ fi
 fi
 LEX=$ac_cv_prog_LEX
 if test -n "$LEX"; then
-  echo "$as_me:2466: result: $LEX" >&5
+  echo "$as_me:2132: result: $LEX" >&5
 echo "${ECHO_T}$LEX" >&6
 else
-  echo "$as_me:2469: result: no" >&5
+  echo "$as_me:2135: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2478,7 +2144,7 @@ for ac_prog in flex lex
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:2481: checking for $ac_word" >&5
+echo "$as_me:2147: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_LEX+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2491,7 +2157,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_LEX="$ac_prog"
 break
 done
@@ -2500,10 +2166,10 @@ fi
 fi
 LEX=$ac_cv_prog_LEX
 if test -n "$LEX"; then
-  echo "$as_me:2503: result: $LEX" >&5
+  echo "$as_me:2169: result: $LEX" >&5
 echo "${ECHO_T}$LEX" >&6
 else
-  echo "$as_me:2506: result: no" >&5
+  echo "$as_me:2172: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2513,7 +2179,8 @@ test -n "$LEX" || LEX=":"
 
 if test -z "$LEXLIB"
 then
-  echo "$as_me:2516: checking for yywrap in -lfl" >&5
+
+echo "$as_me:2183: checking for yywrap in -lfl" >&5
 echo $ECHO_N "checking for yywrap in -lfl... $ECHO_C" >&6
 if test "${ac_cv_lib_fl_yywrap+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2521,7 +2188,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lfl  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 2524 "configure"
+#line 2191 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -2540,31 +2207,23 @@ yywrap ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:2543: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:2546: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:2548: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:2551: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:2210: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_fl_yywrap=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_fl_yywrap=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_fl_yywrap=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:2562: result: $ac_cv_lib_fl_yywrap" >&5
+echo "$as_me:2220: result: $ac_cv_lib_fl_yywrap" >&5
 echo "${ECHO_T}$ac_cv_lib_fl_yywrap" >&6
 if test $ac_cv_lib_fl_yywrap = yes; then
   LEXLIB="-lfl"
 else
-  echo "$as_me:2567: checking for yywrap in -ll" >&5
+
+echo "$as_me:2226: checking for yywrap in -ll" >&5
 echo $ECHO_N "checking for yywrap in -ll... $ECHO_C" >&6
 if test "${ac_cv_lib_l_yywrap+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2572,7 +2231,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-ll  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 2575 "configure"
+#line 2234 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -2591,26 +2250,17 @@ yywrap ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:2594: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:2597: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:2599: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:2602: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:2253: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_l_yywrap=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_l_yywrap=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_l_yywrap=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:2613: result: $ac_cv_lib_l_yywrap" >&5
+echo "$as_me:2263: result: $ac_cv_lib_l_yywrap" >&5
 echo "${ECHO_T}$ac_cv_lib_l_yywrap" >&6
 if test $ac_cv_lib_l_yywrap = yes; then
   LEXLIB="-ll"
@@ -2621,7 +2271,7 @@ fi
 fi
 
 if test "x$LEX" != "x:"; then
-  echo "$as_me:2624: checking lex output file root" >&5
+  echo "$as_me:2274: checking lex output file root" >&5
 echo $ECHO_N "checking lex output file root... $ECHO_C" >&6
 if test "${ac_cv_prog_lex_root+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2635,16 +2285,15 @@ if test -f lex.yy.c; then
 elif test -f lexyy.c; then
   ac_cv_prog_lex_root=lexyy
 else
-  { { echo "$as_me:2638: error: cannot find output from $LEX; giving up" >&5
-echo "$as_me: error: cannot find output from $LEX; giving up" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: cannot find output from $LEX; giving up" >&2
+  { (exit 1); exit; }; }
 fi
 fi
-echo "$as_me:2643: result: $ac_cv_prog_lex_root" >&5
+echo "$as_me:2292: result: $ac_cv_prog_lex_root" >&5
 echo "${ECHO_T}$ac_cv_prog_lex_root" >&6
 LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
 
-echo "$as_me:2647: checking whether yytext is a pointer" >&5
+echo "$as_me:2296: checking whether yytext is a pointer" >&5
 echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6
 if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2660,27 +2309,18 @@ cat >conftest.$ac_ext <<_ACEOF
 `cat $LEX_OUTPUT_ROOT.c`
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:2663: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:2666: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:2668: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:2671: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:2312: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_prog_lex_yytext_pointer=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_save_LIBS
 rm -f "${LEX_OUTPUT_ROOT}.c"
 
 fi
-echo "$as_me:2683: result: $ac_cv_prog_lex_yytext_pointer" >&5
+echo "$as_me:2323: result: $ac_cv_prog_lex_yytext_pointer" >&5
 echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6
 if test $ac_cv_prog_lex_yytext_pointer = yes; then
 
@@ -2695,7 +2335,7 @@ fi
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
 set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:2698: checking for $ac_word" >&5
+echo "$as_me:2338: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2708,7 +2348,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
 break
 done
@@ -2717,10 +2357,10 @@ fi
 fi
 RANLIB=$ac_cv_prog_RANLIB
 if test -n "$RANLIB"; then
-  echo "$as_me:2720: result: $RANLIB" >&5
+  echo "$as_me:2360: result: $RANLIB" >&5
 echo "${ECHO_T}$RANLIB" >&6
 else
-  echo "$as_me:2723: result: no" >&5
+  echo "$as_me:2363: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2729,7 +2369,7 @@ if test -z "$ac_cv_prog_RANLIB"; then
   ac_ct_RANLIB=$RANLIB
   # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
-echo "$as_me:2732: checking for $ac_word" >&5
+echo "$as_me:2372: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2742,7 +2382,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_RANLIB="ranlib"
 break
 done
@@ -2752,10 +2392,10 @@ fi
 fi
 ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
 if test -n "$ac_ct_RANLIB"; then
-  echo "$as_me:2755: result: $ac_ct_RANLIB" >&5
+  echo "$as_me:2395: result: $ac_ct_RANLIB" >&5
 echo "${ECHO_T}$ac_ct_RANLIB" >&6
 else
-  echo "$as_me:2758: result: no" >&5
+  echo "$as_me:2398: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2768,7 +2408,7 @@ for ac_prog in mawk gawk nawk awk
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:2771: checking for $ac_word" >&5
+echo "$as_me:2411: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_AWK+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2781,7 +2421,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_AWK="$ac_prog"
 break
 done
@@ -2790,17 +2430,17 @@ fi
 fi
 AWK=$ac_cv_prog_AWK
 if test -n "$AWK"; then
-  echo "$as_me:2793: result: $AWK" >&5
+  echo "$as_me:2433: result: $AWK" >&5
 echo "${ECHO_T}$AWK" >&6
 else
-  echo "$as_me:2796: result: no" >&5
+  echo "$as_me:2436: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
   test -n "$AWK" && break
 done
 
-echo "$as_me:2803: checking for ln -s or something else" >&5
+echo "$as_me:2443: checking for ln -s or something else" >&5
 echo $ECHO_N "checking for ln -s or something else... $ECHO_C" >&6
 if test "${ac_cv_prog_LN_S+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2821,7 +2461,7 @@ else
 fi
 fi
 LN_S="$ac_cv_prog_LN_S"
-echo "$as_me:2824: result: $ac_cv_prog_LN_S" >&5
+echo "$as_me:2464: result: $ac_cv_prog_LN_S" >&5
 echo "${ECHO_T}$ac_cv_prog_LN_S" >&6
 
 # Check whether --with-mips_abi or --without-mips_abi was given.
@@ -2849,13 +2489,12 @@ case "${with_mips_abi}" in
        n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
         64) abi='-mabi=64';  abilibdirext='64'   ;;
 	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:2852: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
+         *) {  echo "$as_me: error: \"Invalid ABI specified\"" >&2
+  { (exit 1); exit; }; } ;;
 esac
 if test -n "$abi" ; then
 ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-echo "$as_me:2858: checking if $CC supports the $abi option" >&5
+echo "$as_me:2497: checking if $CC supports the $abi option" >&5
 echo $ECHO_N "checking if $CC supports the $abi option... $ECHO_C" >&6
 if eval "test \"\${$ac_foo+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2864,7 +2503,7 @@ else
 save_CFLAGS="$CFLAGS"
 CFLAGS="$CFLAGS $abi"
 cat >conftest.$ac_ext <<_ACEOF
-#line 2867 "configure"
+#line 2506 "configure"
 #include "confdefs.h"
 
 int
@@ -2876,21 +2515,12 @@ int x;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2879: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2882: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:2884: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:2887: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:2518: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval $ac_foo=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval $ac_foo=no
+  cat conftest.$ac_ext >&5
+  eval $ac_foo=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 CFLAGS="$save_CFLAGS"
@@ -2898,7 +2528,7 @@ CFLAGS="$save_CFLAGS"
 fi
 
 ac_res=`eval echo \\\$$ac_foo`
-echo "$as_me:2901: result: $ac_res" >&5
+echo "$as_me:2531: result: $ac_res" >&5
 echo "${ECHO_T}$ac_res" >&6
 if test $ac_res = no; then
 # Try to figure out why that failed...
@@ -2907,7 +2537,7 @@ case $abi in
 	save_CFLAGS="$CFLAGS"
 	CFLAGS="$CFLAGS -mabi=n32"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 2910 "configure"
+#line 2540 "configure"
 #include "confdefs.h"
 
 int
@@ -2919,29 +2549,19 @@ int x;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2922: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2925: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:2927: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:2930: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:2552: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_res=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_res=no
+  cat conftest.$ac_ext >&5
+  ac_res=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 	CLAGS="$save_CFLAGS"
 	if test $ac_res = yes; then
 		# New GCC
-		{ { echo "$as_me:2942: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
+		{  echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2
+  { (exit 1); exit; }; }
 	fi
 	# Old GCC
 	abi=''
@@ -2954,9 +2574,8 @@ echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
 			abilibdirext=''
 		else
 			# Some broken GCC
-			{ { echo "$as_me:2957: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
+			{  echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2
+  { (exit 1); exit; }; }
 		fi
 	;;
 esac
@@ -2968,9 +2587,8 @@ case "${with_mips_abi}" in
        n32|yes) abi='-n32'; abilibdirext='32'  ;;
         64) abi='-64'; abilibdirext='64'   ;;
 	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:2971: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
+         *) {  echo "$as_me: error: \"Invalid ABI specified\"" >&2
+  { (exit 1); exit; }; } ;;
 esac
 fi #if test -n "$GCC"; then
 ;;
@@ -2979,14 +2597,14 @@ esac
 CC="$CC $abi"
 libdir="$libdir$abilibdirext"
 
-echo "$as_me:2982: checking for __attribute__" >&5
+echo "$as_me:2600: checking for __attribute__" >&5
 echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6
 if test "${ac_cv___attribute__+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 2989 "configure"
+#line 2607 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -3008,21 +2626,12 @@ foo(void)
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3011: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:3014: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:3016: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:3019: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:2629: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv___attribute__=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv___attribute__=no
+  cat conftest.$ac_ext >&5
+  ac_cv___attribute__=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
@@ -3034,7 +2643,7 @@ cat >>confdefs.h <<\EOF
 EOF
 
 fi
-echo "$as_me:3037: result: $ac_cv___attribute__" >&5
+echo "$as_me:2646: result: $ac_cv___attribute__" >&5
 echo "${ECHO_T}$ac_cv___attribute__" >&6
 
 # Check whether --enable-shared or --disable-shared was given.
@@ -3114,7 +2723,7 @@ fi;
 ac_prog=ld
 if test "$ac_cv_c_compiler_gnu" = yes; then
   # Check if gcc -print-prog-name=ld gives a path.
-  echo "$as_me:3117: checking for ld used by GCC" >&5
+  echo "$as_me:2726: checking for ld used by GCC" >&5
 echo $ECHO_N "checking for ld used by GCC... $ECHO_C" >&6
   case $host in
   *-*-mingw*)
@@ -3144,10 +2753,10 @@ echo $ECHO_N "checking for ld used by GCC... $ECHO_C" >&6
     ;;
   esac
 elif test "$with_gnu_ld" = yes; then
-  echo "$as_me:3147: checking for GNU ld" >&5
+  echo "$as_me:2756: checking for GNU ld" >&5
 echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
 else
-  echo "$as_me:3150: checking for non-GNU ld" >&5
+  echo "$as_me:2759: checking for non-GNU ld" >&5
 echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
 fi
 if test "${ac_cv_path_LD+set}" = set; then
@@ -3177,16 +2786,15 @@ fi
 
 LD="$ac_cv_path_LD"
 if test -n "$LD"; then
-  echo "$as_me:3180: result: $LD" >&5
+  echo "$as_me:2789: result: $LD" >&5
 echo "${ECHO_T}$LD" >&6
 else
-  echo "$as_me:3183: result: no" >&5
+  echo "$as_me:2792: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
-test -z "$LD" && { { echo "$as_me:3186: error: no acceptable ld found in \$PATH" >&5
-echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-echo "$as_me:3189: checking if the linker ($LD) is GNU ld" >&5
+test -z "$LD" && {  echo "$as_me: error: no acceptable ld found in \$PATH" >&2
+  { (exit 1); exit; }; }
+echo "$as_me:2797: checking if the linker ($LD) is GNU ld" >&5
 echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
 if test "${ac_cv_prog_gnu_ld+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3198,23 +2806,23 @@ else
   ac_cv_prog_gnu_ld=no
 fi
 fi
-echo "$as_me:3201: result: $ac_cv_prog_gnu_ld" >&5
+echo "$as_me:2809: result: $ac_cv_prog_gnu_ld" >&5
 echo "${ECHO_T}$ac_cv_prog_gnu_ld" >&6
 with_gnu_ld=$ac_cv_prog_gnu_ld
 
-echo "$as_me:3205: checking for $LD option to reload object files" >&5
+echo "$as_me:2813: checking for $LD option to reload object files" >&5
 echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
 if test "${lt_cv_ld_reload_flag+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   lt_cv_ld_reload_flag='-r'
 fi
-echo "$as_me:3212: result: $lt_cv_ld_reload_flag" >&5
+echo "$as_me:2820: result: $lt_cv_ld_reload_flag" >&5
 echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
 reload_flag=$lt_cv_ld_reload_flag
 test -n "$reload_flag" && reload_flag=" $reload_flag"
 
-echo "$as_me:3217: checking for BSD-compatible nm" >&5
+echo "$as_me:2825: checking for BSD-compatible nm" >&5
 echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
 if test "${ac_cv_path_NM+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3249,21 +2857,36 @@ fi
 fi
 
 NM="$ac_cv_path_NM"
-echo "$as_me:3252: result: $NM" >&5
+echo "$as_me:2860: result: $NM" >&5
 echo "${ECHO_T}$NM" >&6
 
-echo "$as_me:3255: checking whether ln -s works" >&5
+echo "$as_me:2863: checking whether ln -s works" >&5
 echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
-  echo "$as_me:3259: result: yes" >&5
+if test "${ac_cv_prog_LN_S+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  rm -f conftest.sym conftest.file
+echo >conftest.file
+if ln -s conftest.file conftest.sym 2>/dev/null; then
+  ac_cv_prog_LN_S="ln -s"
+elif ln conftest.file conftest.sym 2>/dev/null; then
+  ac_cv_prog_LN_S=ln
+else
+  ac_cv_prog_LN_S=cp
+fi
+rm -f conftest.sym conftest.file
+fi
+LN_S=$ac_cv_prog_LN_S
+
+if test "$ac_cv_prog_LN_S" = "ln -s"; then
+  echo "$as_me:2882: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
-  echo "$as_me:3262: result: no, using $LN_S" >&5
+  echo "$as_me:2885: result: no, using $LN_S" >&5
 echo "${ECHO_T}no, using $LN_S" >&6
 fi
 
-echo "$as_me:3266: checking how to recognise dependant libraries" >&5
+echo "$as_me:2889: checking how to recognise dependant libraries" >&5
 echo $ECHO_N "checking how to recognise dependant libraries... $ECHO_C" >&6
 if test "${lt_cv_deplibs_check_method+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3399,7 +3022,7 @@ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
 esac
 
 fi
-echo "$as_me:3402: result: $lt_cv_deplibs_check_method" >&5
+echo "$as_me:3025: result: $lt_cv_deplibs_check_method" >&5
 echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
 file_magic_cmd=$lt_cv_file_magic_cmd
 deplibs_check_method=$lt_cv_deplibs_check_method
@@ -3408,7 +3031,7 @@ deplibs_check_method=$lt_cv_deplibs_check_method
 case "$deplibs_check_method" in
 file_magic*)
   if test "$file_magic_cmd" = '${MAGIC}'; then
-    echo "$as_me:3411: checking for ${ac_tool_prefix}file" >&5
+    echo "$as_me:3034: checking for ${ac_tool_prefix}file" >&5
 echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
 if test "${lt_cv_path_MAGIC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3463,16 +3086,16 @@ fi
 
 MAGIC="$lt_cv_path_MAGIC"
 if test -n "$MAGIC"; then
-  echo "$as_me:3466: result: $MAGIC" >&5
+  echo "$as_me:3089: result: $MAGIC" >&5
 echo "${ECHO_T}$MAGIC" >&6
 else
-  echo "$as_me:3469: result: no" >&5
+  echo "$as_me:3092: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 if test -z "$lt_cv_path_MAGIC"; then
   if test -n "$ac_tool_prefix"; then
-    echo "$as_me:3475: checking for file" >&5
+    echo "$as_me:3098: checking for file" >&5
 echo $ECHO_N "checking for file... $ECHO_C" >&6
 if test "${lt_cv_path_MAGIC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3527,10 +3150,10 @@ fi
 
 MAGIC="$lt_cv_path_MAGIC"
 if test -n "$MAGIC"; then
-  echo "$as_me:3530: result: $MAGIC" >&5
+  echo "$as_me:3153: result: $MAGIC" >&5
 echo "${ECHO_T}$MAGIC" >&6
 else
-  echo "$as_me:3533: result: no" >&5
+  echo "$as_me:3156: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -3546,7 +3169,7 @@ esac
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
 set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:3549: checking for $ac_word" >&5
+echo "$as_me:3172: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3559,7 +3182,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
 break
 done
@@ -3568,10 +3191,10 @@ fi
 fi
 RANLIB=$ac_cv_prog_RANLIB
 if test -n "$RANLIB"; then
-  echo "$as_me:3571: result: $RANLIB" >&5
+  echo "$as_me:3194: result: $RANLIB" >&5
 echo "${ECHO_T}$RANLIB" >&6
 else
-  echo "$as_me:3574: result: no" >&5
+  echo "$as_me:3197: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -3580,7 +3203,7 @@ if test -z "$ac_cv_prog_RANLIB"; then
   ac_ct_RANLIB=$RANLIB
   # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
-echo "$as_me:3583: checking for $ac_word" >&5
+echo "$as_me:3206: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3593,7 +3216,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_RANLIB="ranlib"
 break
 done
@@ -3603,10 +3226,10 @@ fi
 fi
 ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
 if test -n "$ac_ct_RANLIB"; then
-  echo "$as_me:3606: result: $ac_ct_RANLIB" >&5
+  echo "$as_me:3229: result: $ac_ct_RANLIB" >&5
 echo "${ECHO_T}$ac_ct_RANLIB" >&6
 else
-  echo "$as_me:3609: result: no" >&5
+  echo "$as_me:3232: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -3618,7 +3241,7 @@ fi
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
 set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:3621: checking for $ac_word" >&5
+echo "$as_me:3244: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_STRIP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3631,7 +3254,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_STRIP="${ac_tool_prefix}strip"
 break
 done
@@ -3640,10 +3263,10 @@ fi
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
-  echo "$as_me:3643: result: $STRIP" >&5
+  echo "$as_me:3266: result: $STRIP" >&5
 echo "${ECHO_T}$STRIP" >&6
 else
-  echo "$as_me:3646: result: no" >&5
+  echo "$as_me:3269: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -3652,7 +3275,7 @@ if test -z "$ac_cv_prog_STRIP"; then
   ac_ct_STRIP=$STRIP
   # Extract the first word of "strip", so it can be a program name with args.
 set dummy strip; ac_word=$2
-echo "$as_me:3655: checking for $ac_word" >&5
+echo "$as_me:3278: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3665,7 +3288,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  $as_executable_p "$ac_dir/$ac_word" || continue
+  test -f "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_STRIP="strip"
 break
 done
@@ -3675,10 +3298,10 @@ fi
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:3678: result: $ac_ct_STRIP" >&5
+  echo "$as_me:3301: result: $ac_ct_STRIP" >&5
 echo "${ECHO_T}$ac_ct_STRIP" >&6
 else
-  echo "$as_me:3681: result: no" >&5
+  echo "$as_me:3304: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -3718,12 +3341,8 @@ test x"$pic_mode" = xno && libtool_flags="$libtool_flags --prefer-non-pic"
 case "$host" in
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 3721 "configure"' > conftest.$ac_ext
-  if { (eval echo "$as_me:3722: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:3725: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+  echo '#line 3344 "configure"' > conftest.$ac_ext
+  if { (eval echo $as_me:3345: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; }; then
     case "`/usr/bin/file conftest.o`" in
     *32-bit*)
       LD="${LD-ld} -32"
@@ -3743,20 +3362,14 @@ case "$host" in
   # On SCO OpenServer 5, we need -belf to get full-featured binaries.
   SAVE_CFLAGS="$CFLAGS"
   CFLAGS="$CFLAGS -belf"
-  echo "$as_me:3746: checking whether the C compiler needs -belf" >&5
+  echo "$as_me:3365: checking whether the C compiler needs -belf" >&5
 echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
 if test "${lt_cv_cc_needs_belf+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
      cat >conftest.$ac_ext <<_ACEOF
-#line 3759 "configure"
+#line 3372 "configure"
 #include "confdefs.h"
 
 int
@@ -3768,31 +3381,17 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3771: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:3774: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:3776: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:3779: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3384: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   lt_cv_cc_needs_belf=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-lt_cv_cc_needs_belf=no
+  cat conftest.$ac_ext >&5
+  lt_cv_cc_needs_belf=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 fi
-echo "$as_me:3795: result: $lt_cv_cc_needs_belf" >&5
+echo "$as_me:3394: result: $lt_cv_cc_needs_belf" >&5
 echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
   if test x"$lt_cv_cc_needs_belf" != x"yes"; then
     # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
@@ -3867,25 +3466,24 @@ objext="$OBJEXT" exeext="$EXEEXT" reload_flag="$reload_flag" \
 deplibs_check_method="$deplibs_check_method" file_magic_cmd="$file_magic_cmd" \
 ${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \
 $libtool_flags --no-verify --build="$build" $ac_aux_dir/ltmain.sh $host \
-|| { { echo "$as_me:3870: error: libtool configure failed" >&5
-echo "$as_me: error: libtool configure failed" >&2;}
-   { (exit 1); exit 1; }; }
+|| {  echo "$as_me: error: libtool configure failed" >&2
+  { (exit 1); exit; }; }
 
 # Reload cache, that may have been modified by ltconfig
 if test -r "$cache_file"; then
   # Some versions of bash will fail to source /dev/null (special
   # files actually), so we avoid doing that.
   if test -f "$cache_file"; then
-    { echo "$as_me:3879: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
+    { echo "$as_me:3477: loading cache $cache_file" >&5
+echo "loading cache $cache_file" >&6;}
     case $cache_file in
       [\\/]* | ?:[\\/]* ) . $cache_file;;
       *)                      . ./$cache_file;;
     esac
   fi
 else
-  { echo "$as_me:3887: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
+  { echo "$as_me:3485: creating cache $cache_file" >&5
+echo "creating cache $cache_file" >&6;}
   >$cache_file
 fi
 
@@ -3931,25 +3529,21 @@ for ac_header in 				\
 
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:3934: checking for $ac_header" >&5
+
+echo "$as_me:3533: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 3940 "configure"
+#line 3539 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:3944: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:3950: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:3545: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -3957,16 +3551,19 @@ if { (eval echo "$as_me:3944: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:3969: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:3566: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -3978,7 +3575,7 @@ done
 
 fi
 
-echo "$as_me:3981: checking for dbopen" >&5
+echo "$as_me:3578: checking for dbopen" >&5
 echo $ECHO_N "checking for dbopen... $ECHO_C" >&6
 if test "${ac_cv_funclib_dbopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3994,7 +3591,7 @@ if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 3997 "configure"
+#line 3594 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4013,20 +3610,11 @@ dbopen(NULL, 0, 0, 0, NULL)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4016: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4019: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4021: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4024: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3613: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -4043,13 +3631,13 @@ if false; then
 for ac_func in dbopen
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:4046: checking for $ac_func" >&5
+echo "$as_me:3634: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4052 "configure"
+#line 3640 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -4080,25 +3668,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4083: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4086: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4088: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4091: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3671: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4101: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:3680: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4122,13 +3701,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:4125: result: yes" >&5
+	echo "$as_me:3704: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_dbopen=no"
 	eval "LIB_dbopen="
-	echo "$as_me:4131: result: no" >&5
+	echo "$as_me:3710: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -4142,12 +3721,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:4145: result: yes, in $ac_res" >&5
+	echo "$as_me:3724: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:4150: checking for dbm_firstkey" >&5
+echo "$as_me:3729: checking for dbm_firstkey" >&5
 echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
 if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -4163,7 +3742,7 @@ if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 4166 "configure"
+#line 3745 "configure"
 #include "confdefs.h"
 
 int
@@ -4175,20 +3754,11 @@ dbm_firstkey()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4178: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4181: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4183: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4186: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3757: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -4205,13 +3775,13 @@ if false; then
 for ac_func in dbm_firstkey
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:4208: checking for $ac_func" >&5
+echo "$as_me:3778: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4214 "configure"
+#line 3784 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -4242,25 +3812,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4245: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4248: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4250: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4253: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3815: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4263: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:3824: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4284,13 +3845,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:4287: result: yes" >&5
+	echo "$as_me:3848: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_dbm_firstkey=no"
 	eval "LIB_dbm_firstkey="
-	echo "$as_me:4293: result: no" >&5
+	echo "$as_me:3854: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -4304,12 +3865,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:4307: result: yes, in $ac_res" >&5
+	echo "$as_me:3868: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:4312: checking for db_create" >&5
+echo "$as_me:3873: checking for db_create" >&5
 echo $ECHO_N "checking for db_create... $ECHO_C" >&6
 if test "${ac_cv_funclib_db_create+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -4325,7 +3886,7 @@ if eval "test \"\$ac_cv_func_db_create\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 4328 "configure"
+#line 3889 "configure"
 #include "confdefs.h"
 
 int
@@ -4337,20 +3898,11 @@ db_create()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4340: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4343: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4345: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4348: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3901: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_db_create=$ac_lib; else ac_cv_funclib_db_create=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -4367,13 +3919,13 @@ if false; then
 for ac_func in db_create
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:4370: checking for $ac_func" >&5
+echo "$as_me:3922: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4376 "configure"
+#line 3928 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -4404,25 +3956,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4407: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4410: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4412: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4415: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:3959: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4425: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:3968: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4446,13 +3989,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:4449: result: yes" >&5
+	echo "$as_me:3992: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_db_create=no"
 	eval "LIB_db_create="
-	echo "$as_me:4455: result: no" >&5
+	echo "$as_me:3998: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -4466,7 +4009,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:4469: result: yes, in $ac_res" >&5
+	echo "$as_me:4012: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -4479,7 +4022,7 @@ if test "$LIB_dbopen" != "$LIB_dbm_firstkey"; then
 	DBLIB="$DBLIB $LIB_dbm_firstkey"
 fi
 
-echo "$as_me:4482: checking for inline" >&5
+echo "$as_me:4025: checking for inline" >&5
 echo $ECHO_N "checking for inline... $ECHO_C" >&6
 if test "${ac_cv_c_inline+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -4487,7 +4030,7 @@ else
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat >conftest.$ac_ext <<_ACEOF
-#line 4490 "configure"
+#line 4033 "configure"
 #include "confdefs.h"
 #ifndef __cplusplus
 $ac_kw int foo () {return 0; }
@@ -4495,26 +4038,17 @@ $ac_kw int foo () {return 0; }
 
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4498: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4501: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4503: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:4506: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4041: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_c_inline=$ac_kw; break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 done
 
 fi
-echo "$as_me:4517: result: $ac_cv_c_inline" >&5
+echo "$as_me:4051: result: $ac_cv_c_inline" >&5
 echo "${ECHO_T}$ac_cv_c_inline" >&6
 case $ac_cv_c_inline in
   inline | yes) ;;
@@ -4529,13 +4063,13 @@ EOF
  ;;
 esac
 
-echo "$as_me:4532: checking for an ANSI C-conforming const" >&5
+echo "$as_me:4066: checking for an ANSI C-conforming const" >&5
 echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
 if test "${ac_cv_c_const+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4538 "configure"
+#line 4072 "configure"
 #include "confdefs.h"
 
 int
@@ -4593,25 +4127,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4596: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4599: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4601: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:4604: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4130: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_c_const=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_const=no
+  cat conftest.$ac_ext >&5
+  ac_cv_c_const=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:4614: result: $ac_cv_c_const" >&5
+echo "$as_me:4139: result: $ac_cv_c_const" >&5
 echo "${ECHO_T}$ac_cv_c_const" >&6
 if test $ac_cv_c_const = no; then
 
@@ -4621,13 +4146,13 @@ EOF
 
 fi
 
-echo "$as_me:4624: checking for ANSI C header files" >&5
+echo "$as_me:4149: checking for ANSI C header files" >&5
 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
 if test "${ac_cv_header_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4630 "configure"
+#line 4155 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -4635,15 +4160,9 @@ else
 #include <float.h>
 
 _ACEOF
-if { (eval echo "$as_me:4638: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:4644: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:4164: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -4651,19 +4170,21 @@ if { (eval echo "$as_me:4638: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   ac_cv_header_stdc=yes
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   ac_cv_header_stdc=no
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
 
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
-#line 4666 "configure"
+#line 4187 "configure"
 #include "confdefs.h"
 #include <string.h>
 
@@ -4681,7 +4202,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
-#line 4684 "configure"
+#line 4205 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 
@@ -4702,7 +4223,7 @@ if test $ac_cv_header_stdc = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4705 "configure"
+#line 4226 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #if ((' ' & 0x0FF) == 0x020)
@@ -4728,15 +4249,10 @@ main ()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:4731: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4734: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:4735: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:4738: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:4252: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -4744,11 +4260,13 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_header_stdc=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
 fi
-echo "$as_me:4751: result: $ac_cv_header_stdc" >&5
+echo "$as_me:4269: result: $ac_cv_header_stdc" >&5
 echo "${ECHO_T}$ac_cv_header_stdc" >&6
 if test $ac_cv_header_stdc = yes; then
 
@@ -4758,61 +4276,13 @@ EOF
 
 fi
 
-for ac_header in stdlib.h string.h memory.h strings.h inttypes.h unistd.h
-do
-ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:4764: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$ac_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 4770 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:4774: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:4780: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  eval "$ac_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  eval "$ac_ac_Header=no"
-fi
-rm -f conftest.err conftest.$ac_ext
-fi
-echo "$as_me:4799: result: `eval echo '${'$ac_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
-if test `eval echo '${'$ac_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<EOF
-#define `echo "HAVE_$ac_header" | $ac_tr_cpp` 1
-EOF
-
-fi
-done
-
-echo "$as_me:4809: checking for size_t" >&5
+echo "$as_me:4279: checking for size_t" >&5
 echo $ECHO_N "checking for size_t... $ECHO_C" >&6
 if test "${ac_cv_type_size_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4815 "configure"
+#line 4285 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -4827,25 +4297,16 @@ if (sizeof (size_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4830: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4833: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4835: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:4838: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4300: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_size_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_size_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_size_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:4848: result: $ac_cv_type_size_t" >&5
+echo "$as_me:4309: result: $ac_cv_type_size_t" >&5
 echo "${ECHO_T}$ac_cv_type_size_t" >&6
 if test $ac_cv_type_size_t = yes; then
   :
@@ -4857,13 +4318,13 @@ EOF
 
 fi
 
-echo "$as_me:4860: checking for pid_t" >&5
+echo "$as_me:4321: checking for pid_t" >&5
 echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
 if test "${ac_cv_type_pid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4866 "configure"
+#line 4327 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -4878,25 +4339,16 @@ if (sizeof (pid_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4881: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4884: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4886: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:4889: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4342: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_pid_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_pid_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_pid_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:4899: result: $ac_cv_type_pid_t" >&5
+echo "$as_me:4351: result: $ac_cv_type_pid_t" >&5
 echo "${ECHO_T}$ac_cv_type_pid_t" >&6
 if test $ac_cv_type_pid_t = yes; then
   :
@@ -4908,13 +4360,13 @@ EOF
 
 fi
 
-echo "$as_me:4911: checking for uid_t in sys/types.h" >&5
+echo "$as_me:4363: checking for uid_t in sys/types.h" >&5
 echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
 if test "${ac_cv_type_uid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4917 "configure"
+#line 4369 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 
@@ -4928,7 +4380,7 @@ fi
 rm -f conftest*
 
 fi
-echo "$as_me:4931: result: $ac_cv_type_uid_t" >&5
+echo "$as_me:4383: result: $ac_cv_type_uid_t" >&5
 echo "${ECHO_T}$ac_cv_type_uid_t" >&6
 if test $ac_cv_type_uid_t = no; then
 
@@ -4942,13 +4394,13 @@ EOF
 
 fi
 
-echo "$as_me:4945: checking return type of signal handlers" >&5
+echo "$as_me:4397: checking return type of signal handlers" >&5
 echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
 if test "${ac_cv_type_signal+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4951 "configure"
+#line 4403 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -4970,25 +4422,16 @@ int i;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4973: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4976: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:4978: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:4981: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4425: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_signal=void
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_signal=int
+  cat conftest.$ac_ext >&5
+  ac_cv_type_signal=int
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:4991: result: $ac_cv_type_signal" >&5
+echo "$as_me:4434: result: $ac_cv_type_signal" >&5
 echo "${ECHO_T}$ac_cv_type_signal" >&6
 
 cat >>confdefs.h <<EOF
@@ -5003,13 +4446,13 @@ EOF
 
 fi
 
-echo "$as_me:5006: checking whether time.h and sys/time.h may both be included" >&5
+echo "$as_me:4449: checking whether time.h and sys/time.h may both be included" >&5
 echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
 if test "${ac_cv_header_time+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5012 "configure"
+#line 4455 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -5024,25 +4467,16 @@ struct tm *tp;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:5027: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:5030: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5032: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:5035: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4470: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_header_time=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_header_time=no
+  cat conftest.$ac_ext >&5
+  ac_cv_header_time=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:5045: result: $ac_cv_header_time" >&5
+echo "$as_me:4479: result: $ac_cv_header_time" >&5
 echo "${ECHO_T}$ac_cv_header_time" >&6
 if test $ac_cv_header_time = yes; then
 
@@ -5055,25 +4489,21 @@ fi
 for ac_header in standards.h
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:5058: checking for $ac_header" >&5
+
+echo "$as_me:4493: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5064 "configure"
+#line 4499 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:5068: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:5074: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:4505: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -5081,16 +4511,19 @@ if { (eval echo "$as_me:5068: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:5093: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:4526: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5104,13 +4537,13 @@ for i in netinet/ip.h netinet/tcp.h; do
 
 cv=`echo "$i" | sed 'y%./+-%__p_%'`
 
-echo "$as_me:5107: checking for $i" >&5
+echo "$as_me:4540: checking for $i" >&5
 echo $ECHO_N "checking for $i... $ECHO_C" >&6
 if eval "test \"\${ac_cv_header_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5113 "configure"
+#line 4546 "configure"
 #include "confdefs.h"
 \
 #ifdef HAVE_STANDARDS_H
@@ -5119,15 +4552,9 @@ else
 #include <$i>
 
 _ACEOF
-if { (eval echo "$as_me:5122: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:5128: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:4556: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -5135,16 +4562,19 @@ if { (eval echo "$as_me:5122: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "ac_cv_header_$cv=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "ac_cv_header_$cv=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:5147: result: `eval echo '${'ac_cv_header_$cv'}'`" >&5
+echo "$as_me:4577: result: `eval echo '${'ac_cv_header_$cv'}'`" >&5
 echo "${ECHO_T}`eval echo '${'ac_cv_header_$cv'}'`" >&6
 ac_res=`eval echo \\$ac_cv_header_$cv`
 if test "$ac_res" = yes; then
@@ -5160,25 +4590,21 @@ if false;then
 for ac_header in netinet/ip.h netinet/tcp.h
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:5163: checking for $ac_header" >&5
+
+echo "$as_me:4594: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5169 "configure"
+#line 4600 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:5173: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:5179: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:4606: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -5186,16 +4612,19 @@ if { (eval echo "$as_me:5173: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:5198: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:4627: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5210,13 +4639,13 @@ fi
 for ac_func in getlogin setlogin
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:5213: checking for $ac_func" >&5
+echo "$as_me:4642: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5219 "configure"
+#line 4648 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -5247,25 +4676,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5250: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:5253: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5255: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:5258: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4679: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:5268: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:4688: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5276,7 +4696,7 @@ fi
 done
 
 if test "$ac_cv_func_getlogin" = yes; then
-echo "$as_me:5279: checking if getlogin is posix" >&5
+echo "$as_me:4699: checking if getlogin is posix" >&5
 echo $ECHO_N "checking if getlogin is posix... $ECHO_C" >&6
 if test "${ac_cv_func_getlogin_posix+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5289,7 +4709,7 @@ else
 fi
 
 fi
-echo "$as_me:5292: result: $ac_cv_func_getlogin_posix" >&5
+echo "$as_me:4712: result: $ac_cv_func_getlogin_posix" >&5
 echo "${ECHO_T}$ac_cv_func_getlogin_posix" >&6
 if test "$ac_cv_func_getlogin_posix" = yes; then
 
@@ -5300,7 +4720,7 @@ EOF
 fi
 fi
 
-echo "$as_me:5303: checking if realloc if broken" >&5
+echo "$as_me:4723: checking if realloc if broken" >&5
 echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6
 if test "${ac_cv_func_realloc_broken+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5311,7 +4731,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5314 "configure"
+#line 4734 "configure"
 #include "confdefs.h"
 
 #include <stddef.h>
@@ -5324,15 +4744,10 @@ int main()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:5327: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:5330: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:5331: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:5334: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:4747: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -5340,11 +4755,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_realloc_broken=yes
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
 
 fi
-echo "$as_me:5347: result: $ac_cv_func_realloc_broken" >&5
+echo "$as_me:4763: result: $ac_cv_func_realloc_broken" >&5
 echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6
 if test "$ac_cv_func_realloc_broken" = yes ; then
 
@@ -5371,13 +4787,13 @@ if test -z "$WFLAGS" -a "$GCC" = "yes"; then
   WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
 fi
 
-echo "$as_me:5374: checking for ssize_t" >&5
+echo "$as_me:4790: checking for ssize_t" >&5
 echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
 if test "${ac_cv_type_ssize_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5380 "configure"
+#line 4796 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -5395,7 +4811,7 @@ fi
 rm -f conftest*
 
 fi
-echo "$as_me:5398: result: $ac_cv_type_ssize_t" >&5
+echo "$as_me:4814: result: $ac_cv_type_ssize_t" >&5
 echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
 if test $ac_cv_type_ssize_t = no; then
 
@@ -5406,13 +4822,13 @@ EOF
 fi
 
 cv=`echo "long long" | sed 'y%./+- %__p__%'`
-echo "$as_me:5409: checking for long long" >&5
+echo "$as_me:4825: checking for long long" >&5
 echo $ECHO_N "checking for long long... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5415 "configure"
+#line 4831 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -5429,37 +4845,28 @@ long long foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:5432: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:5435: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5437: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:5440: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4848: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:5451: result: $ac_foo" >&5
+echo "$as_me:4858: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:5456: checking for long long" >&5
+	echo "$as_me:4863: checking for long long" >&5
 echo $ECHO_N "checking for long long... $ECHO_C" >&6
 if test "${ac_cv_type_long_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5462 "configure"
+#line 4869 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -5474,25 +4881,16 @@ if (sizeof (long long))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:5477: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:5480: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5482: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:5485: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:4884: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_long_long=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_long_long=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:5495: result: $ac_cv_type_long_long" >&5
+echo "$as_me:4893: result: $ac_cv_type_long_long" >&5
 echo "${ECHO_T}$ac_cv_type_long_long" >&6
 if test $ac_cv_type_long_long = yes; then
 
@@ -5538,6 +4936,7 @@ for ac_header in \
 	rpcsvc/dbm.h				\
 	rpcsvc/ypclnt.h				\
 	shadow.h				\
+	sys/bswap.h				\
 	sys/ioctl.h				\
 	sys/param.h				\
 	sys/proc.h				\
@@ -5563,25 +4962,21 @@ for ac_header in \
 
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:5566: checking for $ac_header" >&5
+
+echo "$as_me:4966: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5572 "configure"
+#line 4972 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:5576: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:5582: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:4978: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -5589,16 +4984,19 @@ if { (eval echo "$as_me:5576: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:5601: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:4999: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5648,19 +5046,20 @@ if test "$withval" = "no"; then
 	ac_cv_lib_ipv6=no
 fi
 fi;
+save_CFLAGS="${CFLAGS}"
 if test "${ac_cv_lib_ipv6+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   v6type=unknown
 v6lib=none
 
-echo "$as_me:5657: checking ipv6 stack type" >&5
+echo "$as_me:5056: checking ipv6 stack type" >&5
 echo $ECHO_N "checking ipv6 stack type... $ECHO_C" >&6
 for i in v6d toshiba kame inria zeta linux; do
 	case $i in
 	v6d)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 5663 "configure"
+#line 5062 "configure"
 #include "confdefs.h"
 
 #include </usr/local/v6/include/sys/types.h>
@@ -5679,7 +5078,7 @@ rm -f conftest*
 		;;
 	toshiba)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 5682 "configure"
+#line 5081 "configure"
 #include "confdefs.h"
 
 #include <sys/param.h>
@@ -5698,7 +5097,7 @@ rm -f conftest*
 		;;
 	kame)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 5701 "configure"
+#line 5100 "configure"
 #include "confdefs.h"
 
 #include <netinet/in.h>
@@ -5717,7 +5116,7 @@ rm -f conftest*
 		;;
 	inria)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 5720 "configure"
+#line 5119 "configure"
 #include "confdefs.h"
 
 #include <netinet/in.h>
@@ -5734,7 +5133,7 @@ rm -f conftest*
 		;;
 	zeta)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 5737 "configure"
+#line 5136 "configure"
 #include "confdefs.h"
 
 #include <sys/param.h>
@@ -5764,7 +5163,7 @@ rm -f conftest*
 		break
 	fi
 done
-echo "$as_me:5767: result: $v6type" >&5
+echo "$as_me:5166: result: $v6type" >&5
 echo "${ECHO_T}$v6type" >&6
 
 if test "$v6lib" != "none"; then
@@ -5776,7 +5175,7 @@ if test "$v6lib" != "none"; then
 	done
 fi
 cat >conftest.$ac_ext <<_ACEOF
-#line 5779 "configure"
+#line 5178 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -5811,28 +5210,19 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5814: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:5817: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5819: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:5822: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5213: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_ipv6=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipv6=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_ipv6=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
 
-echo "$as_me:5833: checking for IPv6" >&5
+echo "$as_me:5223: checking for IPv6" >&5
 echo $ECHO_N "checking for IPv6... $ECHO_C" >&6
-echo "$as_me:5835: result: $ac_cv_lib_ipv6" >&5
+echo "$as_me:5225: result: $ac_cv_lib_ipv6" >&5
 echo "${ECHO_T}$ac_cv_lib_ipv6" >&6
 if test "$ac_cv_lib_ipv6" = yes; then
 
@@ -5840,9 +5230,11 @@ cat >>confdefs.h <<\EOF
 #define HAVE_IPV6 1
 EOF
 
+else
+  CFLAGS="${save_CFLAGS}"
 fi
 
-echo "$as_me:5845: checking for socket" >&5
+echo "$as_me:5237: checking for socket" >&5
 echo $ECHO_N "checking for socket... $ECHO_C" >&6
 if test "${ac_cv_funclib_socket+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5858,7 +5250,7 @@ if eval "test \"\$ac_cv_func_socket\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 5861 "configure"
+#line 5253 "configure"
 #include "confdefs.h"
 
 int
@@ -5870,20 +5262,11 @@ socket()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5873: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:5876: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5878: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:5881: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5265: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -5900,13 +5283,13 @@ if false; then
 for ac_func in socket
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:5903: checking for $ac_func" >&5
+echo "$as_me:5286: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5909 "configure"
+#line 5292 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -5937,25 +5320,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5940: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:5943: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:5945: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:5948: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5323: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:5958: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:5332: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5979,13 +5353,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:5982: result: yes" >&5
+	echo "$as_me:5356: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_socket=no"
 	eval "LIB_socket="
-	echo "$as_me:5988: result: no" >&5
+	echo "$as_me:5362: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -5999,7 +5373,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:6002: result: yes, in $ac_res" >&5
+	echo "$as_me:5376: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -6008,7 +5382,7 @@ if test -n "$LIB_socket"; then
 	LIBS="$LIB_socket $LIBS"
 fi
 
-echo "$as_me:6011: checking for gethostbyname" >&5
+echo "$as_me:5385: checking for gethostbyname" >&5
 echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
 if test "${ac_cv_funclib_gethostbyname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6024,7 +5398,7 @@ if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 6027 "configure"
+#line 5401 "configure"
 #include "confdefs.h"
 
 int
@@ -6036,20 +5410,11 @@ gethostbyname()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6039: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6042: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6044: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6047: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5413: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -6066,13 +5431,13 @@ if false; then
 for ac_func in gethostbyname
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:6069: checking for $ac_func" >&5
+echo "$as_me:5434: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6075 "configure"
+#line 5440 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6103,25 +5468,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6106: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6109: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6111: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6114: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5471: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6124: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:5480: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6145,13 +5501,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:6148: result: yes" >&5
+	echo "$as_me:5504: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_gethostbyname=no"
 	eval "LIB_gethostbyname="
-	echo "$as_me:6154: result: no" >&5
+	echo "$as_me:5510: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -6165,7 +5521,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:6168: result: yes, in $ac_res" >&5
+	echo "$as_me:5524: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -6174,7 +5530,7 @@ if test -n "$LIB_gethostbyname"; then
 	LIBS="$LIB_gethostbyname $LIBS"
 fi
 
-echo "$as_me:6177: checking for syslog" >&5
+echo "$as_me:5533: checking for syslog" >&5
 echo $ECHO_N "checking for syslog... $ECHO_C" >&6
 if test "${ac_cv_funclib_syslog+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6190,7 +5546,7 @@ if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 6193 "configure"
+#line 5549 "configure"
 #include "confdefs.h"
 
 int
@@ -6202,20 +5558,11 @@ syslog()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6205: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6208: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6210: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6213: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5561: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -6232,13 +5579,13 @@ if false; then
 for ac_func in syslog
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:6235: checking for $ac_func" >&5
+echo "$as_me:5582: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6241 "configure"
+#line 5588 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6269,25 +5616,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6272: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6275: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6277: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6280: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5619: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6290: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:5628: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6311,13 +5649,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:6314: result: yes" >&5
+	echo "$as_me:5652: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_syslog=no"
 	eval "LIB_syslog="
-	echo "$as_me:6320: result: no" >&5
+	echo "$as_me:5658: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -6331,7 +5669,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:6334: result: yes, in $ac_res" >&5
+	echo "$as_me:5672: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -6340,7 +5678,7 @@ if test -n "$LIB_syslog"; then
 	LIBS="$LIB_syslog $LIBS"
 fi
 
-echo "$as_me:6343: checking for gethostbyname2" >&5
+echo "$as_me:5681: checking for gethostbyname2" >&5
 echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6
 if test "${ac_cv_funclib_gethostbyname2+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6356,7 +5694,7 @@ if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 6359 "configure"
+#line 5697 "configure"
 #include "confdefs.h"
 
 int
@@ -6368,20 +5706,11 @@ gethostbyname2()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6371: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6374: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6376: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6379: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5709: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -6398,13 +5727,13 @@ if false; then
 for ac_func in gethostbyname2
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:6401: checking for $ac_func" >&5
+echo "$as_me:5730: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6407 "configure"
+#line 5736 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6435,25 +5764,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6438: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6441: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6443: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6446: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5767: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6456: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:5776: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6477,13 +5797,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:6480: result: yes" >&5
+	echo "$as_me:5800: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_gethostbyname2=no"
 	eval "LIB_gethostbyname2="
-	echo "$as_me:6486: result: no" >&5
+	echo "$as_me:5806: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -6497,7 +5817,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:6500: result: yes, in $ac_res" >&5
+	echo "$as_me:5820: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -6506,7 +5826,7 @@ if test -n "$LIB_gethostbyname2"; then
 	LIBS="$LIB_gethostbyname2 $LIBS"
 fi
 
-echo "$as_me:6509: checking for res_search" >&5
+echo "$as_me:5829: checking for res_search" >&5
 echo $ECHO_N "checking for res_search... $ECHO_C" >&6
 if test "${ac_cv_funclib_res_search+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6522,7 +5842,7 @@ if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 6525 "configure"
+#line 5845 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6548,20 +5868,11 @@ res_search(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6551: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6554: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6556: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6559: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5871: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -6578,13 +5889,13 @@ if false; then
 for ac_func in res_search
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:6581: checking for $ac_func" >&5
+echo "$as_me:5892: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6587 "configure"
+#line 5898 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6615,25 +5926,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6618: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6621: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6623: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6626: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:5929: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6636: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:5938: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6657,13 +5959,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:6660: result: yes" >&5
+	echo "$as_me:5962: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_res_search=no"
 	eval "LIB_res_search="
-	echo "$as_me:6666: result: no" >&5
+	echo "$as_me:5968: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -6677,7 +5979,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:6680: result: yes, in $ac_res" >&5
+	echo "$as_me:5982: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -6686,7 +5988,7 @@ if test -n "$LIB_res_search"; then
 	LIBS="$LIB_res_search $LIBS"
 fi
 
-echo "$as_me:6689: checking for dn_expand" >&5
+echo "$as_me:5991: checking for dn_expand" >&5
 echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6
 if test "${ac_cv_funclib_dn_expand+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6702,7 +6004,7 @@ if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 6705 "configure"
+#line 6007 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6728,20 +6030,11 @@ dn_expand(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6731: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6734: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6736: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6739: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6033: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -6758,13 +6051,13 @@ if false; then
 for ac_func in dn_expand
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:6761: checking for $ac_func" >&5
+echo "$as_me:6054: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6767 "configure"
+#line 6060 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6795,25 +6088,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6798: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6801: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6803: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6806: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6091: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6816: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:6100: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6837,13 +6121,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:6840: result: yes" >&5
+	echo "$as_me:6124: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_dn_expand=no"
 	eval "LIB_dn_expand="
-	echo "$as_me:6846: result: no" >&5
+	echo "$as_me:6130: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -6857,7 +6141,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:6860: result: yes, in $ac_res" >&5
+	echo "$as_me:6144: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -6866,7 +6150,7 @@ if test -n "$LIB_dn_expand"; then
 	LIBS="$LIB_dn_expand $LIBS"
 fi
 
-echo "$as_me:6869: checking for working snprintf" >&5
+echo "$as_me:6153: checking for working snprintf" >&5
 echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6
 if test "${ac_cv_func_snprintf_working+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6876,7 +6160,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6879 "configure"
+#line 6163 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6889,15 +6173,10 @@ int main()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:6892: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6895: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:6896: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:6899: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:6176: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -6905,10 +6184,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_snprintf_working=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
-echo "$as_me:6911: result: $ac_cv_func_snprintf_working" >&5
+echo "$as_me:6192: result: $ac_cv_func_snprintf_working" >&5
 echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6
 
 if test "$ac_cv_func_snprintf_working" = yes; then
@@ -6921,13 +6202,13 @@ fi
 if test "$ac_cv_func_snprintf_working" = yes; then
 
 if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
-echo "$as_me:6924: checking if snprintf needs a prototype" >&5
+echo "$as_me:6205: checking if snprintf needs a prototype" >&5
 echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_snprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6930 "configure"
+#line 6211 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int
@@ -6942,25 +6223,16 @@ snprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:6945: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:6948: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:6950: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:6953: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6226: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_snprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_snprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_snprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:6963: result: $ac_cv_func_snprintf_noproto" >&5
+echo "$as_me:6235: result: $ac_cv_func_snprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6
 
 if test "$ac_cv_func_snprintf_noproto" = yes; then
@@ -6975,7 +6247,7 @@ fi
 
 fi
 
-echo "$as_me:6978: checking for working vsnprintf" >&5
+echo "$as_me:6250: checking for working vsnprintf" >&5
 echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6
 if test "${ac_cv_func_vsnprintf_working+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6985,7 +6257,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6988 "configure"
+#line 6260 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7008,15 +6280,10 @@ int main()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:7011: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7014: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:7015: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7018: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:6283: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -7024,10 +6291,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_vsnprintf_working=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
-echo "$as_me:7030: result: $ac_cv_func_vsnprintf_working" >&5
+echo "$as_me:6299: result: $ac_cv_func_vsnprintf_working" >&5
 echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6
 
 if test "$ac_cv_func_vsnprintf_working" = yes; then
@@ -7040,13 +6309,13 @@ fi
 if test "$ac_cv_func_vsnprintf_working" = yes; then
 
 if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then
-echo "$as_me:7043: checking if vsnprintf needs a prototype" >&5
+echo "$as_me:6312: checking if vsnprintf needs a prototype" >&5
 echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7049 "configure"
+#line 6318 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int
@@ -7061,25 +6330,16 @@ vsnprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7064: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:7067: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7069: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:7072: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6333: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_vsnprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vsnprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_vsnprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:7082: result: $ac_cv_func_vsnprintf_noproto" >&5
+echo "$as_me:6342: result: $ac_cv_func_vsnprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6
 
 if test "$ac_cv_func_vsnprintf_noproto" = yes; then
@@ -7094,14 +6354,14 @@ fi
 
 fi
 
-echo "$as_me:7097: checking for working glob" >&5
+echo "$as_me:6357: checking for working glob" >&5
 echo $ECHO_N "checking for working glob... $ECHO_C" >&6
 if test "${ac_cv_func_glob_working+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_cv_func_glob_working=yes
 cat >conftest.$ac_ext <<_ACEOF
-#line 7104 "configure"
+#line 6364 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7110,32 +6370,24 @@ int
 main ()
 {
 
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT,
+NULL, NULL);
 
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7120: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7123: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7125: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7128: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6381: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   :
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_glob_working=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_glob_working=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7138: result: $ac_cv_func_glob_working" >&5
+echo "$as_me:6390: result: $ac_cv_func_glob_working" >&5
 echo "${ECHO_T}$ac_cv_func_glob_working" >&6
 
 if test "$ac_cv_func_glob_working" = yes; then
@@ -7148,13 +6400,13 @@ fi
 if test "$ac_cv_func_glob_working" = yes; then
 
 if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
-echo "$as_me:7151: checking if glob needs a prototype" >&5
+echo "$as_me:6403: checking if glob needs a prototype" >&5
 echo $ECHO_N "checking if glob needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_glob_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7157 "configure"
+#line 6409 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 #include <glob.h>
@@ -7170,25 +6422,16 @@ glob(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7173: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:7176: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7178: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:7181: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6425: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_glob_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_glob_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_glob_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:7191: result: $ac_cv_func_glob_noproto" >&5
+echo "$as_me:6434: result: $ac_cv_func_glob_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_glob_noproto" >&6
 
 if test "$ac_cv_func_glob_noproto" = yes; then
@@ -7220,8 +6463,10 @@ for ac_func in 				\
 	asprintf				\
 	cgetent					\
 	getconfattr				\
+	getprogname				\
 	getrlimit				\
 	getspnam				\
+	setprogname				\
 	strsvis					\
 	strunvis				\
 	strvis					\
@@ -7237,13 +6482,13 @@ for ac_func in 				\
 
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:7240: checking for $ac_func" >&5
+echo "$as_me:6485: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7246 "configure"
+#line 6491 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7274,25 +6519,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7277: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7280: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7282: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7285: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6522: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7295: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:6531: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7306,7 +6542,7 @@ if test "$ac_cv_func_cgetent" = no; then
 	LIBOBJS="$LIBOBJS getcap.o"
 fi
 
-echo "$as_me:7309: checking for getsockopt" >&5
+echo "$as_me:6545: checking for getsockopt" >&5
 echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6
 if test "${ac_cv_funclib_getsockopt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -7322,7 +6558,7 @@ if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 7325 "configure"
+#line 6561 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -7339,20 +6575,11 @@ getsockopt(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7342: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7345: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7347: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7350: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6578: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -7369,13 +6596,13 @@ if false; then
 for ac_func in getsockopt
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:7372: checking for $ac_func" >&5
+echo "$as_me:6599: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7378 "configure"
+#line 6605 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7406,25 +6633,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7409: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7412: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7414: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7417: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6636: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7427: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:6645: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7448,13 +6666,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:7451: result: yes" >&5
+	echo "$as_me:6669: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_getsockopt=no"
 	eval "LIB_getsockopt="
-	echo "$as_me:7457: result: no" >&5
+	echo "$as_me:6675: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -7468,12 +6686,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:7471: result: yes, in $ac_res" >&5
+	echo "$as_me:6689: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:7476: checking for setsockopt" >&5
+echo "$as_me:6694: checking for setsockopt" >&5
 echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6
 if test "${ac_cv_funclib_setsockopt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -7489,7 +6707,7 @@ if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 7492 "configure"
+#line 6710 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -7506,20 +6724,11 @@ setsockopt(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7509: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7512: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7514: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7517: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6727: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -7536,13 +6745,13 @@ if false; then
 for ac_func in setsockopt
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:7539: checking for $ac_func" >&5
+echo "$as_me:6748: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7545 "configure"
+#line 6754 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7573,25 +6782,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7576: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7579: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7581: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7584: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6785: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7594: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:6794: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7615,13 +6815,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:7618: result: yes" >&5
+	echo "$as_me:6818: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_setsockopt=no"
 	eval "LIB_setsockopt="
-	echo "$as_me:7624: result: no" >&5
+	echo "$as_me:6824: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -7635,12 +6835,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:7638: result: yes, in $ac_res" >&5
+	echo "$as_me:6838: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:7643: checking for hstrerror" >&5
+echo "$as_me:6843: checking for hstrerror" >&5
 echo $ECHO_N "checking for hstrerror... $ECHO_C" >&6
 if test "${ac_cv_funclib_hstrerror+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -7656,7 +6856,7 @@ if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 7659 "configure"
+#line 6859 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -7670,20 +6870,11 @@ hstrerror(17)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7673: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7676: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7678: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7681: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6873: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -7700,13 +6891,13 @@ if false; then
 for ac_func in hstrerror
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:7703: checking for $ac_func" >&5
+echo "$as_me:6894: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7709 "configure"
+#line 6900 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7737,25 +6928,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7740: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7743: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7745: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:7748: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:6931: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7758: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:6940: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7779,13 +6961,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:7782: result: yes" >&5
+	echo "$as_me:6964: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_hstrerror=no"
 	eval "LIB_hstrerror="
-	echo "$as_me:7788: result: no" >&5
+	echo "$as_me:6970: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -7799,7 +6981,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:7802: result: yes, in $ac_res" >&5
+	echo "$as_me:6984: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -7815,13 +6997,13 @@ fi
 if test "$ac_cv_func_hstrerror" = yes; then
 
 if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
-echo "$as_me:7818: checking if hstrerror needs a prototype" >&5
+echo "$as_me:7000: checking if hstrerror needs a prototype" >&5
 echo $ECHO_N "checking if hstrerror needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_hstrerror_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7824 "configure"
+#line 7006 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_NETDB_H
@@ -7839,25 +7021,16 @@ hstrerror(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7842: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:7845: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7847: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:7850: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7024: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_hstrerror_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_hstrerror_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_hstrerror_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:7860: result: $ac_cv_func_hstrerror_noproto" >&5
+echo "$as_me:7033: result: $ac_cv_func_hstrerror_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_hstrerror_noproto" >&6
 
 if test "$ac_cv_func_hstrerror_noproto" = yes; then
@@ -7875,13 +7048,13 @@ fi
 if test "$ac_cv_func_asprintf" = yes; then
 
 if test "$ac_cv_func_asprintf+set" != set -o "$ac_cv_func_asprintf" = yes; then
-echo "$as_me:7878: checking if asprintf needs a prototype" >&5
+echo "$as_me:7051: checking if asprintf needs a prototype" >&5
 echo $ECHO_N "checking if asprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_asprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7884 "configure"
+#line 7057 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7898,25 +7071,16 @@ asprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7901: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:7904: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7906: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:7909: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7074: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_asprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_asprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_asprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:7919: result: $ac_cv_func_asprintf_noproto" >&5
+echo "$as_me:7083: result: $ac_cv_func_asprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_asprintf_noproto" >&6
 
 if test "$ac_cv_func_asprintf_noproto" = yes; then
@@ -7932,13 +7096,13 @@ fi
 if test "$ac_cv_func_vasprintf" = yes; then
 
 if test "$ac_cv_func_vasprintf+set" != set -o "$ac_cv_func_vasprintf" = yes; then
-echo "$as_me:7935: checking if vasprintf needs a prototype" >&5
+echo "$as_me:7099: checking if vasprintf needs a prototype" >&5
 echo $ECHO_N "checking if vasprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_vasprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7941 "configure"
+#line 7105 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7955,25 +7119,16 @@ vasprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7958: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:7961: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:7963: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:7966: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7122: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_vasprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vasprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_vasprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:7976: result: $ac_cv_func_vasprintf_noproto" >&5
+echo "$as_me:7131: result: $ac_cv_func_vasprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_vasprintf_noproto" >&6
 
 if test "$ac_cv_func_vasprintf_noproto" = yes; then
@@ -7989,13 +7144,13 @@ fi
 if test "$ac_cv_func_asnprintf" = yes; then
 
 if test "$ac_cv_func_asnprintf+set" != set -o "$ac_cv_func_asnprintf" = yes; then
-echo "$as_me:7992: checking if asnprintf needs a prototype" >&5
+echo "$as_me:7147: checking if asnprintf needs a prototype" >&5
 echo $ECHO_N "checking if asnprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_asnprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7998 "configure"
+#line 7153 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -8012,25 +7167,16 @@ asnprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8015: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:8018: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8020: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:8023: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7170: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_asnprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_asnprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_asnprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:8033: result: $ac_cv_func_asnprintf_noproto" >&5
+echo "$as_me:7179: result: $ac_cv_func_asnprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_asnprintf_noproto" >&6
 
 if test "$ac_cv_func_asnprintf_noproto" = yes; then
@@ -8046,13 +7192,13 @@ fi
 if test "$ac_cv_func_vasnprintf" = yes; then
 
 if test "$ac_cv_func_vasnprintf+set" != set -o "$ac_cv_func_vasnprintf" = yes; then
-echo "$as_me:8049: checking if vasnprintf needs a prototype" >&5
+echo "$as_me:7195: checking if vasnprintf needs a prototype" >&5
 echo $ECHO_N "checking if vasnprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8055 "configure"
+#line 7201 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -8069,25 +7215,16 @@ vasnprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8072: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:8075: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8077: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:8080: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7218: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_vasnprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vasnprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_vasnprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:8090: result: $ac_cv_func_vasnprintf_noproto" >&5
+echo "$as_me:7227: result: $ac_cv_func_vasnprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_vasnprintf_noproto" >&6
 
 if test "$ac_cv_func_vasnprintf_noproto" = yes; then
@@ -8101,7 +7238,299 @@ fi
 fi
 fi
 
-echo "$as_me:8104: checking for pidfile" >&5
+echo "$as_me:7241: checking for bswap16" >&5
+echo $ECHO_N "checking for bswap16... $ECHO_C" >&6
+if test "${ac_cv_funclib_bswap16+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" ; do
+		if test -n "$ac_lib"; then
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat >conftest.$ac_ext <<_ACEOF
+#line 7257 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif
+int
+main ()
+{
+bswap16(0)
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo $as_me:7271: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap16=$ac_lib; else ac_cv_funclib_bswap16=yes; fi";break
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest$ac_exeext conftest.$ac_ext
+	done
+	eval "ac_cv_funclib_bswap16=\${ac_cv_funclib_bswap16-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+eval "ac_res=\$ac_cv_funclib_bswap16"
+
+if false; then
+
+for ac_func in bswap16
+do
+ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
+echo "$as_me:7292: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$ac_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 7298 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+char (*f) ();
+
+int
+main ()
+{
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+f = $ac_func;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo $as_me:7329: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
+  eval "$ac_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
+fi
+rm -f conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:7338: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
+if test `eval echo '${'$ac_ac_var'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_func" | $ac_tr_cpp` 1
+EOF
+
+fi
+done
+
+fi
+# bswap16
+eval "ac_tr_func=HAVE_`echo bswap16 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_bswap16=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_bswap16=yes"
+	eval "LIB_bswap16="
+	cat >>confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$as_me:7362: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+	;;
+	no)
+	eval "ac_cv_func_bswap16=no"
+	eval "LIB_bswap16="
+	echo "$as_me:7368: result: no" >&5
+echo "${ECHO_T}no" >&6
+	;;
+	*)
+	eval "ac_cv_func_bswap16=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >>confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >>confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$as_me:7382: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6
+	;;
+esac
+
+echo "$as_me:7387: checking for bswap32" >&5
+echo $ECHO_N "checking for bswap32... $ECHO_C" >&6
+if test "${ac_cv_funclib_bswap32+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" ; do
+		if test -n "$ac_lib"; then
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat >conftest.$ac_ext <<_ACEOF
+#line 7403 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif
+int
+main ()
+{
+bswap32(0)
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo $as_me:7417: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap32=$ac_lib; else ac_cv_funclib_bswap32=yes; fi";break
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest$ac_exeext conftest.$ac_ext
+	done
+	eval "ac_cv_funclib_bswap32=\${ac_cv_funclib_bswap32-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+eval "ac_res=\$ac_cv_funclib_bswap32"
+
+if false; then
+
+for ac_func in bswap32
+do
+ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
+echo "$as_me:7438: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$ac_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 7444 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+char (*f) ();
+
+int
+main ()
+{
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+f = $ac_func;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo $as_me:7475: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
+  eval "$ac_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
+fi
+rm -f conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:7484: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
+if test `eval echo '${'$ac_ac_var'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_func" | $ac_tr_cpp` 1
+EOF
+
+fi
+done
+
+fi
+# bswap32
+eval "ac_tr_func=HAVE_`echo bswap32 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_bswap32=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_bswap32=yes"
+	eval "LIB_bswap32="
+	cat >>confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$as_me:7508: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+	;;
+	no)
+	eval "ac_cv_func_bswap32=no"
+	eval "LIB_bswap32="
+	echo "$as_me:7514: result: no" >&5
+echo "${ECHO_T}no" >&6
+	;;
+	*)
+	eval "ac_cv_func_bswap32=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >>confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >>confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$as_me:7528: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6
+	;;
+esac
+
+echo "$as_me:7533: checking for pidfile" >&5
 echo $ECHO_N "checking for pidfile... $ECHO_C" >&6
 if test "${ac_cv_funclib_pidfile+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -8117,7 +7546,7 @@ if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 8120 "configure"
+#line 7549 "configure"
 #include "confdefs.h"
 #ifdef HAVE_UTIL_H
 #include <util.h>
@@ -8131,20 +7560,11 @@ pidfile(0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8134: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8137: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8139: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8142: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7563: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_pidfile=$ac_lib; else ac_cv_funclib_pidfile=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -8161,13 +7581,13 @@ if false; then
 for ac_func in pidfile
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:8164: checking for $ac_func" >&5
+echo "$as_me:7584: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8170 "configure"
+#line 7590 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8198,25 +7618,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8201: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8204: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8206: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8209: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7621: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8219: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:7630: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8240,13 +7651,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:8243: result: yes" >&5
+	echo "$as_me:7654: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_pidfile=no"
 	eval "LIB_pidfile="
-	echo "$as_me:8249: result: no" >&5
+	echo "$as_me:7660: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -8260,7 +7671,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:8263: result: yes, in $ac_res" >&5
+	echo "$as_me:7674: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -8334,13 +7745,13 @@ for ac_func in 					\
 
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:8337: checking for $ac_func" >&5
+echo "$as_me:7748: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8343 "configure"
+#line 7754 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8371,25 +7782,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8374: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8377: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8379: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8382: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7785: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8392: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:7794: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
 
@@ -8473,13 +7875,13 @@ for ac_func in \
 
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:8476: checking for $ac_func" >&5
+echo "$as_me:7878: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8482 "configure"
+#line 7884 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8510,25 +7912,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8513: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8516: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8518: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8521: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7915: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8531: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:7924: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8543,13 +7936,13 @@ done
 
 for ac_func in inet_aton
 do
-echo "$as_me:8546: checking for $ac_func" >&5
+echo "$as_me:7939: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8552 "configure"
+#line 7945 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -8581,21 +7974,12 @@ $ac_func(0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8584: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8587: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8589: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8592: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:7977: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "ac_cv_func_$ac_func=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_$ac_func=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_$ac_func=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
@@ -8606,10 +7990,10 @@ if eval "test \"\${ac_cv_func_$ac_func}\" = yes"; then
 #define $ac_tr_func 1
 EOF
 
-  echo "$as_me:8609: result: yes" >&5
+  echo "$as_me:7993: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
-  echo "$as_me:8612: result: no" >&5
+  echo "$as_me:7996: result: no" >&5
 echo "${ECHO_T}no" >&6
   LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
@@ -8619,13 +8003,13 @@ if false; then
 for ac_func in inet_aton
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:8622: checking for $ac_func" >&5
+echo "$as_me:8006: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8628 "configure"
+#line 8012 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8656,25 +8040,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8659: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8662: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8664: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8667: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8043: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8677: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:8052: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8688,13 +8063,13 @@ fi
 
 for ac_func in inet_ntop
 do
-echo "$as_me:8691: checking for $ac_func" >&5
+echo "$as_me:8066: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8697 "configure"
+#line 8072 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -8726,21 +8101,12 @@ $ac_func(0, 0, 0, 0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8729: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8732: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8734: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8737: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8104: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "ac_cv_func_$ac_func=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_$ac_func=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_$ac_func=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
@@ -8751,10 +8117,10 @@ if eval "test \"\${ac_cv_func_$ac_func}\" = yes"; then
 #define $ac_tr_func 1
 EOF
 
-  echo "$as_me:8754: result: yes" >&5
+  echo "$as_me:8120: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
-  echo "$as_me:8757: result: no" >&5
+  echo "$as_me:8123: result: no" >&5
 echo "${ECHO_T}no" >&6
   LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
@@ -8764,13 +8130,13 @@ if false; then
 for ac_func in inet_ntop
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:8767: checking for $ac_func" >&5
+echo "$as_me:8133: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8773 "configure"
+#line 8139 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8801,25 +8167,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8804: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8807: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8809: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8812: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8170: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8822: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:8179: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8833,13 +8190,13 @@ fi
 
 for ac_func in inet_pton
 do
-echo "$as_me:8836: checking for $ac_func" >&5
+echo "$as_me:8193: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8842 "configure"
+#line 8199 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -8871,21 +8228,12 @@ $ac_func(0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8874: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8877: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8879: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8882: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8231: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "ac_cv_func_$ac_func=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_$ac_func=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_$ac_func=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
@@ -8896,10 +8244,10 @@ if eval "test \"\${ac_cv_func_$ac_func}\" = yes"; then
 #define $ac_tr_func 1
 EOF
 
-  echo "$as_me:8899: result: yes" >&5
+  echo "$as_me:8247: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
-  echo "$as_me:8902: result: no" >&5
+  echo "$as_me:8250: result: no" >&5
 echo "${ECHO_T}no" >&6
   LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
@@ -8909,13 +8257,13 @@ if false; then
 for ac_func in inet_pton
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:8912: checking for $ac_func" >&5
+echo "$as_me:8260: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8918 "configure"
+#line 8266 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8946,25 +8294,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8949: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8952: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:8954: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:8957: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8297: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8967: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:8306: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8976,14 +8315,14 @@ done
 
 fi
 
-echo "$as_me:8979: checking for sa_len in struct sockaddr" >&5
+echo "$as_me:8318: checking for sa_len in struct sockaddr" >&5
 echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6
 if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 8986 "configure"
+#line 8325 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -8996,25 +8335,16 @@ struct sockaddr x; x.sa_len;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8999: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9002: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9004: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9007: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8338: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_sockaddr_sa_len=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_sa_len=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_sockaddr_sa_len=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9017: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
+echo "$as_me:8347: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
 echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6
 if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
 
@@ -9026,18 +8356,17 @@ fi
 
 if test "$ac_cv_func_getnameinfo" = "yes"; then
 
-echo "$as_me:9029: checking if getnameinfo is broken" >&5
+echo "$as_me:8359: checking if getnameinfo is broken" >&5
 echo $ECHO_N "checking if getnameinfo is broken... $ECHO_C" >&6
 if test "${ac_cv_func_getnameinfo_broken+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   if test "$cross_compiling" = yes; then
-  { { echo "$as_me:9035: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: cannot run test program while cross compiling" >&2
+  { (exit 1); exit; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9040 "configure"
+#line 8369 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 #include <sys/types.h>
@@ -9063,15 +8392,10 @@ main(int argc, char **argv)
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:9066: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9069: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:9070: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:9073: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:8395: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   ac_cv_func_getnameinfo_broken=no
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -9079,10 +8403,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_getnameinfo_broken=yes
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
-echo "$as_me:9085: result: $ac_cv_func_getnameinfo_broken" >&5
+echo "$as_me:8411: result: $ac_cv_func_getnameinfo_broken" >&5
 echo "${ECHO_T}$ac_cv_func_getnameinfo_broken" >&6
   if test "$ac_cv_func_getnameinfo_broken" = yes; then
     LIBOBJS="$LIBOBJS getnameinfo.o"
@@ -9090,13 +8416,13 @@ echo "${ECHO_T}$ac_cv_func_getnameinfo_broken" >&6
 fi
 
 if test "$ac_cv_func_setenv+set" != set -o "$ac_cv_func_setenv" = yes; then
-echo "$as_me:9093: checking if setenv needs a prototype" >&5
+echo "$as_me:8419: checking if setenv needs a prototype" >&5
 echo $ECHO_N "checking if setenv needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_setenv_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9099 "configure"
+#line 8425 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 int
@@ -9111,25 +8437,16 @@ setenv(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9114: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9117: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9119: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9122: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8440: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_setenv_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_setenv_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_setenv_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9132: result: $ac_cv_func_setenv_noproto" >&5
+echo "$as_me:8449: result: $ac_cv_func_setenv_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_setenv_noproto" >&6
 
 if test "$ac_cv_func_setenv_noproto" = yes; then
@@ -9143,13 +8460,13 @@ fi
 fi
 
 if test "$ac_cv_func_unsetenv+set" != set -o "$ac_cv_func_unsetenv" = yes; then
-echo "$as_me:9146: checking if unsetenv needs a prototype" >&5
+echo "$as_me:8463: checking if unsetenv needs a prototype" >&5
 echo $ECHO_N "checking if unsetenv needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_unsetenv_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9152 "configure"
+#line 8469 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 int
@@ -9164,25 +8481,16 @@ unsetenv(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9167: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9170: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9172: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9175: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8484: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_unsetenv_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_unsetenv_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_unsetenv_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9185: result: $ac_cv_func_unsetenv_noproto" >&5
+echo "$as_me:8493: result: $ac_cv_func_unsetenv_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_unsetenv_noproto" >&6
 
 if test "$ac_cv_func_unsetenv_noproto" = yes; then
@@ -9196,13 +8504,13 @@ fi
 fi
 
 if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
-echo "$as_me:9199: checking if gethostname needs a prototype" >&5
+echo "$as_me:8507: checking if gethostname needs a prototype" >&5
 echo $ECHO_N "checking if gethostname needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_gethostname_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9205 "configure"
+#line 8513 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 int
@@ -9217,25 +8525,16 @@ gethostname(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9220: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9223: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9225: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9228: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8528: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_gethostname_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostname_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_gethostname_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9238: result: $ac_cv_func_gethostname_noproto" >&5
+echo "$as_me:8537: result: $ac_cv_func_gethostname_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_gethostname_noproto" >&6
 
 if test "$ac_cv_func_gethostname_noproto" = yes; then
@@ -9249,13 +8548,13 @@ fi
 fi
 
 if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
-echo "$as_me:9252: checking if mkstemp needs a prototype" >&5
+echo "$as_me:8551: checking if mkstemp needs a prototype" >&5
 echo $ECHO_N "checking if mkstemp needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_mkstemp_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9258 "configure"
+#line 8557 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 int
@@ -9270,25 +8569,16 @@ mkstemp(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9273: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9276: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9278: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9281: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8572: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_mkstemp_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_mkstemp_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_mkstemp_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9291: result: $ac_cv_func_mkstemp_noproto" >&5
+echo "$as_me:8581: result: $ac_cv_func_mkstemp_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_mkstemp_noproto" >&6
 
 if test "$ac_cv_func_mkstemp_noproto" = yes; then
@@ -9302,13 +8592,13 @@ fi
 fi
 
 if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
-echo "$as_me:9305: checking if getusershell needs a prototype" >&5
+echo "$as_me:8595: checking if getusershell needs a prototype" >&5
 echo $ECHO_N "checking if getusershell needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_getusershell_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9311 "configure"
+#line 8601 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 int
@@ -9323,25 +8613,16 @@ getusershell(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9326: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9329: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9331: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9334: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8616: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_getusershell_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getusershell_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_getusershell_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9344: result: $ac_cv_func_getusershell_noproto" >&5
+echo "$as_me:8625: result: $ac_cv_func_getusershell_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_getusershell_noproto" >&6
 
 if test "$ac_cv_func_getusershell_noproto" = yes; then
@@ -9355,13 +8636,13 @@ fi
 fi
 
 if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
-echo "$as_me:9358: checking if inet_aton needs a prototype" >&5
+echo "$as_me:8639: checking if inet_aton needs a prototype" >&5
 echo $ECHO_N "checking if inet_aton needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_inet_aton_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9364 "configure"
+#line 8645 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -9388,25 +8669,16 @@ inet_aton(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9391: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9394: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9396: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9399: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8672: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_inet_aton_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_aton_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_inet_aton_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9409: result: $ac_cv_func_inet_aton_noproto" >&5
+echo "$as_me:8681: result: $ac_cv_func_inet_aton_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_inet_aton_noproto" >&6
 
 if test "$ac_cv_func_inet_aton_noproto" = yes; then
@@ -9419,7 +8691,7 @@ fi
 
 fi
 
-echo "$as_me:9422: checking for crypt" >&5
+echo "$as_me:8694: checking for crypt" >&5
 echo $ECHO_N "checking for crypt... $ECHO_C" >&6
 if test "${ac_cv_funclib_crypt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9435,7 +8707,7 @@ if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 9438 "configure"
+#line 8710 "configure"
 #include "confdefs.h"
 
 int
@@ -9447,20 +8719,11 @@ crypt()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:9450: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9453: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9455: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:9458: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8722: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -9477,13 +8740,13 @@ if false; then
 for ac_func in crypt
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:9480: checking for $ac_func" >&5
+echo "$as_me:8743: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9486 "configure"
+#line 8749 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -9514,25 +8777,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:9517: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9520: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9522: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:9525: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8780: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:9535: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:8789: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -9556,13 +8810,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:9559: result: yes" >&5
+	echo "$as_me:8813: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_crypt=no"
 	eval "LIB_crypt="
-	echo "$as_me:9565: result: no" >&5
+	echo "$as_me:8819: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -9576,18 +8830,18 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:9579: result: yes, in $ac_res" >&5
+	echo "$as_me:8833: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:9584: checking if gethostbyname is compatible with system prototype" >&5
+echo "$as_me:8838: checking if gethostbyname is compatible with system prototype" >&5
 echo $ECHO_N "checking if gethostbyname is compatible with system prototype... $ECHO_C" >&6
 if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9590 "configure"
+#line 8844 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -9615,25 +8869,16 @@ struct hostent *gethostbyname(const char *);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9618: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9621: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9623: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9626: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8872: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_gethostbyname_proto_compat=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostbyname_proto_compat=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_gethostbyname_proto_compat=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9636: result: $ac_cv_func_gethostbyname_proto_compat" >&5
+echo "$as_me:8881: result: $ac_cv_func_gethostbyname_proto_compat" >&5
 echo "${ECHO_T}$ac_cv_func_gethostbyname_proto_compat" >&6
 
 if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
@@ -9644,13 +8889,13 @@ EOF
 
 fi
 
-echo "$as_me:9647: checking if gethostbyaddr is compatible with system prototype" >&5
+echo "$as_me:8892: checking if gethostbyaddr is compatible with system prototype" >&5
 echo $ECHO_N "checking if gethostbyaddr is compatible with system prototype... $ECHO_C" >&6
 if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9653 "configure"
+#line 8898 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -9678,25 +8923,16 @@ struct hostent *gethostbyaddr(const void *, size_t, int);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9681: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9684: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9686: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9689: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8926: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostbyaddr_proto_compat=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_gethostbyaddr_proto_compat=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9699: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5
+echo "$as_me:8935: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5
 echo "${ECHO_T}$ac_cv_func_gethostbyaddr_proto_compat" >&6
 
 if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
@@ -9707,13 +8943,13 @@ EOF
 
 fi
 
-echo "$as_me:9710: checking if getservbyname is compatible with system prototype" >&5
+echo "$as_me:8946: checking if getservbyname is compatible with system prototype" >&5
 echo $ECHO_N "checking if getservbyname is compatible with system prototype... $ECHO_C" >&6
 if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9716 "configure"
+#line 8952 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -9741,25 +8977,16 @@ struct servent *getservbyname(const char *, const char *);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9744: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9747: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9749: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9752: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:8980: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_getservbyname_proto_compat=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getservbyname_proto_compat=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_getservbyname_proto_compat=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9762: result: $ac_cv_func_getservbyname_proto_compat" >&5
+echo "$as_me:8989: result: $ac_cv_func_getservbyname_proto_compat" >&5
 echo "${ECHO_T}$ac_cv_func_getservbyname_proto_compat" >&6
 
 if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
@@ -9770,13 +8997,13 @@ EOF
 
 fi
 
-echo "$as_me:9773: checking if getsockname is compatible with system prototype" >&5
+echo "$as_me:9000: checking if getsockname is compatible with system prototype" >&5
 echo $ECHO_N "checking if getsockname is compatible with system prototype... $ECHO_C" >&6
 if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9779 "configure"
+#line 9006 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -9795,25 +9022,16 @@ int getsockname(int, struct sockaddr*, socklen_t*);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9798: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9801: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9803: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9806: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9025: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_getsockname_proto_compat=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getsockname_proto_compat=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_getsockname_proto_compat=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9816: result: $ac_cv_func_getsockname_proto_compat" >&5
+echo "$as_me:9034: result: $ac_cv_func_getsockname_proto_compat" >&5
 echo "${ECHO_T}$ac_cv_func_getsockname_proto_compat" >&6
 
 if test "$ac_cv_func_getsockname_proto_compat" = yes; then
@@ -9824,13 +9042,13 @@ EOF
 
 fi
 
-echo "$as_me:9827: checking if openlog is compatible with system prototype" >&5
+echo "$as_me:9045: checking if openlog is compatible with system prototype" >&5
 echo $ECHO_N "checking if openlog is compatible with system prototype... $ECHO_C" >&6
 if test "${ac_cv_func_openlog_proto_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9833 "configure"
+#line 9051 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYSLOG_H
@@ -9846,25 +9064,16 @@ void openlog(const char *, int, int);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9849: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9852: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9854: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9857: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9067: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_openlog_proto_compat=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_openlog_proto_compat=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_openlog_proto_compat=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9867: result: $ac_cv_func_openlog_proto_compat" >&5
+echo "$as_me:9076: result: $ac_cv_func_openlog_proto_compat" >&5
 echo "${ECHO_T}$ac_cv_func_openlog_proto_compat" >&6
 
 if test "$ac_cv_func_openlog_proto_compat" = yes; then
@@ -9876,13 +9085,13 @@ EOF
 fi
 
 if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
-echo "$as_me:9879: checking if crypt needs a prototype" >&5
+echo "$as_me:9088: checking if crypt needs a prototype" >&5
 echo $ECHO_N "checking if crypt needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_crypt_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9885 "configure"
+#line 9094 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_CRYPT_H
@@ -9904,25 +9113,16 @@ crypt(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9907: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9910: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9912: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9915: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9116: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_crypt_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_crypt_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_crypt_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9925: result: $ac_cv_func_crypt_noproto" >&5
+echo "$as_me:9125: result: $ac_cv_func_crypt_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_crypt_noproto" >&6
 
 if test "$ac_cv_func_crypt_noproto" = yes; then
@@ -9936,13 +9136,13 @@ fi
 fi
 
 if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
-echo "$as_me:9939: checking if strtok_r needs a prototype" >&5
+echo "$as_me:9139: checking if strtok_r needs a prototype" >&5
 echo $ECHO_N "checking if strtok_r needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_strtok_r_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9945 "configure"
+#line 9145 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -9959,25 +9159,16 @@ strtok_r(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9962: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9965: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:9967: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:9970: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9162: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_strtok_r_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strtok_r_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_strtok_r_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9980: result: $ac_cv_func_strtok_r_noproto" >&5
+echo "$as_me:9171: result: $ac_cv_func_strtok_r_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_strtok_r_noproto" >&6
 
 if test "$ac_cv_func_strtok_r_noproto" = yes; then
@@ -9991,13 +9182,13 @@ fi
 fi
 
 if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
-echo "$as_me:9994: checking if strsep needs a prototype" >&5
+echo "$as_me:9185: checking if strsep needs a prototype" >&5
 echo $ECHO_N "checking if strsep needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_strsep_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10000 "configure"
+#line 9191 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -10014,25 +9205,16 @@ strsep(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10017: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10020: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10022: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10025: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9208: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_strsep_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strsep_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_strsep_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10035: result: $ac_cv_func_strsep_noproto" >&5
+echo "$as_me:9217: result: $ac_cv_func_strsep_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_strsep_noproto" >&6
 
 if test "$ac_cv_func_strsep_noproto" = yes; then
@@ -10045,14 +9227,14 @@ fi
 
 fi
 
-echo "$as_me:10048: checking for h_errno" >&5
+echo "$as_me:9230: checking for h_errno" >&5
 echo $ECHO_N "checking for h_errno... $ECHO_C" >&6
 if test "${ac_cv_var_h_errno+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10055 "configure"
+#line 9237 "configure"
 #include "confdefs.h"
 extern int h_errno;
 int foo() { return h_errno; }
@@ -10065,28 +9247,19 @@ foo()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:10068: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10071: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10073: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:10076: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9250: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_var_h_errno=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errno=no
+  cat conftest.$ac_ext >&5
+  ac_cv_var_h_errno=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 
 fi
 
 ac_foo=`eval echo \\$ac_cv_var_h_errno`
-echo "$as_me:10089: result: $ac_foo" >&5
+echo "$as_me:9262: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
 
@@ -10094,14 +9267,14 @@ cat >>confdefs.h <<EOF
 #define HAVE_H_ERRNO 1
 EOF
 
-echo "$as_me:10097: checking if h_errno is properly declared" >&5
+echo "$as_me:9270: checking if h_errno is properly declared" >&5
 echo $ECHO_N "checking if h_errno is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_h_errno_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10104 "configure"
+#line 9277 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -10119,27 +9292,18 @@ h_errno.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10122: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10125: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10127: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10130: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9295: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_h_errno_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_errno_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_h_errno_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10142: result: $ac_cv_var_h_errno_declaration" >&5
+echo "$as_me:9306: result: $ac_cv_var_h_errno_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_h_errno_declaration" >&6
 if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then
 
@@ -10151,14 +9315,14 @@ fi
 
 fi
 
-echo "$as_me:10154: checking for h_errlist" >&5
+echo "$as_me:9318: checking for h_errlist" >&5
 echo $ECHO_N "checking for h_errlist... $ECHO_C" >&6
 if test "${ac_cv_var_h_errlist+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10161 "configure"
+#line 9325 "configure"
 #include "confdefs.h"
 extern int h_errlist;
 int foo() { return h_errlist; }
@@ -10171,28 +9335,19 @@ foo()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:10174: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10177: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10179: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:10182: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9338: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_var_h_errlist=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errlist=no
+  cat conftest.$ac_ext >&5
+  ac_cv_var_h_errlist=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 
 fi
 
 ac_foo=`eval echo \\$ac_cv_var_h_errlist`
-echo "$as_me:10195: result: $ac_foo" >&5
+echo "$as_me:9350: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
 
@@ -10200,14 +9355,14 @@ cat >>confdefs.h <<EOF
 #define HAVE_H_ERRLIST 1
 EOF
 
-echo "$as_me:10203: checking if h_errlist is properly declared" >&5
+echo "$as_me:9358: checking if h_errlist is properly declared" >&5
 echo $ECHO_N "checking if h_errlist is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_h_errlist_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10210 "configure"
+#line 9365 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -10222,27 +9377,18 @@ h_errlist.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10225: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10228: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10230: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10233: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9380: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_h_errlist_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_errlist_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_h_errlist_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10245: result: $ac_cv_var_h_errlist_declaration" >&5
+echo "$as_me:9391: result: $ac_cv_var_h_errlist_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_h_errlist_declaration" >&6
 if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then
 
@@ -10254,14 +9400,14 @@ fi
 
 fi
 
-echo "$as_me:10257: checking for h_nerr" >&5
+echo "$as_me:9403: checking for h_nerr" >&5
 echo $ECHO_N "checking for h_nerr... $ECHO_C" >&6
 if test "${ac_cv_var_h_nerr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10264 "configure"
+#line 9410 "configure"
 #include "confdefs.h"
 extern int h_nerr;
 int foo() { return h_nerr; }
@@ -10274,28 +9420,19 @@ foo()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:10277: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10280: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10282: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:10285: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9423: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_var_h_nerr=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_nerr=no
+  cat conftest.$ac_ext >&5
+  ac_cv_var_h_nerr=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 
 fi
 
 ac_foo=`eval echo \\$ac_cv_var_h_nerr`
-echo "$as_me:10298: result: $ac_foo" >&5
+echo "$as_me:9435: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
 
@@ -10303,14 +9440,14 @@ cat >>confdefs.h <<EOF
 #define HAVE_H_NERR 1
 EOF
 
-echo "$as_me:10306: checking if h_nerr is properly declared" >&5
+echo "$as_me:9443: checking if h_nerr is properly declared" >&5
 echo $ECHO_N "checking if h_nerr is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_h_nerr_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10313 "configure"
+#line 9450 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -10325,27 +9462,18 @@ h_nerr.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10328: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10331: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10333: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10336: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9465: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_h_nerr_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_nerr_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_h_nerr_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10348: result: $ac_cv_var_h_nerr_declaration" >&5
+echo "$as_me:9476: result: $ac_cv_var_h_nerr_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_h_nerr_declaration" >&6
 if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then
 
@@ -10357,14 +9485,14 @@ fi
 
 fi
 
-echo "$as_me:10360: checking for __progname" >&5
+echo "$as_me:9488: checking for __progname" >&5
 echo $ECHO_N "checking for __progname... $ECHO_C" >&6
 if test "${ac_cv_var___progname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10367 "configure"
+#line 9495 "configure"
 #include "confdefs.h"
 extern int __progname;
 int foo() { return __progname; }
@@ -10377,28 +9505,19 @@ foo()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:10380: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10383: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10385: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:10388: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9508: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_var___progname=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var___progname=no
+  cat conftest.$ac_ext >&5
+  ac_cv_var___progname=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 
 fi
 
 ac_foo=`eval echo \\$ac_cv_var___progname`
-echo "$as_me:10401: result: $ac_foo" >&5
+echo "$as_me:9520: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
 
@@ -10406,14 +9525,14 @@ cat >>confdefs.h <<EOF
 #define HAVE___PROGNAME 1
 EOF
 
-echo "$as_me:10409: checking if __progname is properly declared" >&5
+echo "$as_me:9528: checking if __progname is properly declared" >&5
 echo $ECHO_N "checking if __progname is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var___progname_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10416 "configure"
+#line 9535 "configure"
 #include "confdefs.h"
 #ifdef HAVE_ERR_H
 #include <err.h>
@@ -10428,27 +9547,18 @@ __progname.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10431: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10434: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10436: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10439: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9550: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var___progname_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var___progname_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var___progname_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10451: result: $ac_cv_var___progname_declaration" >&5
+echo "$as_me:9561: result: $ac_cv_var___progname_declaration" >&5
 echo "${ECHO_T}$ac_cv_var___progname_declaration" >&6
 if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then
 
@@ -10460,14 +9570,14 @@ fi
 
 fi
 
-echo "$as_me:10463: checking if optarg is properly declared" >&5
+echo "$as_me:9573: checking if optarg is properly declared" >&5
 echo $ECHO_N "checking if optarg is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_optarg_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10470 "configure"
+#line 9580 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -10483,27 +9593,18 @@ optarg.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10486: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10489: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10491: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10494: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9596: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_optarg_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optarg_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_optarg_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10506: result: $ac_cv_var_optarg_declaration" >&5
+echo "$as_me:9607: result: $ac_cv_var_optarg_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_optarg_declaration" >&6
 if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then
 
@@ -10513,14 +9614,14 @@ EOF
 
 fi
 
-echo "$as_me:10516: checking if optind is properly declared" >&5
+echo "$as_me:9617: checking if optind is properly declared" >&5
 echo $ECHO_N "checking if optind is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_optind_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10523 "configure"
+#line 9624 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -10536,27 +9637,18 @@ optind.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10539: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10542: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10544: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10547: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9640: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_optind_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optind_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_optind_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10559: result: $ac_cv_var_optind_declaration" >&5
+echo "$as_me:9651: result: $ac_cv_var_optind_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_optind_declaration" >&6
 if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then
 
@@ -10566,14 +9658,14 @@ EOF
 
 fi
 
-echo "$as_me:10569: checking if opterr is properly declared" >&5
+echo "$as_me:9661: checking if opterr is properly declared" >&5
 echo $ECHO_N "checking if opterr is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_opterr_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10576 "configure"
+#line 9668 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -10589,27 +9681,18 @@ opterr.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10592: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10595: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10597: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10600: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9684: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_opterr_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_opterr_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_opterr_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10612: result: $ac_cv_var_opterr_declaration" >&5
+echo "$as_me:9695: result: $ac_cv_var_opterr_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_opterr_declaration" >&6
 if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then
 
@@ -10619,14 +9702,14 @@ EOF
 
 fi
 
-echo "$as_me:10622: checking if optopt is properly declared" >&5
+echo "$as_me:9705: checking if optopt is properly declared" >&5
 echo $ECHO_N "checking if optopt is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_optopt_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10629 "configure"
+#line 9712 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -10642,27 +9725,18 @@ optopt.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10645: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10648: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10650: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10653: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9728: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_optopt_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optopt_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_optopt_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10665: result: $ac_cv_var_optopt_declaration" >&5
+echo "$as_me:9739: result: $ac_cv_var_optopt_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_optopt_declaration" >&6
 if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then
 
@@ -10672,14 +9746,14 @@ EOF
 
 fi
 
-echo "$as_me:10675: checking if environ is properly declared" >&5
+echo "$as_me:9749: checking if environ is properly declared" >&5
 echo $ECHO_N "checking if environ is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_environ_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10682 "configure"
+#line 9756 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 extern struct { int foo; } environ;
@@ -10692,27 +9766,18 @@ environ.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10695: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10698: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10700: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10703: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9769: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_environ_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_environ_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_environ_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10715: result: $ac_cv_var_environ_declaration" >&5
+echo "$as_me:9780: result: $ac_cv_var_environ_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_environ_declaration" >&6
 if eval "test \"\$ac_cv_var_environ_declaration\" = yes"; then
 
@@ -10722,14 +9787,14 @@ EOF
 
 fi
 
-echo "$as_me:10725: checking for tm_gmtoff in struct tm" >&5
+echo "$as_me:9790: checking for tm_gmtoff in struct tm" >&5
 echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6
 if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10732 "configure"
+#line 9797 "configure"
 #include "confdefs.h"
 #include <time.h>
 int
@@ -10741,25 +9806,16 @@ struct tm x; x.tm_gmtoff;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10744: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10747: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10749: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10752: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9809: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_tm_tm_gmtoff=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_gmtoff=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_tm_tm_gmtoff=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10762: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
+echo "$as_me:9818: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
 echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6
 if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
 
@@ -10769,14 +9825,14 @@ EOF
 
 fi
 
-echo "$as_me:10772: checking for tm_zone in struct tm" >&5
+echo "$as_me:9828: checking for tm_zone in struct tm" >&5
 echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6
 if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10779 "configure"
+#line 9835 "configure"
 #include "confdefs.h"
 #include <time.h>
 int
@@ -10788,25 +9844,16 @@ struct tm x; x.tm_zone;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10791: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10794: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10796: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10799: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9847: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_tm_tm_zone=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_zone=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_tm_tm_zone=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10809: result: $ac_cv_type_struct_tm_tm_zone" >&5
+echo "$as_me:9856: result: $ac_cv_type_struct_tm_tm_zone" >&5
 echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6
 if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
 
@@ -10816,14 +9863,14 @@ EOF
 
 fi
 
-echo "$as_me:10819: checking for timezone" >&5
+echo "$as_me:9866: checking for timezone" >&5
 echo $ECHO_N "checking for timezone... $ECHO_C" >&6
 if test "${ac_cv_var_timezone+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10826 "configure"
+#line 9873 "configure"
 #include "confdefs.h"
 extern int timezone;
 int foo() { return timezone; }
@@ -10836,28 +9883,19 @@ foo()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:10839: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10842: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10844: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:10847: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9886: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_var_timezone=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_timezone=no
+  cat conftest.$ac_ext >&5
+  ac_cv_var_timezone=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 
 fi
 
 ac_foo=`eval echo \\$ac_cv_var_timezone`
-echo "$as_me:10860: result: $ac_foo" >&5
+echo "$as_me:9898: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
 
@@ -10865,14 +9903,14 @@ cat >>confdefs.h <<EOF
 #define HAVE_TIMEZONE 1
 EOF
 
-echo "$as_me:10868: checking if timezone is properly declared" >&5
+echo "$as_me:9906: checking if timezone is properly declared" >&5
 echo $ECHO_N "checking if timezone is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_timezone_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 10875 "configure"
+#line 9913 "configure"
 #include "confdefs.h"
 #include <time.h>
 extern struct { int foo; } timezone;
@@ -10885,27 +9923,18 @@ timezone.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10888: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10891: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10893: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10896: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9926: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_timezone_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_timezone_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_timezone_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:10908: result: $ac_cv_var_timezone_declaration" >&5
+echo "$as_me:9937: result: $ac_cv_var_timezone_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_timezone_declaration" >&6
 if eval "test \"\$ac_cv_var_timezone_declaration\" = yes"; then
 
@@ -10918,13 +9947,13 @@ fi
 fi
 
 cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:10921: checking for sa_family_t" >&5
+echo "$as_me:9950: checking for sa_family_t" >&5
 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10927 "configure"
+#line 9956 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -10941,37 +9970,28 @@ sa_family_t foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10944: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10947: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10949: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10952: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:9973: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:10963: result: $ac_foo" >&5
+echo "$as_me:9983: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:10968: checking for sa_family_t" >&5
+	echo "$as_me:9988: checking for sa_family_t" >&5
 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
 if test "${ac_cv_type_sa_family_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10974 "configure"
+#line 9994 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10986,25 +10006,16 @@ if (sizeof (sa_family_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10989: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10992: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:10994: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:10997: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10009: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_sa_family_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_sa_family_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_sa_family_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11007: result: $ac_cv_type_sa_family_t" >&5
+echo "$as_me:10018: result: $ac_cv_type_sa_family_t" >&5
 echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6
 if test $ac_cv_type_sa_family_t = yes; then
 
@@ -11023,13 +10034,13 @@ EOF
 fi
 
 cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:11026: checking for socklen_t" >&5
+echo "$as_me:10037: checking for socklen_t" >&5
 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11032 "configure"
+#line 10043 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -11046,37 +10057,28 @@ socklen_t foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11049: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11052: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11054: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11057: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10060: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:11068: result: $ac_foo" >&5
+echo "$as_me:10070: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:11073: checking for socklen_t" >&5
+	echo "$as_me:10075: checking for socklen_t" >&5
 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
 if test "${ac_cv_type_socklen_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11079 "configure"
+#line 10081 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -11091,25 +10093,16 @@ if (sizeof (socklen_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11094: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11097: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11099: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11102: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10096: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_socklen_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_socklen_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_socklen_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11112: result: $ac_cv_type_socklen_t" >&5
+echo "$as_me:10105: result: $ac_cv_type_socklen_t" >&5
 echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
 if test $ac_cv_type_socklen_t = yes; then
 
@@ -11128,13 +10121,13 @@ EOF
 fi
 
 cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'`
-echo "$as_me:11131: checking for struct sockaddr" >&5
+echo "$as_me:10124: checking for struct sockaddr" >&5
 echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11137 "configure"
+#line 10130 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -11151,37 +10144,28 @@ struct sockaddr foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11154: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11157: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11159: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11162: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10147: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:11173: result: $ac_foo" >&5
+echo "$as_me:10157: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:11178: checking for struct sockaddr" >&5
+	echo "$as_me:10162: checking for struct sockaddr" >&5
 echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
 if test "${ac_cv_type_struct_sockaddr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11184 "configure"
+#line 10168 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -11196,25 +10180,16 @@ if (sizeof (struct sockaddr))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11199: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11202: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11204: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11207: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10183: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_sockaddr=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_sockaddr=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11217: result: $ac_cv_type_struct_sockaddr" >&5
+echo "$as_me:10192: result: $ac_cv_type_struct_sockaddr" >&5
 echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6
 if test $ac_cv_type_struct_sockaddr = yes; then
 
@@ -11233,13 +10208,13 @@ EOF
 fi
 
 cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
-echo "$as_me:11236: checking for struct sockaddr_storage" >&5
+echo "$as_me:10211: checking for struct sockaddr_storage" >&5
 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11242 "configure"
+#line 10217 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -11256,37 +10231,28 @@ struct sockaddr_storage foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11259: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11262: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11264: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11267: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10234: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:11278: result: $ac_foo" >&5
+echo "$as_me:10244: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:11283: checking for struct sockaddr_storage" >&5
+	echo "$as_me:10249: checking for struct sockaddr_storage" >&5
 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
 if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11289 "configure"
+#line 10255 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -11301,25 +10267,16 @@ if (sizeof (struct sockaddr_storage))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11304: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11307: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11309: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11312: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10270: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_sockaddr_storage=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_storage=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_sockaddr_storage=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11322: result: $ac_cv_type_struct_sockaddr_storage" >&5
+echo "$as_me:10279: result: $ac_cv_type_struct_sockaddr_storage" >&5
 echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6
 if test $ac_cv_type_struct_sockaddr_storage = yes; then
 
@@ -11338,13 +10295,13 @@ EOF
 fi
 
 cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'`
-echo "$as_me:11341: checking for struct addrinfo" >&5
+echo "$as_me:10298: checking for struct addrinfo" >&5
 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11347 "configure"
+#line 10304 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -11361,37 +10318,28 @@ struct addrinfo foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11364: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11367: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11369: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11372: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10321: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:11383: result: $ac_foo" >&5
+echo "$as_me:10331: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:11388: checking for struct addrinfo" >&5
+	echo "$as_me:10336: checking for struct addrinfo" >&5
 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
 if test "${ac_cv_type_struct_addrinfo+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11394 "configure"
+#line 10342 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -11406,25 +10354,16 @@ if (sizeof (struct addrinfo))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11409: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11412: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11414: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11417: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10357: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_addrinfo=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_addrinfo=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_addrinfo=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11427: result: $ac_cv_type_struct_addrinfo" >&5
+echo "$as_me:10366: result: $ac_cv_type_struct_addrinfo" >&5
 echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6
 if test $ac_cv_type_struct_addrinfo = yes; then
 
@@ -11443,13 +10382,13 @@ EOF
 fi
 
 cv=`echo "struct ifaddrs" | sed 'y%./+- %__p__%'`
-echo "$as_me:11446: checking for struct ifaddrs" >&5
+echo "$as_me:10385: checking for struct ifaddrs" >&5
 echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11452 "configure"
+#line 10391 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -11466,37 +10405,28 @@ struct ifaddrs foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11469: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11472: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11474: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11477: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10408: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:11488: result: $ac_foo" >&5
+echo "$as_me:10418: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct ifaddrs | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:11493: checking for struct ifaddrs" >&5
+	echo "$as_me:10423: checking for struct ifaddrs" >&5
 echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6
 if test "${ac_cv_type_struct_ifaddrs+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11499 "configure"
+#line 10429 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -11511,25 +10441,16 @@ if (sizeof (struct ifaddrs))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11514: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11517: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11519: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11522: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10444: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_ifaddrs=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_ifaddrs=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_ifaddrs=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11532: result: $ac_cv_type_struct_ifaddrs" >&5
+echo "$as_me:10453: result: $ac_cv_type_struct_ifaddrs" >&5
 echo "${ECHO_T}$ac_cv_type_struct_ifaddrs" >&6
 if test $ac_cv_type_struct_ifaddrs = yes; then
 
@@ -11547,7 +10468,7 @@ EOF
 
 fi
 
-echo "$as_me:11550: checking for struct winsize" >&5
+echo "$as_me:10471: checking for struct winsize" >&5
 echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6
 if test "${ac_cv_struct_winsize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -11556,7 +10477,7 @@ else
 ac_cv_struct_winsize=no
 for i in sys/termios.h sys/ioctl.h; do
 cat >conftest.$ac_ext <<_ACEOF
-#line 11559 "configure"
+#line 10480 "configure"
 #include "confdefs.h"
 #include <$i>
 
@@ -11577,10 +10498,10 @@ cat >>confdefs.h <<\EOF
 EOF
 
 fi
-echo "$as_me:11580: result: $ac_cv_struct_winsize" >&5
+echo "$as_me:10501: result: $ac_cv_struct_winsize" >&5
 echo "${ECHO_T}$ac_cv_struct_winsize" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 11583 "configure"
+#line 10504 "configure"
 #include "confdefs.h"
 #include <termios.h>
 
@@ -11596,7 +10517,7 @@ fi
 rm -f conftest*
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 11599 "configure"
+#line 10520 "configure"
 #include "confdefs.h"
 #include <termios.h>
 
@@ -11611,14 +10532,14 @@ EOF
 fi
 rm -f conftest*
 
-echo "$as_me:11614: checking for struct spwd" >&5
+echo "$as_me:10535: checking for struct spwd" >&5
 echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6
 if test "${ac_cv_struct_spwd+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 11621 "configure"
+#line 10542 "configure"
 #include "confdefs.h"
 #include <pwd.h>
 #ifdef HAVE_SHADOW_H
@@ -11633,27 +10554,18 @@ struct spwd foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11636: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11639: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11641: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11644: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10557: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_struct_spwd=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_spwd=no
+  cat conftest.$ac_ext >&5
+  ac_cv_struct_spwd=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:11656: result: $ac_cv_struct_spwd" >&5
+echo "$as_me:10568: result: $ac_cv_struct_spwd" >&5
 echo "${ECHO_T}$ac_cv_struct_spwd" >&6
 
 if test "$ac_cv_struct_spwd" = "yes"; then
@@ -11678,9 +10590,8 @@ fi;
 if test "${with_openldap_lib+set}" = set; then
   withval="$with_openldap_lib"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:11681: error: No argument for --with-openldap-lib" >&5
-echo "$as_me: error: No argument for --with-openldap-lib" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-openldap-lib" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_openldap" = "X"; then
   with_openldap=yes
 fi
@@ -11690,15 +10601,14 @@ fi;
 if test "${with_openldap_include+set}" = set; then
   withval="$with_openldap_include"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:11693: error: No argument for --with-openldap-include" >&5
-echo "$as_me: error: No argument for --with-openldap-include" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-openldap-include" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_openldap" = "X"; then
   with_openldap=yes
 fi
 fi;
 
-echo "$as_me:11701: checking for openldap" >&5
+echo "$as_me:10611: checking for openldap" >&5
 echo $ECHO_N "checking for openldap... $ECHO_C" >&6
 
 case "$with_openldap" in
@@ -11738,8 +10648,9 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 11741 "configure"
+#line 10651 "configure"
 #include "confdefs.h"
+#include <lber.h>
 #include <ldap.h>
 int
 main ()
@@ -11750,28 +10661,20 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11753: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11756: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11758: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11761: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10664: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ires=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 done
 for i in $lib_dirs; do
 	LIBS="-L$i -lldap -llber  $save_LIBS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 11773 "configure"
+#line 10675 "configure"
 #include "confdefs.h"
+#include <lber.h>
 #include <ldap.h>
 int
 main ()
@@ -11782,20 +10685,11 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11785: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11788: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11790: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:11793: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10688: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   lres=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 done
@@ -11813,13 +10707,13 @@ cat >>confdefs.h <<EOF
 EOF
 
 	with_openldap=yes
-	echo "$as_me:11816: result: headers $ires, libraries $lres" >&5
+	echo "$as_me:10710: result: headers $ires, libraries $lres" >&5
 echo "${ECHO_T}headers $ires, libraries $lres" >&6
 else
 	INCLUDE_openldap=
 	LIB_openldap=
 	with_openldap=no
-	echo "$as_me:11822: result: $with_openldap" >&5
+	echo "$as_me:10716: result: $with_openldap" >&5
 echo "${ECHO_T}$with_openldap" >&6
 fi
 
@@ -11837,9 +10731,8 @@ fi;
 if test "${with_krb4_lib+set}" = set; then
   withval="$with_krb4_lib"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:11840: error: No argument for --with-krb4-lib" >&5
-echo "$as_me: error: No argument for --with-krb4-lib" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-krb4-lib" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_krb4" = "X"; then
   with_krb4=yes
 fi
@@ -11849,15 +10742,14 @@ fi;
 if test "${with_krb4_include+set}" = set; then
   withval="$with_krb4_include"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:11852: error: No argument for --with-krb4-include" >&5
-echo "$as_me: error: No argument for --with-krb4-include" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-krb4-include" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_krb4" = "X"; then
   with_krb4=yes
 fi
 fi;
 
-echo "$as_me:11860: checking for krb4" >&5
+echo "$as_me:10752: checking for krb4" >&5
 echo $ECHO_N "checking for krb4... $ECHO_C" >&6
 
 case "$with_krb4" in
@@ -11897,7 +10789,7 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 11900 "configure"
+#line 10792 "configure"
 #include "confdefs.h"
 #include <krb.h>
 int
@@ -11909,27 +10801,18 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11912: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:11915: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11917: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:11920: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10804: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ires=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 done
 for i in $lib_dirs; do
 	LIBS="-L$i -lkrb -ldes $save_LIBS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 11932 "configure"
+#line 10815 "configure"
 #include "confdefs.h"
 #include <krb.h>
 int
@@ -11941,20 +10824,11 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11944: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11947: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:11949: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:11952: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10827: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   lres=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 done
@@ -11972,13 +10846,13 @@ cat >>confdefs.h <<EOF
 EOF
 
 	with_krb4=yes
-	echo "$as_me:11975: result: headers $ires, libraries $lres" >&5
+	echo "$as_me:10849: result: headers $ires, libraries $lres" >&5
 echo "${ECHO_T}headers $ires, libraries $lres" >&6
 else
 	INCLUDE_krb4=
 	LIB_krb4=
 	with_krb4=no
-	echo "$as_me:11981: result: $with_krb4" >&5
+	echo "$as_me:10855: result: $with_krb4" >&5
 echo "${ECHO_T}$with_krb4" >&6
 fi
 
@@ -11990,13 +10864,13 @@ if test "$with_krb4" != "no"; then
 	LIBS="$LIB_krb4 -ldes $LIBS"
 	EXTRA_LIB45=lib45.a
 
-	echo "$as_me:11993: checking for four valued krb_put_int" >&5
+	echo "$as_me:10867: checking for four valued krb_put_int" >&5
 echo $ECHO_N "checking for four valued krb_put_int... $ECHO_C" >&6
 if test "${ac_cv_func_krb_put_int_four+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11999 "configure"
+#line 10873 "configure"
 #include "confdefs.h"
 #include <krb.h>
 int
@@ -12010,26 +10884,17 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12013: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12016: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12018: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:12021: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10887: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_func_krb_put_int_four=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_put_int_four=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_krb_put_int_four=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12032: result: $ac_cv_func_krb_put_int_four" >&5
+echo "$as_me:10897: result: $ac_cv_func_krb_put_int_four" >&5
 echo "${ECHO_T}$ac_cv_func_krb_put_int_four" >&6
 	if test "$ac_cv_func_krb_put_int_four" = yes; then
 
@@ -12039,13 +10904,13 @@ EOF
 
 	fi
 
-	echo "$as_me:12042: checking for KRB_VERIFY_SECURE" >&5
+	echo "$as_me:10907: checking for KRB_VERIFY_SECURE" >&5
 echo $ECHO_N "checking for KRB_VERIFY_SECURE... $ECHO_C" >&6
 if test "${ac_cv_func_krb_verify_secure+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12048 "configure"
+#line 10913 "configure"
 #include "confdefs.h"
 #include <krb.h>
 int
@@ -12058,26 +10923,17 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12061: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12064: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12066: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:12069: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10926: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_func_krb_verify_secure=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_verify_secure=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_krb_verify_secure=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12080: result: $ac_cv_func_krb_verify_secure" >&5
+echo "$as_me:10936: result: $ac_cv_func_krb_verify_secure" >&5
 echo "${ECHO_T}$ac_cv_func_krb_verify_secure" >&6
 	if test "$ac_cv_func_krb_verify_secure" != yes; then
 
@@ -12090,13 +10946,13 @@ cat >>confdefs.h <<\EOF
 EOF
 
 	fi
-	echo "$as_me:12093: checking for KRB_VERIFY_NOT_SECURE" >&5
+	echo "$as_me:10949: checking for KRB_VERIFY_NOT_SECURE" >&5
 echo $ECHO_N "checking for KRB_VERIFY_NOT_SECURE... $ECHO_C" >&6
 if test "${ac_cv_func_krb_verify_not_secure+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12099 "configure"
+#line 10955 "configure"
 #include "confdefs.h"
 #include <krb.h>
 int
@@ -12109,26 +10965,17 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12112: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12115: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12117: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:12120: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:10968: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_func_krb_verify_not_secure=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_verify_not_secure=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_krb_verify_not_secure=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12131: result: $ac_cv_func_krb_verify_not_secure" >&5
+echo "$as_me:10978: result: $ac_cv_func_krb_verify_not_secure" >&5
 echo "${ECHO_T}$ac_cv_func_krb_verify_not_secure" >&6
 	if test "$ac_cv_func_krb_verify_not_secure" != yes; then
 
@@ -12138,7 +10985,7 @@ EOF
 
 	fi
 
-echo "$as_me:12141: checking for krb_enable_debug" >&5
+echo "$as_me:10988: checking for krb_enable_debug" >&5
 echo $ECHO_N "checking for krb_enable_debug... $ECHO_C" >&6
 if test "${ac_cv_funclib_krb_enable_debug+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12154,7 +11001,7 @@ if eval "test \"\$ac_cv_func_krb_enable_debug\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 12157 "configure"
+#line 11004 "configure"
 #include "confdefs.h"
 
 int
@@ -12166,20 +11013,11 @@ krb_enable_debug()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12169: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12172: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12174: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:12177: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11016: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_enable_debug=$ac_lib; else ac_cv_funclib_krb_enable_debug=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -12196,13 +11034,13 @@ if false; then
 for ac_func in krb_enable_debug
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:12199: checking for $ac_func" >&5
+echo "$as_me:11037: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12205 "configure"
+#line 11043 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -12233,25 +11071,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12236: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12239: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12241: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:12244: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11074: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:12254: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:11083: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -12275,13 +11104,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:12278: result: yes" >&5
+	echo "$as_me:11107: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_krb_enable_debug=no"
 	eval "LIB_krb_enable_debug="
-	echo "$as_me:12284: result: no" >&5
+	echo "$as_me:11113: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -12295,7 +11124,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:12298: result: yes, in $ac_res" >&5
+	echo "$as_me:11127: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -12304,7 +11133,7 @@ if test -n "$LIB_krb_enable_debug"; then
 	LIBS="$LIB_krb_enable_debug $LIBS"
 fi
 
-echo "$as_me:12307: checking for krb_disable_debug" >&5
+echo "$as_me:11136: checking for krb_disable_debug" >&5
 echo $ECHO_N "checking for krb_disable_debug... $ECHO_C" >&6
 if test "${ac_cv_funclib_krb_disable_debug+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12320,7 +11149,7 @@ if eval "test \"\$ac_cv_func_krb_disable_debug\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 12323 "configure"
+#line 11152 "configure"
 #include "confdefs.h"
 
 int
@@ -12332,20 +11161,11 @@ krb_disable_debug()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12335: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12338: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12340: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:12343: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11164: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_disable_debug=$ac_lib; else ac_cv_funclib_krb_disable_debug=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -12362,13 +11182,13 @@ if false; then
 for ac_func in krb_disable_debug
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:12365: checking for $ac_func" >&5
+echo "$as_me:11185: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12371 "configure"
+#line 11191 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -12399,25 +11219,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12402: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12405: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12407: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:12410: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11222: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:12420: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:11231: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -12441,13 +11252,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:12444: result: yes" >&5
+	echo "$as_me:11255: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_krb_disable_debug=no"
 	eval "LIB_krb_disable_debug="
-	echo "$as_me:12450: result: no" >&5
+	echo "$as_me:11261: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -12461,7 +11272,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:12464: result: yes, in $ac_res" >&5
+	echo "$as_me:11275: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -12470,7 +11281,7 @@ if test -n "$LIB_krb_disable_debug"; then
 	LIBS="$LIB_krb_disable_debug $LIBS"
 fi
 
-echo "$as_me:12473: checking for krb_get_our_ip_for_realm" >&5
+echo "$as_me:11284: checking for krb_get_our_ip_for_realm" >&5
 echo $ECHO_N "checking for krb_get_our_ip_for_realm... $ECHO_C" >&6
 if test "${ac_cv_funclib_krb_get_our_ip_for_realm+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12486,7 +11297,7 @@ if eval "test \"\$ac_cv_func_krb_get_our_ip_for_realm\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 12489 "configure"
+#line 11300 "configure"
 #include "confdefs.h"
 
 int
@@ -12498,20 +11309,11 @@ krb_get_our_ip_for_realm()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12501: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12504: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12506: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:12509: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11312: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_our_ip_for_realm=$ac_lib; else ac_cv_funclib_krb_get_our_ip_for_realm=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -12528,13 +11330,13 @@ if false; then
 for ac_func in krb_get_our_ip_for_realm
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:12531: checking for $ac_func" >&5
+echo "$as_me:11333: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12537 "configure"
+#line 11339 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -12565,25 +11367,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12568: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12571: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12573: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:12576: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11370: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:12586: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:11379: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -12607,13 +11400,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:12610: result: yes" >&5
+	echo "$as_me:11403: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_krb_get_our_ip_for_realm=no"
 	eval "LIB_krb_get_our_ip_for_realm="
-	echo "$as_me:12616: result: no" >&5
+	echo "$as_me:11409: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -12627,7 +11420,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:12630: result: yes, in $ac_res" >&5
+	echo "$as_me:11423: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -12636,13 +11429,13 @@ if test -n "$LIB_krb_get_our_ip_for_realm"; then
 	LIBS="$LIB_krb_get_our_ip_for_realm $LIBS"
 fi
 
-	echo "$as_me:12639: checking for krb_mk_req with const arguments" >&5
+	echo "$as_me:11432: checking for krb_mk_req with const arguments" >&5
 echo $ECHO_N "checking for krb_mk_req with const arguments... $ECHO_C" >&6
 if test "${ac_cv_func_krb_mk_req_const+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12645 "configure"
+#line 11438 "configure"
 #include "confdefs.h"
 #include <krb.h>
 		int krb_mk_req(KTEXT a, const char *s, const char *i,
@@ -12657,26 +11450,17 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12660: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12663: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:12665: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:12668: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11453: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_func_krb_mk_req_const=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_mk_req_const=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_krb_mk_req_const=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12679: result: $ac_cv_func_krb_mk_req_const" >&5
+echo "$as_me:11463: result: $ac_cv_func_krb_mk_req_const" >&5
 echo "${ECHO_T}$ac_cv_func_krb_mk_req_const" >&6
 	if test "$ac_cv_func_krb_mk_req_const" = "yes"; then
 
@@ -12689,6 +11473,7 @@ EOF
 	LIBS="$save_LIBS"
 	CFLAGS="$save_CFLAGS"
 	LIB_kdb="-lkdb -lkrb"
+	test_LIB_krb4="$LIB_krb4"
 	if test "$krb4_libdir"; then
 		LIB_krb4="-R $krb4_libdir $LIB_krb4"
 		LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb"
@@ -12746,11 +11531,12 @@ fi
 
 ## XXX quite horrible:
 if test -f /etc/ibmcxx.cfg; then
-	dpagaix_LDADD=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^^=*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_CFLAGS=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^^=*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'`
+	dpagaix_LDADD=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'`
+	dpagaix_CFLAGS=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'`
 else
 	dpagaix_CFLAGS="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
 	dpagaix_LDADD="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
+	dpagaix_LDFLAGS="-Wl,-bI:dfspag.exp"
 fi
 
 # Check whether --enable-kaserver or --disable-kaserver was given.
@@ -12765,9 +11551,8 @@ cat >>confdefs.h <<\EOF
 EOF
 
 	if test "$with_krb4" = "no"; then
-		{ { echo "$as_me:12768: error: kaserver requires krb4" >&5
-echo "$as_me: error: kaserver requires krb4" >&2;}
-   { (exit 1); exit 1; }; }
+		{  echo "$as_me: error: kaserver requires krb4" >&2
+  { (exit 1); exit; }; }
 		exit 1
 	fi
 fi
@@ -12784,9 +11569,8 @@ cat >>confdefs.h <<\EOF
 EOF
 
 	if test "$with_krb4" = "no"; then
-		{ { echo "$as_me:12787: error: kaserver-db requires krb4" >&5
-echo "$as_me: error: kaserver-db requires krb4" >&2;}
-   { (exit 1); exit 1; }; }
+		{  echo "$as_me: error: kaserver-db requires krb4" >&2
+  { (exit 1); exit; }; }
 		exit 1
 	fi
 fi
@@ -12835,7 +11619,7 @@ fi
 
 # Extract the first word of "nroff", so it can be a program name with args.
 set dummy nroff; ac_word=$2
-echo "$as_me:12838: checking for $ac_word" >&5
+echo "$as_me:11622: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_NROFF+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12850,7 +11634,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  if $as_executable_p "$ac_dir/$ac_word"; then
+  if test -f "$ac_dir/$ac_word"; then
    ac_cv_path_NROFF="$ac_dir/$ac_word"
    break
 fi
@@ -12862,16 +11646,16 @@ fi
 NROFF=$ac_cv_path_NROFF
 
 if test -n "$NROFF"; then
-  echo "$as_me:12865: result: $NROFF" >&5
+  echo "$as_me:11649: result: $NROFF" >&5
 echo "${ECHO_T}$NROFF" >&6
 else
-  echo "$as_me:12868: result: no" >&5
+  echo "$as_me:11652: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 # Extract the first word of "groff", so it can be a program name with args.
 set dummy groff; ac_word=$2
-echo "$as_me:12874: checking for $ac_word" >&5
+echo "$as_me:11658: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_GROFF+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12886,7 +11670,7 @@ ac_dummy="$PATH"
 for ac_dir in $ac_dummy; do
   IFS=$ac_save_IFS
   test -z "$ac_dir" && ac_dir=.
-  if $as_executable_p "$ac_dir/$ac_word"; then
+  if test -f "$ac_dir/$ac_word"; then
    ac_cv_path_GROFF="$ac_dir/$ac_word"
    break
 fi
@@ -12898,14 +11682,14 @@ fi
 GROFF=$ac_cv_path_GROFF
 
 if test -n "$GROFF"; then
-  echo "$as_me:12901: result: $GROFF" >&5
+  echo "$as_me:11685: result: $GROFF" >&5
 echo "${ECHO_T}$GROFF" >&6
 else
-  echo "$as_me:12904: result: no" >&5
+  echo "$as_me:11688: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
-echo "$as_me:12908: checking how to format man pages" >&5
+echo "$as_me:11692: checking how to format man pages" >&5
 echo $ECHO_N "checking how to format man pages... $ECHO_C" >&6
 if test "${ac_cv_sys_man_format+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12942,7 +11726,7 @@ if test "$ac_cv_sys_man_format"; then
 fi
 
 fi
-echo "$as_me:12945: result: $ac_cv_sys_man_format" >&5
+echo "$as_me:11729: result: $ac_cv_sys_man_format" >&5
 echo "${ECHO_T}$ac_cv_sys_man_format" >&6
 if test "$ac_cv_sys_man_format"; then
 	CATMAN="$ac_cv_sys_man_format"
@@ -12956,7 +11740,7 @@ else
   CATMAN_TRUE='#'
   CATMAN_FALSE=
 fi
-echo "$as_me:12959: checking extension of pre-formatted manual pages" >&5
+echo "$as_me:11743: checking extension of pre-formatted manual pages" >&5
 echo $ECHO_N "checking extension of pre-formatted manual pages... $ECHO_C" >&6
 if test "${ac_cv_sys_catman_ext+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -12968,7 +11752,7 @@ else
 fi
 
 fi
-echo "$as_me:12971: result: $ac_cv_sys_catman_ext" >&5
+echo "$as_me:11755: result: $ac_cv_sys_catman_ext" >&5
 echo "${ECHO_T}$ac_cv_sys_catman_ext" >&6
 if test "$ac_cv_sys_catman_ext" = number; then
 	CATMANEXT='$$section'
@@ -12986,9 +11770,8 @@ fi;
 if test "${with_readline_lib+set}" = set; then
   withval="$with_readline_lib"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:12989: error: No argument for --with-readline-lib" >&5
-echo "$as_me: error: No argument for --with-readline-lib" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-readline-lib" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_readline" = "X"; then
   with_readline=yes
 fi
@@ -12998,15 +11781,14 @@ fi;
 if test "${with_readline_include+set}" = set; then
   withval="$with_readline_include"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:13001: error: No argument for --with-readline-include" >&5
-echo "$as_me: error: No argument for --with-readline-include" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-readline-include" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_readline" = "X"; then
   with_readline=yes
 fi
 fi;
 
-echo "$as_me:13009: checking for readline" >&5
+echo "$as_me:11791: checking for readline" >&5
 echo $ECHO_N "checking for readline... $ECHO_C" >&6
 
 case "$with_readline" in
@@ -13046,7 +11828,7 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 13049 "configure"
+#line 11831 "configure"
 #include "confdefs.h"
 #include <stdio.h>
  #include <readline.h>
@@ -13059,27 +11841,18 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13062: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13065: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13067: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:13070: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11844: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ires=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 done
 for i in $lib_dirs; do
 	LIBS="-L$i -lreadline  $save_LIBS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 13082 "configure"
+#line 11855 "configure"
 #include "confdefs.h"
 #include <stdio.h>
  #include <readline.h>
@@ -13092,20 +11865,11 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13095: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13098: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13100: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13103: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11868: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   lres=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 done
@@ -13123,13 +11887,13 @@ cat >>confdefs.h <<EOF
 EOF
 
 	with_readline=yes
-	echo "$as_me:13126: result: headers $ires, libraries $lres" >&5
+	echo "$as_me:11890: result: headers $ires, libraries $lres" >&5
 echo "${ECHO_T}headers $ires, libraries $lres" >&6
 else
 	INCLUDE_readline=
 	LIB_readline=
 	with_readline=no
-	echo "$as_me:13132: result: $with_readline" >&5
+	echo "$as_me:11896: result: $with_readline" >&5
 echo "${ECHO_T}$with_readline" >&6
 fi
 
@@ -13143,9 +11907,8 @@ fi;
 if test "${with_hesiod_lib+set}" = set; then
   withval="$with_hesiod_lib"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:13146: error: No argument for --with-hesiod-lib" >&5
-echo "$as_me: error: No argument for --with-hesiod-lib" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-hesiod-lib" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_hesiod" = "X"; then
   with_hesiod=yes
 fi
@@ -13155,15 +11918,14 @@ fi;
 if test "${with_hesiod_include+set}" = set; then
   withval="$with_hesiod_include"
   if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:13158: error: No argument for --with-hesiod-include" >&5
-echo "$as_me: error: No argument for --with-hesiod-include" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: No argument for --with-hesiod-include" >&2
+  { (exit 1); exit; }; }
 elif test "X$with_hesiod" = "X"; then
   with_hesiod=yes
 fi
 fi;
 
-echo "$as_me:13166: checking for hesiod" >&5
+echo "$as_me:11928: checking for hesiod" >&5
 echo $ECHO_N "checking for hesiod... $ECHO_C" >&6
 
 case "$with_hesiod" in
@@ -13203,7 +11965,7 @@ ires= lres=
 for i in $header_dirs; do
 	CFLAGS="-I$i $save_CFLAGS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 13206 "configure"
+#line 11968 "configure"
 #include "confdefs.h"
 #include <hesiod.h>
 int
@@ -13215,27 +11977,18 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13218: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13221: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13223: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:13226: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:11980: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ires=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 done
 for i in $lib_dirs; do
 	LIBS="-L$i -lhesiod  $save_LIBS"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 13238 "configure"
+#line 11991 "configure"
 #include "confdefs.h"
 #include <hesiod.h>
 int
@@ -13247,20 +12000,11 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13250: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13253: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13255: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13258: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12003: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   lres=$i;break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 done
@@ -13278,13 +12022,13 @@ cat >>confdefs.h <<EOF
 EOF
 
 	with_hesiod=yes
-	echo "$as_me:13281: result: headers $ires, libraries $lres" >&5
+	echo "$as_me:12025: result: headers $ires, libraries $lres" >&5
 echo "${ECHO_T}headers $ires, libraries $lres" >&6
 else
 	INCLUDE_hesiod=
 	LIB_hesiod=
 	with_hesiod=no
-	echo "$as_me:13287: result: $with_hesiod" >&5
+	echo "$as_me:12031: result: $with_hesiod" >&5
 echo "${ECHO_T}$with_hesiod" >&6
 fi
 
@@ -13298,13 +12042,13 @@ if test "${enable_littleendian+set}" = set; then
   enableval="$enable_littleendian"
   krb_cv_c_bigendian=no
 fi;
-echo "$as_me:13301: checking whether byte order is known at compile time" >&5
+echo "$as_me:12045: checking whether byte order is known at compile time" >&5
 echo $ECHO_N "checking whether byte order is known at compile time... $ECHO_C" >&6
 if test "${krb_cv_c_bigendian_compile+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13307 "configure"
+#line 12051 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -13321,27 +12065,18 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13324: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13327: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13329: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:13332: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12068: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   krb_cv_c_bigendian_compile=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_c_bigendian_compile=no
+  cat conftest.$ac_ext >&5
+  krb_cv_c_bigendian_compile=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:13342: result: $krb_cv_c_bigendian_compile" >&5
+echo "$as_me:12077: result: $krb_cv_c_bigendian_compile" >&5
 echo "${ECHO_T}$krb_cv_c_bigendian_compile" >&6
-echo "$as_me:13344: checking whether byte ordering is bigendian" >&5
+echo "$as_me:12079: checking whether byte ordering is bigendian" >&5
 echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
 if test "${krb_cv_c_bigendian+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -13349,7 +12084,7 @@ else
 
   if test "$krb_cv_c_bigendian_compile" = "yes"; then
     cat >conftest.$ac_ext <<_ACEOF
-#line 13352 "configure"
+#line 12087 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -13366,31 +12101,21 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13369: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13372: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13374: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:13377: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12104: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   krb_cv_c_bigendian=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_c_bigendian=no
+  cat conftest.$ac_ext >&5
+  krb_cv_c_bigendian=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
   else
     if test "$cross_compiling" = yes; then
-  { { echo "$as_me:13388: error: specify either --enable-bigendian or --enable-littleendian" >&5
-echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2
+  { (exit 1); exit; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13393 "configure"
+#line 12118 "configure"
 #include "confdefs.h"
 main () {
       /* Are we little or big endian?  From Harbison&Steele.  */
@@ -13404,15 +12129,10 @@ main () {
   }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:13407: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13410: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:13411: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13414: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:12132: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   krb_cv_c_bigendian=no
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -13420,12 +12140,14 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 krb_cv_c_bigendian=yes
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
   fi
 
 fi
-echo "$as_me:13428: result: $krb_cv_c_bigendian" >&5
+echo "$as_me:12150: result: $krb_cv_c_bigendian" >&5
 echo "${ECHO_T}$krb_cv_c_bigendian" >&6
 if test "$krb_cv_c_bigendian" = "yes"; then
 
@@ -13440,7 +12162,7 @@ cat >>confdefs.h <<\EOF
 EOF
 fi
 
-echo "$as_me:13443: checking for inline" >&5
+echo "$as_me:12165: checking for inline" >&5
 echo $ECHO_N "checking for inline... $ECHO_C" >&6
 if test "${ac_cv_c_inline+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -13448,7 +12170,7 @@ else
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat >conftest.$ac_ext <<_ACEOF
-#line 13451 "configure"
+#line 12173 "configure"
 #include "confdefs.h"
 #ifndef __cplusplus
 $ac_kw int foo () {return 0; }
@@ -13456,26 +12178,17 @@ $ac_kw int foo () {return 0; }
 
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13459: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13462: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13464: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:13467: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12181: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_c_inline=$ac_kw; break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 done
 
 fi
-echo "$as_me:13478: result: $ac_cv_c_inline" >&5
+echo "$as_me:12191: result: $ac_cv_c_inline" >&5
 echo "${ECHO_T}$ac_cv_c_inline" >&6
 case $ac_cv_c_inline in
   inline | yes) ;;
@@ -13525,7 +12238,7 @@ else
   AIX_DYNAMIC_AFS_FALSE=
 fi
 
-echo "$as_me:13528: checking for dlopen" >&5
+echo "$as_me:12241: checking for dlopen" >&5
 echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
 if test "${ac_cv_funclib_dlopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -13541,7 +12254,7 @@ if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 13544 "configure"
+#line 12257 "configure"
 #include "confdefs.h"
 
 int
@@ -13553,20 +12266,11 @@ dlopen()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13556: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13559: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13561: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13564: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12269: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -13583,13 +12287,13 @@ if false; then
 for ac_func in dlopen
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:13586: checking for $ac_func" >&5
+echo "$as_me:12290: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13592 "configure"
+#line 12296 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -13620,25 +12324,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13623: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13626: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13628: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13631: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12327: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:13641: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:12336: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -13662,13 +12357,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:13665: result: yes" >&5
+	echo "$as_me:12360: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_dlopen=no"
 	eval "LIB_dlopen="
-	echo "$as_me:13671: result: no" >&5
+	echo "$as_me:12366: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -13682,7 +12377,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:13685: result: yes, in $ac_res" >&5
+	echo "$as_me:12380: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -13722,7 +12417,7 @@ else
   IRIX_FALSE=
 fi
 
-echo "$as_me:13725: checking for X" >&5
+echo "$as_me:12420: checking for X" >&5
 echo $ECHO_N "checking for X... $ECHO_C" >&6
 
 # Check whether --with-x or --without-x was given.
@@ -13739,7 +12434,7 @@ else
     # Both variables are already set.
     have_x=yes
   else
-    if test "${ac_cv_have_x+set}" = set; then
+if test "${ac_cv_have_x+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   # One or both of the vars are not set, and there is no cached value.
@@ -13819,19 +12514,13 @@ if test "$ac_x_includes" = no; then
   # Guess where to find include files, by looking for Intrinsic.h.
   # First, try using that file with no special directory specified.
   cat >conftest.$ac_ext <<_ACEOF
-#line 13822 "configure"
+#line 12517 "configure"
 #include "confdefs.h"
 #include <X11/Intrinsic.h>
 _ACEOF
-if { (eval echo "$as_me:13826: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:13832: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:12522: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -13839,10 +12528,12 @@ if { (eval echo "$as_me:13826: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   # We can compile using X headers with no special include directory.
 ac_x_includes=
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   for ac_dir in $ac_x_header_dirs; do
@@ -13852,7 +12543,8 @@ else
   fi
 done
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi # $ac_x_includes = no
 
 if test "$ac_x_libraries" = no; then
@@ -13862,7 +12554,7 @@ if test "$ac_x_libraries" = no; then
   ac_save_LIBS=$LIBS
   LIBS="-lXt $LIBS"
   cat >conftest.$ac_ext <<_ACEOF
-#line 13865 "configure"
+#line 12557 "configure"
 #include "confdefs.h"
 #include <X11/Intrinsic.h>
 int
@@ -13874,23 +12566,14 @@ XtMalloc (0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13877: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13880: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13882: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13885: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12569: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   LIBS=$ac_save_LIBS
 # We can link X programs with no special library path.
 ac_x_libraries=
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-LIBS=$ac_save_LIBS
+  cat conftest.$ac_ext >&5
+  LIBS=$ac_save_LIBS
 for ac_dir in `echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g`
 do
   # Don't even attempt the hair of trying to link an X program!
@@ -13914,13 +12597,12 @@ else
 	        ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries"
 fi
 fi
-
   fi
   eval "$ac_cv_have_x"
 fi # $with_x != no
 
 if test "$have_x" != yes; then
-  echo "$as_me:13923: result: $have_x" >&5
+  echo "$as_me:12605: result: $have_x" >&5
 echo "${ECHO_T}$have_x" >&6
   no_x=yes
 else
@@ -13930,7 +12612,7 @@ else
   # Update the cache value to reflect the command line values.
   ac_cv_have_x="have_x=yes \
 		ac_x_includes=$x_includes ac_x_libraries=$x_libraries"
-  echo "$as_me:13933: result: libraries $x_libraries, headers $x_includes" >&5
+  echo "$as_me:12615: result: libraries $x_libraries, headers $x_includes" >&5
 echo "${ECHO_T}libraries $x_libraries, headers $x_includes" >&6
 fi
 
@@ -13954,11 +12636,11 @@ else
     # others require no space.  Words are not sufficient . . . .
     case `(uname -sr) 2>/dev/null` in
     "SunOS 5"*)
-      echo "$as_me:13957: checking whether -R must be followed by a space" >&5
+      echo "$as_me:12639: checking whether -R must be followed by a space" >&5
 echo $ECHO_N "checking whether -R must be followed by a space... $ECHO_C" >&6
       ac_xsave_LIBS=$LIBS; LIBS="$LIBS -R$x_libraries"
       cat >conftest.$ac_ext <<_ACEOF
-#line 13961 "configure"
+#line 12643 "configure"
 #include "confdefs.h"
 
 int
@@ -13970,31 +12652,22 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13973: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13976: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:13978: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:13981: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12655: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_R_nospace=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_R_nospace=no
+  cat conftest.$ac_ext >&5
+  ac_R_nospace=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
       if test $ac_R_nospace = yes; then
-	echo "$as_me:13991: result: no" >&5
+	echo "$as_me:12664: result: no" >&5
 echo "${ECHO_T}no" >&6
 	X_LIBS="$X_LIBS -R$x_libraries"
       else
 	LIBS="$ac_xsave_LIBS -R $x_libraries"
 	cat >conftest.$ac_ext <<_ACEOF
-#line 13997 "configure"
+#line 12670 "configure"
 #include "confdefs.h"
 
 int
@@ -14006,29 +12679,20 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14009: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14012: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14014: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14017: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12682: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_R_space=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_R_space=no
+  cat conftest.$ac_ext >&5
+  ac_R_space=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	if test $ac_R_space = yes; then
-	  echo "$as_me:14027: result: yes" >&5
+	  echo "$as_me:12691: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	  X_LIBS="$X_LIBS -R $x_libraries"
 	else
-	  echo "$as_me:14031: result: neither works" >&5
+	  echo "$as_me:12695: result: neither works" >&5
 echo "${ECHO_T}neither works" >&6
 	fi
       fi
@@ -14046,7 +12710,8 @@ echo "${ECHO_T}neither works" >&6
     # Martyn Johnson says this is needed for Ultrix, if the X
     # libraries were built with DECnet support.  And Karl Berry says
     # the Alpha needs dnet_stub (dnet does not exist).
-    echo "$as_me:14049: checking for dnet_ntoa in -ldnet" >&5
+
+echo "$as_me:12714: checking for dnet_ntoa in -ldnet" >&5
 echo $ECHO_N "checking for dnet_ntoa in -ldnet... $ECHO_C" >&6
 if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14054,7 +12719,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldnet  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14057 "configure"
+#line 12722 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14073,33 +12738,25 @@ dnet_ntoa ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14076: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14079: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14081: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14084: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12741: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_dnet_dnet_ntoa=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dnet_dnet_ntoa=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_dnet_dnet_ntoa=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14095: result: $ac_cv_lib_dnet_dnet_ntoa" >&5
+echo "$as_me:12751: result: $ac_cv_lib_dnet_dnet_ntoa" >&5
 echo "${ECHO_T}$ac_cv_lib_dnet_dnet_ntoa" >&6
 if test $ac_cv_lib_dnet_dnet_ntoa = yes; then
   X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
 fi
 
     if test $ac_cv_lib_dnet_dnet_ntoa = no; then
-      echo "$as_me:14102: checking for dnet_ntoa in -ldnet_stub" >&5
+
+echo "$as_me:12759: checking for dnet_ntoa in -ldnet_stub" >&5
 echo $ECHO_N "checking for dnet_ntoa in -ldnet_stub... $ECHO_C" >&6
 if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14107,7 +12764,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldnet_stub  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14110 "configure"
+#line 12767 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14126,26 +12783,17 @@ dnet_ntoa ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14129: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14132: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14134: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14137: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12786: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_dnet_stub_dnet_ntoa=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dnet_stub_dnet_ntoa=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_dnet_stub_dnet_ntoa=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14148: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5
+echo "$as_me:12796: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5
 echo "${ECHO_T}$ac_cv_lib_dnet_stub_dnet_ntoa" >&6
 if test $ac_cv_lib_dnet_stub_dnet_ntoa = yes; then
   X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
@@ -14161,13 +12809,13 @@ fi
     # on Irix 5.2, according to T.E. Dickey.
     # The functions gethostbyname, getservbyname, and inet_addr are
     # in -lbsd on LynxOS 3.0.1/i386, according to Lars Hecking.
-    echo "$as_me:14164: checking for gethostbyname" >&5
+    echo "$as_me:12812: checking for gethostbyname" >&5
 echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
 if test "${ac_cv_func_gethostbyname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14170 "configure"
+#line 12818 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char gethostbyname (); below.  */
@@ -14198,29 +12846,21 @@ f = gethostbyname;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14201: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14204: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14206: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14209: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12849: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_func_gethostbyname=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gethostbyname=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_gethostbyname=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:14219: result: $ac_cv_func_gethostbyname" >&5
+echo "$as_me:12858: result: $ac_cv_func_gethostbyname" >&5
 echo "${ECHO_T}$ac_cv_func_gethostbyname" >&6
 
     if test $ac_cv_func_gethostbyname = no; then
-      echo "$as_me:14223: checking for gethostbyname in -lnsl" >&5
+
+echo "$as_me:12863: checking for gethostbyname in -lnsl" >&5
 echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6
 if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14228,7 +12868,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lnsl  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14231 "configure"
+#line 12871 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14247,33 +12887,25 @@ gethostbyname ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14250: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14253: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14255: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14258: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12890: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_nsl_gethostbyname=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_nsl_gethostbyname=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_nsl_gethostbyname=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14269: result: $ac_cv_lib_nsl_gethostbyname" >&5
+echo "$as_me:12900: result: $ac_cv_lib_nsl_gethostbyname" >&5
 echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6
 if test $ac_cv_lib_nsl_gethostbyname = yes; then
   X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
 fi
 
       if test $ac_cv_lib_nsl_gethostbyname = no; then
-        echo "$as_me:14276: checking for gethostbyname in -lbsd" >&5
+
+echo "$as_me:12908: checking for gethostbyname in -lbsd" >&5
 echo $ECHO_N "checking for gethostbyname in -lbsd... $ECHO_C" >&6
 if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14281,7 +12913,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lbsd  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14284 "configure"
+#line 12916 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14300,26 +12932,17 @@ gethostbyname ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14303: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14306: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14308: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14311: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12935: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_bsd_gethostbyname=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_bsd_gethostbyname=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_bsd_gethostbyname=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14322: result: $ac_cv_lib_bsd_gethostbyname" >&5
+echo "$as_me:12945: result: $ac_cv_lib_bsd_gethostbyname" >&5
 echo "${ECHO_T}$ac_cv_lib_bsd_gethostbyname" >&6
 if test $ac_cv_lib_bsd_gethostbyname = yes; then
   X_EXTRA_LIBS="$X_EXTRA_LIBS -lbsd"
@@ -14335,13 +12958,13 @@ fi
     # variants that don't use the nameserver (or something).  -lsocket
     # must be given before -lnsl if both are needed.  We assume that
     # if connect needs -lnsl, so does gethostbyname.
-    echo "$as_me:14338: checking for connect" >&5
+    echo "$as_me:12961: checking for connect" >&5
 echo $ECHO_N "checking for connect... $ECHO_C" >&6
 if test "${ac_cv_func_connect+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14344 "configure"
+#line 12967 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char connect (); below.  */
@@ -14372,29 +12995,21 @@ f = connect;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14375: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14378: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14380: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14383: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:12998: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_func_connect=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_connect=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_connect=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:14393: result: $ac_cv_func_connect" >&5
+echo "$as_me:13007: result: $ac_cv_func_connect" >&5
 echo "${ECHO_T}$ac_cv_func_connect" >&6
 
     if test $ac_cv_func_connect = no; then
-      echo "$as_me:14397: checking for connect in -lsocket" >&5
+
+echo "$as_me:13012: checking for connect in -lsocket" >&5
 echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6
 if test "${ac_cv_lib_socket_connect+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14402,7 +13017,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14405 "configure"
+#line 13020 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14421,26 +13036,17 @@ connect ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14424: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14427: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14429: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14432: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13039: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_socket_connect=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_socket_connect=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_socket_connect=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14443: result: $ac_cv_lib_socket_connect" >&5
+echo "$as_me:13049: result: $ac_cv_lib_socket_connect" >&5
 echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6
 if test $ac_cv_lib_socket_connect = yes; then
   X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
@@ -14449,13 +13055,13 @@ fi
     fi
 
     # Guillermo Gomez says -lposix is necessary on A/UX.
-    echo "$as_me:14452: checking for remove" >&5
+    echo "$as_me:13058: checking for remove" >&5
 echo $ECHO_N "checking for remove... $ECHO_C" >&6
 if test "${ac_cv_func_remove+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14458 "configure"
+#line 13064 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char remove (); below.  */
@@ -14486,29 +13092,21 @@ f = remove;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14489: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14492: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14494: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14497: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13095: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_func_remove=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_remove=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_remove=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:14507: result: $ac_cv_func_remove" >&5
+echo "$as_me:13104: result: $ac_cv_func_remove" >&5
 echo "${ECHO_T}$ac_cv_func_remove" >&6
 
     if test $ac_cv_func_remove = no; then
-      echo "$as_me:14511: checking for remove in -lposix" >&5
+
+echo "$as_me:13109: checking for remove in -lposix" >&5
 echo $ECHO_N "checking for remove in -lposix... $ECHO_C" >&6
 if test "${ac_cv_lib_posix_remove+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14516,7 +13114,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lposix  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14519 "configure"
+#line 13117 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14535,26 +13133,17 @@ remove ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14538: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14541: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14543: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14546: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13136: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_posix_remove=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_posix_remove=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_posix_remove=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14557: result: $ac_cv_lib_posix_remove" >&5
+echo "$as_me:13146: result: $ac_cv_lib_posix_remove" >&5
 echo "${ECHO_T}$ac_cv_lib_posix_remove" >&6
 if test $ac_cv_lib_posix_remove = yes; then
   X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
@@ -14563,13 +13152,13 @@ fi
     fi
 
     # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
-    echo "$as_me:14566: checking for shmat" >&5
+    echo "$as_me:13155: checking for shmat" >&5
 echo $ECHO_N "checking for shmat... $ECHO_C" >&6
 if test "${ac_cv_func_shmat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14572 "configure"
+#line 13161 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char shmat (); below.  */
@@ -14600,29 +13189,21 @@ f = shmat;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14603: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14606: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14608: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14611: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13192: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_func_shmat=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_shmat=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_shmat=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:14621: result: $ac_cv_func_shmat" >&5
+echo "$as_me:13201: result: $ac_cv_func_shmat" >&5
 echo "${ECHO_T}$ac_cv_func_shmat" >&6
 
     if test $ac_cv_func_shmat = no; then
-      echo "$as_me:14625: checking for shmat in -lipc" >&5
+
+echo "$as_me:13206: checking for shmat in -lipc" >&5
 echo $ECHO_N "checking for shmat in -lipc... $ECHO_C" >&6
 if test "${ac_cv_lib_ipc_shmat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14630,7 +13211,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lipc  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14633 "configure"
+#line 13214 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14649,26 +13230,17 @@ shmat ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14652: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14655: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14657: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14660: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13233: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_ipc_shmat=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipc_shmat=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_ipc_shmat=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14671: result: $ac_cv_lib_ipc_shmat" >&5
+echo "$as_me:13243: result: $ac_cv_lib_ipc_shmat" >&5
 echo "${ECHO_T}$ac_cv_lib_ipc_shmat" >&6
 if test $ac_cv_lib_ipc_shmat = yes; then
   X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
@@ -14686,7 +13258,8 @@ fi
   # These have to be linked with before -lX11, unlike the other
   # libraries we check for below, so use a different variable.
   # John Interrante, Karl Berry
-  echo "$as_me:14689: checking for IceConnectionNumber in -lICE" >&5
+
+echo "$as_me:13262: checking for IceConnectionNumber in -lICE" >&5
 echo $ECHO_N "checking for IceConnectionNumber in -lICE... $ECHO_C" >&6
 if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14694,7 +13267,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lICE $X_EXTRA_LIBS $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14697 "configure"
+#line 13270 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14713,26 +13286,17 @@ IceConnectionNumber ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14716: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14719: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14721: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14724: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13289: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_ICE_IceConnectionNumber=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ICE_IceConnectionNumber=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_ICE_IceConnectionNumber=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14735: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5
+echo "$as_me:13299: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5
 echo "${ECHO_T}$ac_cv_lib_ICE_IceConnectionNumber" >&6
 if test $ac_cv_lib_ICE_IceConnectionNumber = yes; then
   X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
@@ -14745,7 +13309,7 @@ fi
 # try to figure out if we need any additional ld flags, like -R
 # and yes, the autoconf X test is utterly broken
 if test "$no_x" != yes; then
-	echo "$as_me:14748: checking for special X linker flags" >&5
+	echo "$as_me:13312: checking for special X linker flags" >&5
 echo $ECHO_N "checking for special X linker flags... $ECHO_C" >&6
 if test "${krb_cv_sys_x_libs_rpath+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14774,12 +13338,11 @@ else
 		fi
 		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
 		if test "$cross_compiling" = yes; then
-  { { echo "$as_me:14777: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
+  {  echo "$as_me: error: cannot run test program while cross compiling" >&2
+  { (exit 1); exit; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14782 "configure"
+#line 13345 "configure"
 #include "confdefs.h"
 
 		#include <X11/Xlib.h>
@@ -14794,15 +13357,10 @@ else
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:14797: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14800: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:14801: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14804: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:13360: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -14810,14 +13368,16 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 :
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 	done
 	LIBS="$ac_save_libs"
 	CFLAGS="$ac_save_cflags"
 
 fi
-echo "$as_me:14820: result: $krb_cv_sys_x_libs_rpath" >&5
+echo "$as_me:13380: result: $krb_cv_sys_x_libs_rpath" >&5
 echo "${ECHO_T}$krb_cv_sys_x_libs_rpath" >&6
 	X_LIBS="$krb_cv_sys_x_libs"
 fi
@@ -14837,7 +13397,7 @@ LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
 save_LDFLAGS="$LDFLAGS"
 LDFLAGS="$LDFLAGS $X_LIBS"
 
-echo "$as_me:14840: checking for XauWriteAuth" >&5
+echo "$as_me:13400: checking for XauWriteAuth" >&5
 echo $ECHO_N "checking for XauWriteAuth... $ECHO_C" >&6
 if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14853,7 +13413,7 @@ if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 14856 "configure"
+#line 13416 "configure"
 #include "confdefs.h"
 
 int
@@ -14865,20 +13425,11 @@ XauWriteAuth()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14868: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14871: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14873: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14876: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13428: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -14895,13 +13446,13 @@ if false; then
 for ac_func in XauWriteAuth
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:14898: checking for $ac_func" >&5
+echo "$as_me:13449: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14904 "configure"
+#line 13455 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -14932,25 +13483,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14935: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14938: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:14940: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:14943: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13486: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:14953: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:13495: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -14974,13 +13516,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:14977: result: yes" >&5
+	echo "$as_me:13519: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_XauWriteAuth=no"
 	eval "LIB_XauWriteAuth="
-	echo "$as_me:14983: result: no" >&5
+	echo "$as_me:13525: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -14994,7 +13536,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:14997: result: yes, in $ac_res" >&5
+	echo "$as_me:13539: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -15002,7 +13544,7 @@ esac
 ac_xxx="$LIBS"
 LIBS="$LIB_XauWriteAuth $LIBS"
 
-echo "$as_me:15005: checking for XauReadAuth" >&5
+echo "$as_me:13547: checking for XauReadAuth" >&5
 echo $ECHO_N "checking for XauReadAuth... $ECHO_C" >&6
 if test "${ac_cv_funclib_XauReadAuth+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -15018,7 +13560,7 @@ if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 15021 "configure"
+#line 13563 "configure"
 #include "confdefs.h"
 
 int
@@ -15030,20 +13572,11 @@ XauReadAuth()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15033: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15036: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15038: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:15041: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13575: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -15060,13 +13593,13 @@ if false; then
 for ac_func in XauReadAuth
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:15063: checking for $ac_func" >&5
+echo "$as_me:13596: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15069 "configure"
+#line 13602 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -15097,25 +13630,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15100: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15103: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15105: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:15108: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13633: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:15118: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:13642: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -15139,13 +13663,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:15142: result: yes" >&5
+	echo "$as_me:13666: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_XauReadAuth=no"
 	eval "LIB_XauReadAuth="
-	echo "$as_me:15148: result: no" >&5
+	echo "$as_me:13672: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -15159,14 +13683,14 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:15162: result: yes, in $ac_res" >&5
+	echo "$as_me:13686: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
 LIBS="$LIB_XauReadAauth $LIBS"
 
-echo "$as_me:15169: checking for XauFileName" >&5
+echo "$as_me:13693: checking for XauFileName" >&5
 echo $ECHO_N "checking for XauFileName... $ECHO_C" >&6
 if test "${ac_cv_funclib_XauFileName+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -15182,7 +13706,7 @@ if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 15185 "configure"
+#line 13709 "configure"
 #include "confdefs.h"
 
 int
@@ -15194,20 +13718,11 @@ XauFileName()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15197: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15200: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15202: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:15205: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13721: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -15224,13 +13739,13 @@ if false; then
 for ac_func in XauFileName
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:15227: checking for $ac_func" >&5
+echo "$as_me:13742: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15233 "configure"
+#line 13748 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -15261,25 +13776,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15264: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15267: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15269: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:15272: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13779: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:15282: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:13788: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -15303,13 +13809,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:15306: result: yes" >&5
+	echo "$as_me:13812: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_XauFileName=no"
 	eval "LIB_XauFileName="
-	echo "$as_me:15312: result: no" >&5
+	echo "$as_me:13818: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -15323,7 +13829,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:15326: result: yes, in $ac_res" >&5
+	echo "$as_me:13832: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -15372,13 +13878,13 @@ CFLAGS=$save_CFLAGS
 LIBS=$save_LIBS
 LDFLAGS=$save_LDFLAGS
 
-echo "$as_me:15375: checking for an ANSI C-conforming const" >&5
+echo "$as_me:13881: checking for an ANSI C-conforming const" >&5
 echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
 if test "${ac_cv_c_const+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15381 "configure"
+#line 13887 "configure"
 #include "confdefs.h"
 
 int
@@ -15436,25 +13942,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15439: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15442: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15444: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15447: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13945: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_c_const=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_const=no
+  cat conftest.$ac_ext >&5
+  ac_cv_c_const=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15457: result: $ac_cv_c_const" >&5
+echo "$as_me:13954: result: $ac_cv_c_const" >&5
 echo "${ECHO_T}$ac_cv_c_const" >&6
 if test $ac_cv_c_const = no; then
 
@@ -15464,13 +13961,13 @@ EOF
 
 fi
 
-echo "$as_me:15467: checking for off_t" >&5
+echo "$as_me:13964: checking for off_t" >&5
 echo $ECHO_N "checking for off_t... $ECHO_C" >&6
 if test "${ac_cv_type_off_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15473 "configure"
+#line 13970 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -15485,25 +13982,16 @@ if (sizeof (off_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15488: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15491: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15493: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15496: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:13985: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_off_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_off_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_off_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15506: result: $ac_cv_type_off_t" >&5
+echo "$as_me:13994: result: $ac_cv_type_off_t" >&5
 echo "${ECHO_T}$ac_cv_type_off_t" >&6
 if test $ac_cv_type_off_t = yes; then
   :
@@ -15515,13 +14003,13 @@ EOF
 
 fi
 
-echo "$as_me:15518: checking for size_t" >&5
+echo "$as_me:14006: checking for size_t" >&5
 echo $ECHO_N "checking for size_t... $ECHO_C" >&6
 if test "${ac_cv_type_size_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15524 "configure"
+#line 14012 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -15536,25 +14024,16 @@ if (sizeof (size_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15539: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15542: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15544: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15547: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:14027: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_size_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_size_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_size_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15557: result: $ac_cv_type_size_t" >&5
+echo "$as_me:14036: result: $ac_cv_type_size_t" >&5
 echo "${ECHO_T}$ac_cv_type_size_t" >&6
 if test $ac_cv_type_size_t = yes; then
   :
@@ -15566,13 +14045,13 @@ EOF
 
 fi
 
-echo "$as_me:15569: checking for ssize_t" >&5
+echo "$as_me:14048: checking for ssize_t" >&5
 echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
 if test "${ac_cv_type_ssize_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15575 "configure"
+#line 14054 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -15590,7 +14069,7 @@ fi
 rm -f conftest*
 
 fi
-echo "$as_me:15593: result: $ac_cv_type_ssize_t" >&5
+echo "$as_me:14072: result: $ac_cv_type_ssize_t" >&5
 echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
 if test $ac_cv_type_ssize_t = no; then
 
@@ -15600,13 +14079,13 @@ EOF
 
 fi
 
-echo "$as_me:15603: checking for pid_t" >&5
+echo "$as_me:14082: checking for pid_t" >&5
 echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
 if test "${ac_cv_type_pid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15609 "configure"
+#line 14088 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -15621,25 +14100,16 @@ if (sizeof (pid_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15624: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15627: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15629: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15632: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:14103: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_pid_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_pid_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_pid_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15642: result: $ac_cv_type_pid_t" >&5
+echo "$as_me:14112: result: $ac_cv_type_pid_t" >&5
 echo "${ECHO_T}$ac_cv_type_pid_t" >&6
 if test $ac_cv_type_pid_t = yes; then
   :
@@ -15651,13 +14121,13 @@ EOF
 
 fi
 
-echo "$as_me:15654: checking for uid_t in sys/types.h" >&5
+echo "$as_me:14124: checking for uid_t in sys/types.h" >&5
 echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
 if test "${ac_cv_type_uid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15660 "configure"
+#line 14130 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 
@@ -15671,7 +14141,7 @@ fi
 rm -f conftest*
 
 fi
-echo "$as_me:15674: result: $ac_cv_type_uid_t" >&5
+echo "$as_me:14144: result: $ac_cv_type_uid_t" >&5
 echo "${ECHO_T}$ac_cv_type_uid_t" >&6
 if test $ac_cv_type_uid_t = no; then
 
@@ -15685,13 +14155,13 @@ EOF
 
 fi
 
-echo "$as_me:15688: checking for mode_t" >&5
+echo "$as_me:14158: checking for mode_t" >&5
 echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
 if test "${ac_cv_type_mode_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15694 "configure"
+#line 14164 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -15709,7 +14179,7 @@ fi
 rm -f conftest*
 
 fi
-echo "$as_me:15712: result: $ac_cv_type_mode_t" >&5
+echo "$as_me:14182: result: $ac_cv_type_mode_t" >&5
 echo "${ECHO_T}$ac_cv_type_mode_t" >&6
 if test $ac_cv_type_mode_t = no; then
 
@@ -15719,13 +14189,13 @@ EOF
 
 fi
 
-echo "$as_me:15722: checking for sig_atomic_t" >&5
+echo "$as_me:14192: checking for sig_atomic_t" >&5
 echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
 if test "${ac_cv_type_sig_atomic_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15728 "configure"
+#line 14198 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -15743,7 +14213,7 @@ fi
 rm -f conftest*
 
 fi
-echo "$as_me:15746: result: $ac_cv_type_sig_atomic_t" >&5
+echo "$as_me:14216: result: $ac_cv_type_sig_atomic_t" >&5
 echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
 if test $ac_cv_type_sig_atomic_t = no; then
 
@@ -15754,13 +14224,13 @@ EOF
 fi
 
 cv=`echo "long long" | sed 'y%./+- %__p__%'`
-echo "$as_me:15757: checking for long long" >&5
+echo "$as_me:14227: checking for long long" >&5
 echo $ECHO_N "checking for long long... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15763 "configure"
+#line 14233 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -15777,37 +14247,28 @@ long long foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15780: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15783: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15785: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15788: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:14250: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:15799: result: $ac_foo" >&5
+echo "$as_me:14260: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:15804: checking for long long" >&5
+	echo "$as_me:14265: checking for long long" >&5
 echo $ECHO_N "checking for long long... $ECHO_C" >&6
 if test "${ac_cv_type_long_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15810 "configure"
+#line 14271 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -15822,25 +14283,16 @@ if (sizeof (long long))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15825: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15828: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15830: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15833: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:14286: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_long_long=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_long_long=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15843: result: $ac_cv_type_long_long" >&5
+echo "$as_me:14295: result: $ac_cv_type_long_long" >&5
 echo "${ECHO_T}$ac_cv_type_long_long" >&6
 if test $ac_cv_type_long_long = yes; then
 
@@ -15858,13 +14310,13 @@ EOF
 
 fi
 
-echo "$as_me:15861: checking whether time.h and sys/time.h may both be included" >&5
+echo "$as_me:14313: checking whether time.h and sys/time.h may both be included" >&5
 echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
 if test "${ac_cv_header_time+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15867 "configure"
+#line 14319 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -15879,25 +14331,16 @@ struct tm *tp;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15882: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15885: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15887: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15890: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:14334: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_header_time=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_header_time=no
+  cat conftest.$ac_ext >&5
+  ac_cv_header_time=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15900: result: $ac_cv_header_time" >&5
+echo "$as_me:14343: result: $ac_cv_header_time" >&5
 echo "${ECHO_T}$ac_cv_header_time" >&6
 if test $ac_cv_header_time = yes; then
 
@@ -15907,13 +14350,13 @@ EOF
 
 fi
 
-echo "$as_me:15910: checking whether struct tm is in sys/time.h or time.h" >&5
+echo "$as_me:14353: checking whether struct tm is in sys/time.h or time.h" >&5
 echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
 if test "${ac_cv_struct_tm+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15916 "configure"
+#line 14359 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <time.h>
@@ -15927,25 +14370,16 @@ struct tm *tp; tp->tm_sec;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15930: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:15933: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:15935: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:15938: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:14373: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_struct_tm=time.h
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_tm=sys/time.h
+  cat conftest.$ac_ext >&5
+  ac_cv_struct_tm=sys/time.h
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:15948: result: $ac_cv_struct_tm" >&5
+echo "$as_me:14382: result: $ac_cv_struct_tm" >&5
 echo "${ECHO_T}$ac_cv_struct_tm" >&6
 if test $ac_cv_struct_tm = sys/time.h; then
 
@@ -15955,13 +14389,13 @@ EOF
 
 fi
 
-echo "$as_me:15958: checking for ANSI C header files" >&5
+echo "$as_me:14392: checking for ANSI C header files" >&5
 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
 if test "${ac_cv_header_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15964 "configure"
+#line 14398 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -15969,15 +14403,9 @@ else
 #include <float.h>
 
 _ACEOF
-if { (eval echo "$as_me:15972: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:15978: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:14407: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -15985,19 +14413,21 @@ if { (eval echo "$as_me:15972: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   ac_cv_header_stdc=yes
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   ac_cv_header_stdc=no
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
 
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
-#line 16000 "configure"
+#line 14430 "configure"
 #include "confdefs.h"
 #include <string.h>
 
@@ -16015,7 +14445,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
-#line 16018 "configure"
+#line 14448 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 
@@ -16036,7 +14466,7 @@ if test $ac_cv_header_stdc = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16039 "configure"
+#line 14469 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #if ((' ' & 0x0FF) == 0x020)
@@ -16062,15 +14492,10 @@ main ()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:16065: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16068: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:16069: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16072: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:14495: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -16078,11 +14503,13 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_header_stdc=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
 fi
-echo "$as_me:16085: result: $ac_cv_header_stdc" >&5
+echo "$as_me:14512: result: $ac_cv_header_stdc" >&5
 echo "${ECHO_T}$ac_cv_header_stdc" >&6
 if test $ac_cv_header_stdc = yes; then
 
@@ -16185,25 +14612,21 @@ for ac_header in \
 
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:16188: checking for $ac_header" >&5
+
+echo "$as_me:14616: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16194 "configure"
+#line 14622 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:16198: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:16204: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:14628: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -16211,16 +14634,19 @@ if { (eval echo "$as_me:16198: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:16223: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:14649: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -16233,25 +14659,21 @@ done
 for ac_header in standards.h
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:16236: checking for $ac_header" >&5
+
+echo "$as_me:14663: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16242 "configure"
+#line 14669 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:16246: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:16252: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:14675: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -16259,16 +14681,19 @@ if { (eval echo "$as_me:16246: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:16271: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:14696: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -16282,13 +14707,13 @@ for i in netinet/ip.h netinet/tcp.h; do
 
 cv=`echo "$i" | sed 'y%./+-%__p_%'`
 
-echo "$as_me:16285: checking for $i" >&5
+echo "$as_me:14710: checking for $i" >&5
 echo $ECHO_N "checking for $i... $ECHO_C" >&6
 if eval "test \"\${ac_cv_header_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16291 "configure"
+#line 14716 "configure"
 #include "confdefs.h"
 \
 #ifdef HAVE_STANDARDS_H
@@ -16297,15 +14722,9 @@ else
 #include <$i>
 
 _ACEOF
-if { (eval echo "$as_me:16300: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:16306: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:14726: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -16313,16 +14732,19 @@ if { (eval echo "$as_me:16300: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "ac_cv_header_$cv=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "ac_cv_header_$cv=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:16325: result: `eval echo '${'ac_cv_header_$cv'}'`" >&5
+echo "$as_me:14747: result: `eval echo '${'ac_cv_header_$cv'}'`" >&5
 echo "${ECHO_T}`eval echo '${'ac_cv_header_$cv'}'`" >&6
 ac_res=`eval echo \\$ac_cv_header_$cv`
 if test "$ac_res" = yes; then
@@ -16338,25 +14760,21 @@ if false;then
 for ac_header in netinet/ip.h netinet/tcp.h
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:16341: checking for $ac_header" >&5
+
+echo "$as_me:14764: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16347 "configure"
+#line 14770 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:16351: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:16357: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:14776: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -16364,16 +14782,19 @@ if { (eval echo "$as_me:16351: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:16376: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:14797: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -16423,19 +14844,20 @@ if test "$withval" = "no"; then
 	ac_cv_lib_ipv6=no
 fi
 fi;
+save_CFLAGS="${CFLAGS}"
 if test "${ac_cv_lib_ipv6+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   v6type=unknown
 v6lib=none
 
-echo "$as_me:16432: checking ipv6 stack type" >&5
+echo "$as_me:14854: checking ipv6 stack type" >&5
 echo $ECHO_N "checking ipv6 stack type... $ECHO_C" >&6
 for i in v6d toshiba kame inria zeta linux; do
 	case $i in
 	v6d)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16438 "configure"
+#line 14860 "configure"
 #include "confdefs.h"
 
 #include </usr/local/v6/include/sys/types.h>
@@ -16454,7 +14876,7 @@ rm -f conftest*
 		;;
 	toshiba)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16457 "configure"
+#line 14879 "configure"
 #include "confdefs.h"
 
 #include <sys/param.h>
@@ -16473,7 +14895,7 @@ rm -f conftest*
 		;;
 	kame)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16476 "configure"
+#line 14898 "configure"
 #include "confdefs.h"
 
 #include <netinet/in.h>
@@ -16492,7 +14914,7 @@ rm -f conftest*
 		;;
 	inria)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16495 "configure"
+#line 14917 "configure"
 #include "confdefs.h"
 
 #include <netinet/in.h>
@@ -16509,7 +14931,7 @@ rm -f conftest*
 		;;
 	zeta)
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16512 "configure"
+#line 14934 "configure"
 #include "confdefs.h"
 
 #include <sys/param.h>
@@ -16539,7 +14961,7 @@ rm -f conftest*
 		break
 	fi
 done
-echo "$as_me:16542: result: $v6type" >&5
+echo "$as_me:14964: result: $v6type" >&5
 echo "${ECHO_T}$v6type" >&6
 
 if test "$v6lib" != "none"; then
@@ -16551,7 +14973,7 @@ if test "$v6lib" != "none"; then
 	done
 fi
 cat >conftest.$ac_ext <<_ACEOF
-#line 16554 "configure"
+#line 14976 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -16586,28 +15008,19 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16589: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16592: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:16594: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16597: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15011: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_lib_ipv6=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipv6=no
+  cat conftest.$ac_ext >&5
+  ac_cv_lib_ipv6=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
 
-echo "$as_me:16608: checking for IPv6" >&5
+echo "$as_me:15021: checking for IPv6" >&5
 echo $ECHO_N "checking for IPv6... $ECHO_C" >&6
-echo "$as_me:16610: result: $ac_cv_lib_ipv6" >&5
+echo "$as_me:15023: result: $ac_cv_lib_ipv6" >&5
 echo "${ECHO_T}$ac_cv_lib_ipv6" >&6
 if test "$ac_cv_lib_ipv6" = yes; then
 
@@ -16615,9 +15028,11 @@ cat >>confdefs.h <<\EOF
 #define HAVE_IPV6 1
 EOF
 
+else
+  CFLAGS="${save_CFLAGS}"
 fi
 
-echo "$as_me:16620: checking for socket" >&5
+echo "$as_me:15035: checking for socket" >&5
 echo $ECHO_N "checking for socket... $ECHO_C" >&6
 if test "${ac_cv_funclib_socket+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -16633,7 +15048,7 @@ if eval "test \"\$ac_cv_func_socket\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16636 "configure"
+#line 15051 "configure"
 #include "confdefs.h"
 
 int
@@ -16645,20 +15060,11 @@ socket()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16648: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16651: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:16653: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16656: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15063: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -16675,13 +15081,13 @@ if false; then
 for ac_func in socket
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:16678: checking for $ac_func" >&5
+echo "$as_me:15084: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16684 "configure"
+#line 15090 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -16712,25 +15118,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16715: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16718: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:16720: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16723: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15121: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:16733: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:15130: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -16754,13 +15151,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:16757: result: yes" >&5
+	echo "$as_me:15154: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_socket=no"
 	eval "LIB_socket="
-	echo "$as_me:16763: result: no" >&5
+	echo "$as_me:15160: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -16774,7 +15171,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:16777: result: yes, in $ac_res" >&5
+	echo "$as_me:15174: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -16783,7 +15180,7 @@ if test -n "$LIB_socket"; then
 	LIBS="$LIB_socket $LIBS"
 fi
 
-echo "$as_me:16786: checking for gethostbyname" >&5
+echo "$as_me:15183: checking for gethostbyname" >&5
 echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
 if test "${ac_cv_funclib_gethostbyname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -16799,7 +15196,7 @@ if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16802 "configure"
+#line 15199 "configure"
 #include "confdefs.h"
 
 int
@@ -16811,20 +15208,11 @@ gethostbyname()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16814: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16817: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:16819: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16822: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15211: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -16841,13 +15229,13 @@ if false; then
 for ac_func in gethostbyname
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:16844: checking for $ac_func" >&5
+echo "$as_me:15232: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 16850 "configure"
+#line 15238 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -16878,25 +15266,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16881: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16884: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:16886: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16889: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15269: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:16899: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:15278: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -16920,13 +15299,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:16923: result: yes" >&5
+	echo "$as_me:15302: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_gethostbyname=no"
 	eval "LIB_gethostbyname="
-	echo "$as_me:16929: result: no" >&5
+	echo "$as_me:15308: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -16940,7 +15319,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:16943: result: yes, in $ac_res" >&5
+	echo "$as_me:15322: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -16949,7 +15328,7 @@ if test -n "$LIB_gethostbyname"; then
 	LIBS="$LIB_gethostbyname $LIBS"
 fi
 
-echo "$as_me:16952: checking for syslog" >&5
+echo "$as_me:15331: checking for syslog" >&5
 echo $ECHO_N "checking for syslog... $ECHO_C" >&6
 if test "${ac_cv_funclib_syslog+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -16965,7 +15344,7 @@ if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 16968 "configure"
+#line 15347 "configure"
 #include "confdefs.h"
 
 int
@@ -16977,20 +15356,11 @@ syslog()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16980: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16983: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:16985: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:16988: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15359: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -17007,13 +15377,13 @@ if false; then
 for ac_func in syslog
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:17010: checking for $ac_func" >&5
+echo "$as_me:15380: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17016 "configure"
+#line 15386 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -17044,25 +15414,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17047: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17050: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17052: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17055: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15417: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:17065: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:15426: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -17086,13 +15447,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:17089: result: yes" >&5
+	echo "$as_me:15450: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_syslog=no"
 	eval "LIB_syslog="
-	echo "$as_me:17095: result: no" >&5
+	echo "$as_me:15456: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -17106,7 +15467,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:17109: result: yes, in $ac_res" >&5
+	echo "$as_me:15470: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -17115,7 +15476,7 @@ if test -n "$LIB_syslog"; then
 	LIBS="$LIB_syslog $LIBS"
 fi
 
-echo "$as_me:17118: checking for logwtmp" >&5
+echo "$as_me:15479: checking for logwtmp" >&5
 echo $ECHO_N "checking for logwtmp... $ECHO_C" >&6
 if test "${ac_cv_funclib_logwtmp+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -17131,7 +15492,7 @@ if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 17134 "configure"
+#line 15495 "configure"
 #include "confdefs.h"
 
 int
@@ -17143,20 +15504,11 @@ logwtmp()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17146: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17149: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17151: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17154: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15507: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -17173,13 +15525,13 @@ if false; then
 for ac_func in logwtmp
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:17176: checking for $ac_func" >&5
+echo "$as_me:15528: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17182 "configure"
+#line 15534 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -17210,25 +15562,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17213: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17216: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17218: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17221: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15565: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:17231: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:15574: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -17252,13 +15595,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:17255: result: yes" >&5
+	echo "$as_me:15598: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_logwtmp=no"
 	eval "LIB_logwtmp="
-	echo "$as_me:17261: result: no" >&5
+	echo "$as_me:15604: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -17272,12 +15615,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:17275: result: yes, in $ac_res" >&5
+	echo "$as_me:15618: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:17280: checking for tgetent" >&5
+echo "$as_me:15623: checking for tgetent" >&5
 echo $ECHO_N "checking for tgetent... $ECHO_C" >&6
 if test "${ac_cv_funclib_tgetent+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -17293,7 +15636,7 @@ if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 17296 "configure"
+#line 15639 "configure"
 #include "confdefs.h"
 
 int
@@ -17305,20 +15648,11 @@ tgetent()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17308: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17311: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17313: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17316: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15651: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -17335,13 +15669,13 @@ if false; then
 for ac_func in tgetent
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:17338: checking for $ac_func" >&5
+echo "$as_me:15672: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17344 "configure"
+#line 15678 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -17372,25 +15706,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17375: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17378: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17380: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17383: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15709: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:17393: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:15718: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -17414,13 +15739,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:17417: result: yes" >&5
+	echo "$as_me:15742: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_tgetent=no"
 	eval "LIB_tgetent="
-	echo "$as_me:17423: result: no" >&5
+	echo "$as_me:15748: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -17434,12 +15759,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:17437: result: yes, in $ac_res" >&5
+	echo "$as_me:15762: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:17442: checking for gethostbyname2" >&5
+echo "$as_me:15767: checking for gethostbyname2" >&5
 echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6
 if test "${ac_cv_funclib_gethostbyname2+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -17455,7 +15780,7 @@ if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 17458 "configure"
+#line 15783 "configure"
 #include "confdefs.h"
 
 int
@@ -17467,20 +15792,11 @@ gethostbyname2()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17470: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17473: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17475: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17478: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15795: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -17497,13 +15813,13 @@ if false; then
 for ac_func in gethostbyname2
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:17500: checking for $ac_func" >&5
+echo "$as_me:15816: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17506 "configure"
+#line 15822 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -17534,25 +15850,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17537: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17540: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17542: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17545: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15853: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:17555: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:15862: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -17576,13 +15883,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:17579: result: yes" >&5
+	echo "$as_me:15886: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_gethostbyname2=no"
 	eval "LIB_gethostbyname2="
-	echo "$as_me:17585: result: no" >&5
+	echo "$as_me:15892: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -17596,7 +15903,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:17599: result: yes, in $ac_res" >&5
+	echo "$as_me:15906: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -17605,7 +15912,7 @@ if test -n "$LIB_gethostbyname2"; then
 	LIBS="$LIB_gethostbyname2 $LIBS"
 fi
 
-echo "$as_me:17608: checking for res_search" >&5
+echo "$as_me:15915: checking for res_search" >&5
 echo $ECHO_N "checking for res_search... $ECHO_C" >&6
 if test "${ac_cv_funclib_res_search+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -17621,7 +15928,7 @@ if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 17624 "configure"
+#line 15931 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -17647,20 +15954,11 @@ res_search(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17650: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17653: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17655: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17658: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:15957: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -17677,13 +15975,13 @@ if false; then
 for ac_func in res_search
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:17680: checking for $ac_func" >&5
+echo "$as_me:15978: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17686 "configure"
+#line 15984 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -17714,25 +16012,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17717: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17720: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17722: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17725: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16015: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:17735: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:16024: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -17756,13 +16045,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:17759: result: yes" >&5
+	echo "$as_me:16048: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_res_search=no"
 	eval "LIB_res_search="
-	echo "$as_me:17765: result: no" >&5
+	echo "$as_me:16054: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -17776,7 +16065,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:17779: result: yes, in $ac_res" >&5
+	echo "$as_me:16068: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -17785,7 +16074,7 @@ if test -n "$LIB_res_search"; then
 	LIBS="$LIB_res_search $LIBS"
 fi
 
-echo "$as_me:17788: checking for dn_expand" >&5
+echo "$as_me:16077: checking for dn_expand" >&5
 echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6
 if test "${ac_cv_funclib_dn_expand+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -17801,7 +16090,7 @@ if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 17804 "configure"
+#line 16093 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -17827,20 +16116,11 @@ dn_expand(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17830: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17833: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17835: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17838: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16119: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -17857,13 +16137,13 @@ if false; then
 for ac_func in dn_expand
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:17860: checking for $ac_func" >&5
+echo "$as_me:16140: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17866 "configure"
+#line 16146 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -17894,25 +16174,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17897: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17900: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:17902: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17905: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16177: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:17915: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:16186: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -17936,13 +16207,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:17939: result: yes" >&5
+	echo "$as_me:16210: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_dn_expand=no"
 	eval "LIB_dn_expand="
-	echo "$as_me:17945: result: no" >&5
+	echo "$as_me:16216: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -17956,7 +16227,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:17959: result: yes, in $ac_res" >&5
+	echo "$as_me:16230: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -17965,7 +16236,7 @@ if test -n "$LIB_dn_expand"; then
 	LIBS="$LIB_dn_expand $LIBS"
 fi
 
-echo "$as_me:17968: checking for working snprintf" >&5
+echo "$as_me:16239: checking for working snprintf" >&5
 echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6
 if test "${ac_cv_func_snprintf_working+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -17975,7 +16246,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 17978 "configure"
+#line 16249 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -17988,15 +16259,10 @@ int main()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:17991: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17994: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:17995: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:17998: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:16262: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -18004,10 +16270,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_snprintf_working=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
-echo "$as_me:18010: result: $ac_cv_func_snprintf_working" >&5
+echo "$as_me:16278: result: $ac_cv_func_snprintf_working" >&5
 echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6
 
 if test "$ac_cv_func_snprintf_working" = yes; then
@@ -18020,13 +16288,13 @@ fi
 if test "$ac_cv_func_snprintf_working" = yes; then
 
 if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
-echo "$as_me:18023: checking if snprintf needs a prototype" >&5
+echo "$as_me:16291: checking if snprintf needs a prototype" >&5
 echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_snprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18029 "configure"
+#line 16297 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int
@@ -18041,25 +16309,16 @@ snprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:18044: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:18047: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18049: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:18052: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16312: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_snprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_snprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_snprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:18062: result: $ac_cv_func_snprintf_noproto" >&5
+echo "$as_me:16321: result: $ac_cv_func_snprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6
 
 if test "$ac_cv_func_snprintf_noproto" = yes; then
@@ -18074,7 +16333,7 @@ fi
 
 fi
 
-echo "$as_me:18077: checking for working vsnprintf" >&5
+echo "$as_me:16336: checking for working vsnprintf" >&5
 echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6
 if test "${ac_cv_func_vsnprintf_working+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -18084,7 +16343,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18087 "configure"
+#line 16346 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -18107,15 +16366,10 @@ int main()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:18110: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18113: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:18114: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18117: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:16369: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -18123,10 +16377,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_vsnprintf_working=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
-echo "$as_me:18129: result: $ac_cv_func_vsnprintf_working" >&5
+echo "$as_me:16385: result: $ac_cv_func_vsnprintf_working" >&5
 echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6
 
 if test "$ac_cv_func_vsnprintf_working" = yes; then
@@ -18139,13 +16395,13 @@ fi
 if test "$ac_cv_func_vsnprintf_working" = yes; then
 
 if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then
-echo "$as_me:18142: checking if vsnprintf needs a prototype" >&5
+echo "$as_me:16398: checking if vsnprintf needs a prototype" >&5
 echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6
 if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18148 "configure"
+#line 16404 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int
@@ -18160,25 +16416,16 @@ vsnprintf(&xx);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:18163: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:18166: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18168: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:18171: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16419: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_func_vsnprintf_noproto=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vsnprintf_noproto=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_func_vsnprintf_noproto=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:18181: result: $ac_cv_func_vsnprintf_noproto" >&5
+echo "$as_me:16428: result: $ac_cv_func_vsnprintf_noproto" >&5
 echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6
 
 if test "$ac_cv_func_vsnprintf_noproto" = yes; then
@@ -18228,13 +16475,13 @@ for ac_func in 				\
 
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:18231: checking for $ac_func" >&5
+echo "$as_me:16478: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18237 "configure"
+#line 16484 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -18265,25 +16512,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18268: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18271: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18273: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18276: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16515: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:18286: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:16524: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -18296,25 +16534,21 @@ done
 for ac_header in capability.h sys/capability.h
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:18299: checking for $ac_header" >&5
+
+echo "$as_me:16538: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18305 "configure"
+#line 16544 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:18309: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:18315: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:16550: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -18322,16 +16556,19 @@ if { (eval echo "$as_me:18309: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:18334: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:16571: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -18344,13 +16581,13 @@ done
 for ac_func in sgi_getcapabilitybyname cap_set_proc
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:18347: checking for $ac_func" >&5
+echo "$as_me:16584: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18353 "configure"
+#line 16590 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -18381,25 +16618,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18384: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18387: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18389: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18392: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16621: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:18402: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:16630: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -18409,7 +16637,7 @@ EOF
 fi
 done
 
-echo "$as_me:18412: checking for getpwnam_r" >&5
+echo "$as_me:16640: checking for getpwnam_r" >&5
 echo $ECHO_N "checking for getpwnam_r... $ECHO_C" >&6
 if test "${ac_cv_funclib_getpwnam_r+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -18425,7 +16653,7 @@ if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 18428 "configure"
+#line 16656 "configure"
 #include "confdefs.h"
 
 int
@@ -18437,20 +16665,11 @@ getpwnam_r()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18440: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18443: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18445: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18448: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16668: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -18467,13 +16686,13 @@ if false; then
 for ac_func in getpwnam_r
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:18470: checking for $ac_func" >&5
+echo "$as_me:16689: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18476 "configure"
+#line 16695 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -18504,25 +16723,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18507: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18510: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18512: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18515: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16726: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:18525: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:16735: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -18546,13 +16756,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:18549: result: yes" >&5
+	echo "$as_me:16759: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_getpwnam_r=no"
 	eval "LIB_getpwnam_r="
-	echo "$as_me:18555: result: no" >&5
+	echo "$as_me:16765: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -18566,13 +16776,13 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:18569: result: yes, in $ac_res" >&5
+	echo "$as_me:16779: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
 if test "$ac_cv_func_getpwnam_r" = yes; then
-	echo "$as_me:18575: checking if getpwnam_r is posix" >&5
+	echo "$as_me:16785: checking if getpwnam_r is posix" >&5
 echo $ECHO_N "checking if getpwnam_r is posix... $ECHO_C" >&6
 if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -18583,7 +16793,7 @@ else
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18586 "configure"
+#line 16796 "configure"
 #include "confdefs.h"
 
 #include <pwd.h>
@@ -18595,15 +16805,10 @@ int main()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:18598: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18601: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:18602: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18605: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:16808: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   ac_cv_func_getpwnam_r_posix=yes
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -18611,11 +16816,13 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_getpwnam_r_posix=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 LIBS="$ac_libs"
 fi
-echo "$as_me:18618: result: $ac_cv_func_getpwnam_r_posix" >&5
+echo "$as_me:16825: result: $ac_cv_func_getpwnam_r_posix" >&5
 echo "${ECHO_T}$ac_cv_func_getpwnam_r_posix" >&6
 if test "$ac_cv_func_getpwnam_r_posix" = yes; then
 
@@ -18626,7 +16833,7 @@ EOF
 fi
 fi
 
-echo "$as_me:18629: checking for getsockopt" >&5
+echo "$as_me:16836: checking for getsockopt" >&5
 echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6
 if test "${ac_cv_funclib_getsockopt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -18642,7 +16849,7 @@ if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 18645 "configure"
+#line 16852 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -18659,20 +16866,11 @@ getsockopt(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18662: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18665: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18667: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18670: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16869: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -18689,13 +16887,13 @@ if false; then
 for ac_func in getsockopt
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:18692: checking for $ac_func" >&5
+echo "$as_me:16890: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18698 "configure"
+#line 16896 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -18726,25 +16924,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18729: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18732: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18734: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18737: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:16927: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:18747: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:16936: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -18768,13 +16957,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:18771: result: yes" >&5
+	echo "$as_me:16960: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_getsockopt=no"
 	eval "LIB_getsockopt="
-	echo "$as_me:18777: result: no" >&5
+	echo "$as_me:16966: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -18788,12 +16977,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:18791: result: yes, in $ac_res" >&5
+	echo "$as_me:16980: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:18796: checking for setsockopt" >&5
+echo "$as_me:16985: checking for setsockopt" >&5
 echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6
 if test "${ac_cv_funclib_setsockopt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -18809,7 +16998,7 @@ if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
 		fi
 		LIBS=" $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 18812 "configure"
+#line 17001 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -18826,20 +17015,11 @@ setsockopt(0,0,0,0,0)
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18829: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18832: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18834: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18837: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17018: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -18856,13 +17036,13 @@ if false; then
 for ac_func in setsockopt
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:18859: checking for $ac_func" >&5
+echo "$as_me:17039: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18865 "configure"
+#line 17045 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -18893,25 +17073,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18896: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18899: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:18901: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:18904: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17076: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:18914: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:17085: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -18935,13 +17106,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:18938: result: yes" >&5
+	echo "$as_me:17109: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_setsockopt=no"
 	eval "LIB_setsockopt="
-	echo "$as_me:18944: result: no" >&5
+	echo "$as_me:17115: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -18955,7 +17126,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:18958: result: yes, in $ac_res" >&5
+	echo "$as_me:17129: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -18963,13 +17134,13 @@ esac
 for ac_func in getudbnam setlim
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:18966: checking for $ac_func" >&5
+echo "$as_me:17137: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 18972 "configure"
+#line 17143 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -19000,25 +17171,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19003: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19006: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19008: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:19011: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17174: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:19021: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:17183: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -19028,13 +17190,13 @@ EOF
 fi
 done
 
-echo "$as_me:19031: checking return type of signal handlers" >&5
+echo "$as_me:17193: checking return type of signal handlers" >&5
 echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
 if test "${ac_cv_type_signal+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19037 "configure"
+#line 17199 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -19056,25 +17218,16 @@ int i;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19059: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19062: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19064: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19067: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17221: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_signal=void
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_signal=int
+  cat conftest.$ac_ext >&5
+  ac_cv_type_signal=int
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19077: result: $ac_cv_type_signal" >&5
+echo "$as_me:17230: result: $ac_cv_type_signal" >&5
 echo "${ECHO_T}$ac_cv_type_signal" >&6
 
 cat >>confdefs.h <<EOF
@@ -19089,7 +17242,7 @@ EOF
 
 fi
 
-echo "$as_me:19092: checking if realloc if broken" >&5
+echo "$as_me:17245: checking if realloc if broken" >&5
 echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6
 if test "${ac_cv_func_realloc_broken+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -19100,7 +17253,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19103 "configure"
+#line 17256 "configure"
 #include "confdefs.h"
 
 #include <stddef.h>
@@ -19113,15 +17266,10 @@ int main()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:19116: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19119: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:19120: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:19123: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:17269: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   :
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -19129,11 +17277,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_realloc_broken=yes
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
 
 fi
-echo "$as_me:19136: result: $ac_cv_func_realloc_broken" >&5
+echo "$as_me:17285: result: $ac_cv_func_realloc_broken" >&5
 echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6
 if test "$ac_cv_func_realloc_broken" = yes ; then
 
@@ -19143,14 +17292,14 @@ EOF
 
 fi
 
-echo "$as_me:19146: checking for ut_addr in struct utmp" >&5
+echo "$as_me:17295: checking for ut_addr in struct utmp" >&5
 echo $ECHO_N "checking for ut_addr in struct utmp... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19153 "configure"
+#line 17302 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 int
@@ -19162,25 +17311,16 @@ struct utmp x; x.ut_addr;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19165: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19168: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19170: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19173: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17314: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmp_ut_addr=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_addr=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmp_ut_addr=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19183: result: $ac_cv_type_struct_utmp_ut_addr" >&5
+echo "$as_me:17323: result: $ac_cv_type_struct_utmp_ut_addr" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_addr" >&6
 if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
 
@@ -19190,14 +17330,14 @@ EOF
 
 fi
 
-echo "$as_me:19193: checking for ut_host in struct utmp" >&5
+echo "$as_me:17333: checking for ut_host in struct utmp" >&5
 echo $ECHO_N "checking for ut_host in struct utmp... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19200 "configure"
+#line 17340 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 int
@@ -19209,25 +17349,16 @@ struct utmp x; x.ut_host;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19212: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19215: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19217: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19220: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17352: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmp_ut_host=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_host=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmp_ut_host=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19230: result: $ac_cv_type_struct_utmp_ut_host" >&5
+echo "$as_me:17361: result: $ac_cv_type_struct_utmp_ut_host" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_host" >&6
 if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
 
@@ -19237,14 +17368,14 @@ EOF
 
 fi
 
-echo "$as_me:19240: checking for ut_id in struct utmp" >&5
+echo "$as_me:17371: checking for ut_id in struct utmp" >&5
 echo $ECHO_N "checking for ut_id in struct utmp... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19247 "configure"
+#line 17378 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 int
@@ -19256,25 +17387,16 @@ struct utmp x; x.ut_id;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19259: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19262: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19264: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19267: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17390: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmp_ut_id=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_id=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmp_ut_id=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19277: result: $ac_cv_type_struct_utmp_ut_id" >&5
+echo "$as_me:17399: result: $ac_cv_type_struct_utmp_ut_id" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_id" >&6
 if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
 
@@ -19284,14 +17406,14 @@ EOF
 
 fi
 
-echo "$as_me:19287: checking for ut_pid in struct utmp" >&5
+echo "$as_me:17409: checking for ut_pid in struct utmp" >&5
 echo $ECHO_N "checking for ut_pid in struct utmp... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19294 "configure"
+#line 17416 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 int
@@ -19303,25 +17425,16 @@ struct utmp x; x.ut_pid;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19306: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19309: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19311: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19314: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17428: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmp_ut_pid=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_pid=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmp_ut_pid=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19324: result: $ac_cv_type_struct_utmp_ut_pid" >&5
+echo "$as_me:17437: result: $ac_cv_type_struct_utmp_ut_pid" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_pid" >&6
 if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
 
@@ -19331,14 +17444,14 @@ EOF
 
 fi
 
-echo "$as_me:19334: checking for ut_type in struct utmp" >&5
+echo "$as_me:17447: checking for ut_type in struct utmp" >&5
 echo $ECHO_N "checking for ut_type in struct utmp... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19341 "configure"
+#line 17454 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 int
@@ -19350,25 +17463,16 @@ struct utmp x; x.ut_type;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19353: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19356: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19358: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19361: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17466: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmp_ut_type=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_type=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmp_ut_type=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19371: result: $ac_cv_type_struct_utmp_ut_type" >&5
+echo "$as_me:17475: result: $ac_cv_type_struct_utmp_ut_type" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_type" >&6
 if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
 
@@ -19378,14 +17482,14 @@ EOF
 
 fi
 
-echo "$as_me:19381: checking for ut_user in struct utmp" >&5
+echo "$as_me:17485: checking for ut_user in struct utmp" >&5
 echo $ECHO_N "checking for ut_user in struct utmp... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19388 "configure"
+#line 17492 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 int
@@ -19397,25 +17501,16 @@ struct utmp x; x.ut_user;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19400: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19403: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19405: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19408: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17504: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmp_ut_user=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_user=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmp_ut_user=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19418: result: $ac_cv_type_struct_utmp_ut_user" >&5
+echo "$as_me:17513: result: $ac_cv_type_struct_utmp_ut_user" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_user" >&6
 if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
 
@@ -19425,14 +17520,14 @@ EOF
 
 fi
 
-echo "$as_me:19428: checking for ut_exit in struct utmpx" >&5
+echo "$as_me:17523: checking for ut_exit in struct utmpx" >&5
 echo $ECHO_N "checking for ut_exit in struct utmpx... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19435 "configure"
+#line 17530 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 int
@@ -19444,25 +17539,16 @@ struct utmpx x; x.ut_exit;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19447: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19450: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19452: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19455: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17542: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmpx_ut_exit=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmpx_ut_exit=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmpx_ut_exit=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19465: result: $ac_cv_type_struct_utmpx_ut_exit" >&5
+echo "$as_me:17551: result: $ac_cv_type_struct_utmpx_ut_exit" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_exit" >&6
 if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
 
@@ -19472,14 +17558,14 @@ EOF
 
 fi
 
-echo "$as_me:19475: checking for ut_syslen in struct utmpx" >&5
+echo "$as_me:17561: checking for ut_syslen in struct utmpx" >&5
 echo $ECHO_N "checking for ut_syslen in struct utmpx... $ECHO_C" >&6
 if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19482 "configure"
+#line 17568 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 int
@@ -19491,25 +17577,16 @@ struct utmpx x; x.ut_syslen;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19494: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19497: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19499: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19502: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17580: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_utmpx_ut_syslen=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmpx_ut_syslen=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_utmpx_ut_syslen=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19512: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5
+echo "$as_me:17589: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5
 echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_syslen" >&6
 if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
 
@@ -19519,14 +17596,14 @@ EOF
 
 fi
 
-echo "$as_me:19522: checking for tm_gmtoff in struct tm" >&5
+echo "$as_me:17599: checking for tm_gmtoff in struct tm" >&5
 echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6
 if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19529 "configure"
+#line 17606 "configure"
 #include "confdefs.h"
 #include <time.h>
 int
@@ -19538,25 +17615,16 @@ struct tm x; x.tm_gmtoff;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19541: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19544: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19546: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19549: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17618: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_tm_tm_gmtoff=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_gmtoff=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_tm_tm_gmtoff=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19559: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
+echo "$as_me:17627: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
 echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6
 if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
 
@@ -19566,14 +17634,14 @@ EOF
 
 fi
 
-echo "$as_me:19569: checking for tm_zone in struct tm" >&5
+echo "$as_me:17637: checking for tm_zone in struct tm" >&5
 echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6
 if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19576 "configure"
+#line 17644 "configure"
 #include "confdefs.h"
 #include <time.h>
 int
@@ -19585,25 +17653,16 @@ struct tm x; x.tm_zone;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19588: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19591: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19593: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19596: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17656: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_tm_tm_zone=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_zone=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_tm_tm_zone=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19606: result: $ac_cv_type_struct_tm_tm_zone" >&5
+echo "$as_me:17665: result: $ac_cv_type_struct_tm_tm_zone" >&5
 echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6
 if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
 
@@ -19613,14 +17672,14 @@ EOF
 
 fi
 
-echo "$as_me:19616: checking for timezone" >&5
+echo "$as_me:17675: checking for timezone" >&5
 echo $ECHO_N "checking for timezone... $ECHO_C" >&6
 if test "${ac_cv_var_timezone+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19623 "configure"
+#line 17682 "configure"
 #include "confdefs.h"
 extern int timezone;
 int foo() { return timezone; }
@@ -19633,28 +17692,19 @@ foo()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19636: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19639: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19641: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:19644: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17695: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_var_timezone=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_timezone=no
+  cat conftest.$ac_ext >&5
+  ac_cv_var_timezone=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 
 fi
 
 ac_foo=`eval echo \\$ac_cv_var_timezone`
-echo "$as_me:19657: result: $ac_foo" >&5
+echo "$as_me:17707: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
 
@@ -19662,14 +17712,14 @@ cat >>confdefs.h <<EOF
 #define HAVE_TIMEZONE 1
 EOF
 
-echo "$as_me:19665: checking if timezone is properly declared" >&5
+echo "$as_me:17715: checking if timezone is properly declared" >&5
 echo $ECHO_N "checking if timezone is properly declared... $ECHO_C" >&6
 if test "${ac_cv_var_timezone_declaration+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 19672 "configure"
+#line 17722 "configure"
 #include "confdefs.h"
 #include <time.h>
 extern struct { int foo; } timezone;
@@ -19682,27 +17732,18 @@ timezone.foo = 1;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19685: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19688: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19690: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19693: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17735: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_var_timezone_declaration=no"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_timezone_declaration=yes"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_var_timezone_declaration=yes"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:19705: result: $ac_cv_var_timezone_declaration" >&5
+echo "$as_me:17746: result: $ac_cv_var_timezone_declaration" >&5
 echo "${ECHO_T}$ac_cv_var_timezone_declaration" >&6
 if eval "test \"\$ac_cv_var_timezone_declaration\" = yes"; then
 
@@ -19715,13 +17756,13 @@ fi
 fi
 
 cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:19718: checking for sa_family_t" >&5
+echo "$as_me:17759: checking for sa_family_t" >&5
 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19724 "configure"
+#line 17765 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -19738,37 +17779,28 @@ sa_family_t foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19741: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19744: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19746: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19749: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17782: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:19760: result: $ac_foo" >&5
+echo "$as_me:17792: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:19765: checking for sa_family_t" >&5
+	echo "$as_me:17797: checking for sa_family_t" >&5
 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
 if test "${ac_cv_type_sa_family_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19771 "configure"
+#line 17803 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -19783,25 +17815,16 @@ if (sizeof (sa_family_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19786: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19789: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19791: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19794: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17818: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_sa_family_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_sa_family_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_sa_family_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19804: result: $ac_cv_type_sa_family_t" >&5
+echo "$as_me:17827: result: $ac_cv_type_sa_family_t" >&5
 echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6
 if test $ac_cv_type_sa_family_t = yes; then
 
@@ -19820,13 +17843,13 @@ EOF
 fi
 
 cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:19823: checking for socklen_t" >&5
+echo "$as_me:17846: checking for socklen_t" >&5
 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19829 "configure"
+#line 17852 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -19843,37 +17866,28 @@ socklen_t foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19846: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19849: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19851: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19854: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17869: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:19865: result: $ac_foo" >&5
+echo "$as_me:17879: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:19870: checking for socklen_t" >&5
+	echo "$as_me:17884: checking for socklen_t" >&5
 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
 if test "${ac_cv_type_socklen_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19876 "configure"
+#line 17890 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -19888,25 +17902,16 @@ if (sizeof (socklen_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19891: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19894: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19896: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19899: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17905: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_socklen_t=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_socklen_t=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_socklen_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:19909: result: $ac_cv_type_socklen_t" >&5
+echo "$as_me:17914: result: $ac_cv_type_socklen_t" >&5
 echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
 if test $ac_cv_type_socklen_t = yes; then
 
@@ -19925,13 +17930,13 @@ EOF
 fi
 
 cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'`
-echo "$as_me:19928: checking for struct sockaddr" >&5
+echo "$as_me:17933: checking for struct sockaddr" >&5
 echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19934 "configure"
+#line 17939 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -19948,37 +17953,28 @@ struct sockaddr foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19951: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19954: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:19956: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:19959: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17956: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:19970: result: $ac_foo" >&5
+echo "$as_me:17966: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:19975: checking for struct sockaddr" >&5
+	echo "$as_me:17971: checking for struct sockaddr" >&5
 echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
 if test "${ac_cv_type_struct_sockaddr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 19981 "configure"
+#line 17977 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -19993,25 +17989,16 @@ if (sizeof (struct sockaddr))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:19996: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:19999: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20001: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20004: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:17992: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_sockaddr=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_sockaddr=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:20014: result: $ac_cv_type_struct_sockaddr" >&5
+echo "$as_me:18001: result: $ac_cv_type_struct_sockaddr" >&5
 echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6
 if test $ac_cv_type_struct_sockaddr = yes; then
 
@@ -20030,13 +18017,13 @@ EOF
 fi
 
 cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
-echo "$as_me:20033: checking for struct sockaddr_storage" >&5
+echo "$as_me:18020: checking for struct sockaddr_storage" >&5
 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20039 "configure"
+#line 18026 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -20053,37 +18040,28 @@ struct sockaddr_storage foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20056: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20059: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20061: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20064: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18043: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:20075: result: $ac_foo" >&5
+echo "$as_me:18053: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:20080: checking for struct sockaddr_storage" >&5
+	echo "$as_me:18058: checking for struct sockaddr_storage" >&5
 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
 if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20086 "configure"
+#line 18064 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -20098,25 +18076,16 @@ if (sizeof (struct sockaddr_storage))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20101: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20104: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20106: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20109: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18079: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_sockaddr_storage=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_storage=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_sockaddr_storage=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:20119: result: $ac_cv_type_struct_sockaddr_storage" >&5
+echo "$as_me:18088: result: $ac_cv_type_struct_sockaddr_storage" >&5
 echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6
 if test $ac_cv_type_struct_sockaddr_storage = yes; then
 
@@ -20135,13 +18104,13 @@ EOF
 fi
 
 cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'`
-echo "$as_me:20138: checking for struct addrinfo" >&5
+echo "$as_me:18107: checking for struct addrinfo" >&5
 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
 if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20144 "configure"
+#line 18113 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -20158,37 +18127,28 @@ struct addrinfo foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20161: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20164: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20166: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20169: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18130: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval "ac_cv_type_$cv=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
+  cat conftest.$ac_ext >&5
+  eval "ac_cv_type_$cv=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:20180: result: $ac_foo" >&5
+echo "$as_me:18140: result: $ac_foo" >&5
 echo "${ECHO_T}$ac_foo" >&6
 if test "$ac_foo" = yes; then
   ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
 if false; then
-	echo "$as_me:20185: checking for struct addrinfo" >&5
+	echo "$as_me:18145: checking for struct addrinfo" >&5
 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
 if test "${ac_cv_type_struct_addrinfo+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20191 "configure"
+#line 18151 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -20203,25 +18163,16 @@ if (sizeof (struct addrinfo))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20206: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20209: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20211: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20214: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18166: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_addrinfo=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_addrinfo=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_addrinfo=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:20224: result: $ac_cv_type_struct_addrinfo" >&5
+echo "$as_me:18175: result: $ac_cv_type_struct_addrinfo" >&5
 echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6
 if test $ac_cv_type_struct_addrinfo = yes; then
 
@@ -20239,7 +18190,7 @@ EOF
 
 fi
 
-echo "$as_me:20242: checking for struct winsize" >&5
+echo "$as_me:18193: checking for struct winsize" >&5
 echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6
 if test "${ac_cv_struct_winsize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -20248,7 +18199,7 @@ else
 ac_cv_struct_winsize=no
 for i in sys/termios.h sys/ioctl.h; do
 cat >conftest.$ac_ext <<_ACEOF
-#line 20251 "configure"
+#line 18202 "configure"
 #include "confdefs.h"
 #include <$i>
 
@@ -20269,10 +18220,10 @@ cat >>confdefs.h <<\EOF
 EOF
 
 fi
-echo "$as_me:20272: result: $ac_cv_struct_winsize" >&5
+echo "$as_me:18223: result: $ac_cv_struct_winsize" >&5
 echo "${ECHO_T}$ac_cv_struct_winsize" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 20275 "configure"
+#line 18226 "configure"
 #include "confdefs.h"
 #include <termios.h>
 
@@ -20288,7 +18239,7 @@ fi
 rm -f conftest*
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 20291 "configure"
+#line 18242 "configure"
 #include "confdefs.h"
 #include <termios.h>
 
@@ -20303,14 +18254,14 @@ EOF
 fi
 rm -f conftest*
 
-echo "$as_me:20306: checking for struct spwd" >&5
+echo "$as_me:18257: checking for struct spwd" >&5
 echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6
 if test "${ac_cv_struct_spwd+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 20313 "configure"
+#line 18264 "configure"
 #include "confdefs.h"
 #include <pwd.h>
 #ifdef HAVE_SHADOW_H
@@ -20325,27 +18276,18 @@ struct spwd foo;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20328: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20331: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20333: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20336: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18279: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_struct_spwd=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_spwd=no
+  cat conftest.$ac_ext >&5
+  ac_cv_struct_spwd=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
 
-echo "$as_me:20348: result: $ac_cv_struct_spwd" >&5
+echo "$as_me:18290: result: $ac_cv_struct_spwd" >&5
 echo "${ECHO_T}$ac_cv_struct_spwd" >&6
 
 if test "$ac_cv_struct_spwd" = "yes"; then
@@ -20356,14 +18298,14 @@ EOF
 
 fi
 
-echo "$as_me:20359: checking for sa_len in struct sockaddr" >&5
+echo "$as_me:18301: checking for sa_len in struct sockaddr" >&5
 echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6
 if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 20366 "configure"
+#line 18308 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -20376,25 +18318,16 @@ struct sockaddr x; x.sa_len;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20379: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20382: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20384: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20387: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18321: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_type_struct_sockaddr_sa_len=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_sa_len=no
+  cat conftest.$ac_ext >&5
+  ac_cv_type_struct_sockaddr_sa_len=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:20397: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
+echo "$as_me:18330: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
 echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6
 if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
 
@@ -20407,14 +18340,14 @@ fi
 for i in int8_t int16_t int32_t int64_t \
 	u_int8_t u_int16_t u_int32_t u_int64_t \
 	uint8_t uint16_t uint32_t uint64_t; do
-	echo "$as_me:20410: checking for $i" >&5
+	echo "$as_me:18343: checking for $i" >&5
 echo $ECHO_N "checking for $i... $ECHO_C" >&6
 
 if eval "test \"\${ac_cv_type_$i+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20417 "configure"
+#line 18350 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_INTTYPES_H
@@ -20443,21 +18376,12 @@ $i x;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20446: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20449: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20451: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:20454: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18379: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   eval ac_cv_type_$i=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval ac_cv_type_$i=no
+  cat conftest.$ac_ext >&5
+  eval ac_cv_type_$i=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
@@ -20470,7 +18394,7 @@ fi
 EOF
 
 	fi
-	echo "$as_me:20473: result: $ac_res" >&5
+	echo "$as_me:18397: result: $ac_res" >&5
 echo "${ECHO_T}$ac_res" >&6
 done
 
@@ -20483,25 +18407,21 @@ for ac_header in 				\
 
 do
 ac_ac_Header=`echo "ac_cv_header_$ac_header" | $ac_tr_sh`
-echo "$as_me:20486: checking for $ac_header" >&5
+
+echo "$as_me:18411: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20492 "configure"
+#line 18417 "configure"
 #include "confdefs.h"
 #include <$ac_header>
+
 _ACEOF
-if { (eval echo "$as_me:20496: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
-  (eval $ac_cpp conftest.$ac_ext >/dev/null) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:20502: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  if test -s conftest.err; then
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.err"
+if { (eval echo $as_me:18423: \"$ac_try\") >&5; (eval $ac_try) 2>&5; }; then
+  if egrep -v '^ *\+' conftest.err | grep . >/dev/null; then
     ac_cpp_err=$ac_c_preproc_warn_flag
   else
     ac_cpp_err=
@@ -20509,16 +18429,19 @@ if { (eval echo "$as_me:20496: \"$ac_cpp conftest.$ac_ext >/dev/null\"") >&5
 else
   ac_cpp_err=yes
 fi
+
 if test -z "$ac_cpp_err"; then
   eval "$ac_ac_Header=yes"
 else
+  cat conftest.err >&5
   echo "$as_me: failed program was:" >&5
   cat conftest.$ac_ext >&5
   eval "$ac_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest*
+
 fi
-echo "$as_me:20521: result: `eval echo '${'$ac_ac_Header'}'`" >&5
+echo "$as_me:18444: result: `eval echo '${'$ac_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_Header'}'`" >&6
 if test `eval echo '${'$ac_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -20528,7 +18451,7 @@ EOF
 fi
 done
 
-echo "$as_me:20531: checking for MD4_Init" >&5
+echo "$as_me:18454: checking for MD4_Init" >&5
 echo $ECHO_N "checking for MD4_Init... $ECHO_C" >&6
 if test "${ac_cv_funclib_MD4_Init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -20542,9 +18465,9 @@ if eval "test \"\$ac_cv_func_MD4_Init\" != yes" ; then
 		else
 			ac_lib=""
 		fi
-		LIBS="$LIB_krb4 $ac_lib  $ac_save_LIBS"
+		LIBS="$test_LIB_krb4 $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 20547 "configure"
+#line 18470 "configure"
 #include "confdefs.h"
 
 int
@@ -20556,20 +18479,11 @@ MD4_Init()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20559: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20562: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20564: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:20567: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18482: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_MD4_Init=$ac_lib; else ac_cv_funclib_MD4_Init=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -20586,13 +18500,13 @@ if false; then
 for ac_func in MD4_Init
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:20589: checking for $ac_func" >&5
+echo "$as_me:18503: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20595 "configure"
+#line 18509 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -20623,25 +18537,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20626: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20629: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20631: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:20634: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18540: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:20644: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:18549: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -20665,13 +18570,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:20668: result: yes" >&5
+	echo "$as_me:18573: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_MD4_Init=no"
 	eval "LIB_MD4_Init="
-	echo "$as_me:20674: result: no" >&5
+	echo "$as_me:18579: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -20685,12 +18590,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:20688: result: yes, in $ac_res" >&5
+	echo "$as_me:18593: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:20693: checking for MD5_Init" >&5
+echo "$as_me:18598: checking for MD5_Init" >&5
 echo $ECHO_N "checking for MD5_Init... $ECHO_C" >&6
 if test "${ac_cv_funclib_MD5_Init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -20704,9 +18609,9 @@ if eval "test \"\$ac_cv_func_MD5_Init\" != yes" ; then
 		else
 			ac_lib=""
 		fi
-		LIBS="$LIB_krb4 $ac_lib  $ac_save_LIBS"
+		LIBS="$test_LIB_krb4 $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 20709 "configure"
+#line 18614 "configure"
 #include "confdefs.h"
 
 int
@@ -20718,20 +18623,11 @@ MD5_Init()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20721: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20724: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20726: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:20729: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18626: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_MD5_Init=$ac_lib; else ac_cv_funclib_MD5_Init=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -20748,13 +18644,13 @@ if false; then
 for ac_func in MD5_Init
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:20751: checking for $ac_func" >&5
+echo "$as_me:18647: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20757 "configure"
+#line 18653 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -20785,25 +18681,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20788: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20791: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20793: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:20796: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18684: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:20806: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:18693: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -20827,13 +18714,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:20830: result: yes" >&5
+	echo "$as_me:18717: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_MD5_Init=no"
 	eval "LIB_MD5_Init="
-	echo "$as_me:20836: result: no" >&5
+	echo "$as_me:18723: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -20847,12 +18734,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:20850: result: yes, in $ac_res" >&5
+	echo "$as_me:18737: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:20855: checking for SHA1_Init" >&5
+echo "$as_me:18742: checking for SHA1_Init" >&5
 echo $ECHO_N "checking for SHA1_Init... $ECHO_C" >&6
 if test "${ac_cv_funclib_SHA1_Init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -20866,9 +18753,9 @@ if eval "test \"\$ac_cv_func_SHA1_Init\" != yes" ; then
 		else
 			ac_lib=""
 		fi
-		LIBS="$LIB_krb4 $ac_lib  $ac_save_LIBS"
+		LIBS="$test_LIB_krb4 $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 20871 "configure"
+#line 18758 "configure"
 #include "confdefs.h"
 
 int
@@ -20880,20 +18767,11 @@ SHA1_Init()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20883: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20886: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20888: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:20891: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18770: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_SHA1_Init=$ac_lib; else ac_cv_funclib_SHA1_Init=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -20910,13 +18788,13 @@ if false; then
 for ac_func in SHA1_Init
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:20913: checking for $ac_func" >&5
+echo "$as_me:18791: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 20919 "configure"
+#line 18797 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -20947,25 +18825,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20950: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20953: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:20955: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:20958: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18828: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:20968: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:18837: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -20989,13 +18858,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:20992: result: yes" >&5
+	echo "$as_me:18861: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_SHA1_Init=no"
 	eval "LIB_SHA1_Init="
-	echo "$as_me:20998: result: no" >&5
+	echo "$as_me:18867: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -21009,12 +18878,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:21012: result: yes, in $ac_res" >&5
+	echo "$as_me:18881: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:21017: checking for des_cbc_encrypt" >&5
+echo "$as_me:18886: checking for des_cbc_encrypt" >&5
 echo $ECHO_N "checking for des_cbc_encrypt... $ECHO_C" >&6
 if test "${ac_cv_funclib_des_cbc_encrypt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -21028,9 +18897,9 @@ if eval "test \"\$ac_cv_func_des_cbc_encrypt\" != yes" ; then
 		else
 			ac_lib=""
 		fi
-		LIBS="$LIB_krb4 $ac_lib  $ac_save_LIBS"
+		LIBS="$test_LIB_krb4 $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 21033 "configure"
+#line 18902 "configure"
 #include "confdefs.h"
 
 int
@@ -21042,20 +18911,11 @@ des_cbc_encrypt()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21045: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21048: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21050: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21053: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18914: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_des_cbc_encrypt=$ac_lib; else ac_cv_funclib_des_cbc_encrypt=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -21072,13 +18932,13 @@ if false; then
 for ac_func in des_cbc_encrypt
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:21075: checking for $ac_func" >&5
+echo "$as_me:18935: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 21081 "configure"
+#line 18941 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -21109,25 +18969,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21112: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21115: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21117: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21120: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:18972: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:21130: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:18981: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -21151,13 +19002,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:21154: result: yes" >&5
+	echo "$as_me:19005: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_des_cbc_encrypt=no"
 	eval "LIB_des_cbc_encrypt="
-	echo "$as_me:21160: result: no" >&5
+	echo "$as_me:19011: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -21171,12 +19022,12 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:21174: result: yes, in $ac_res" >&5
+	echo "$as_me:19025: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
-echo "$as_me:21179: checking for RC4" >&5
+echo "$as_me:19030: checking for RC4" >&5
 echo $ECHO_N "checking for RC4... $ECHO_C" >&6
 if test "${ac_cv_funclib_RC4+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -21190,9 +19041,9 @@ if eval "test \"\$ac_cv_func_RC4\" != yes" ; then
 		else
 			ac_lib=""
 		fi
-		LIBS="$LIB_krb4 $ac_lib  $ac_save_LIBS"
+		LIBS="$test_LIB_krb4 $ac_lib  $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 21195 "configure"
+#line 19046 "configure"
 #include "confdefs.h"
 
 int
@@ -21204,20 +19055,11 @@ RC4()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21207: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21210: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21212: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21215: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:19058: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_RC4=$ac_lib; else ac_cv_funclib_RC4=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -21234,13 +19076,13 @@ if false; then
 for ac_func in RC4
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:21237: checking for $ac_func" >&5
+echo "$as_me:19079: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 21243 "configure"
+#line 19085 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -21271,25 +19113,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21274: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21277: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21279: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21282: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:19116: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:21292: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:19125: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -21313,13 +19146,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:21316: result: yes" >&5
+	echo "$as_me:19149: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_RC4=no"
 	eval "LIB_RC4="
-	echo "$as_me:21322: result: no" >&5
+	echo "$as_me:19155: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -21333,7 +19166,7 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:21336: result: yes, in $ac_res" >&5
+	echo "$as_me:19169: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
@@ -21344,7 +19177,11 @@ if test "$ac_cv_func_des_cbc_encrypt" = "yes" -a \
 "$ac_cv_func_SHA1_Init" = "yes" -a \
 "$ac_cv_func_RC4" = "yes"; then
   DIR_des=''
-  LIB_des="-R $krb4_libdir -L$krb4_libdir $ac_cv_funclib_MD4_Init"
+  LIB_des=''
+  if test "$krb4_libdir" != ""; then
+    LIB_des="-R $krb4_libdir -L$krb4_libdir"
+  fi
+  LIB_des="$LIB_des $ac_cv_funclib_MD4_Init"
   LIB_des_appl="$LIB_des"
 else
   DIR_des='des'
@@ -21352,7 +19189,7 @@ else
   LIB_des_appl="-ldes"
 fi
 
-echo "$as_me:21355: checking for el_init" >&5
+echo "$as_me:19192: checking for el_init" >&5
 echo $ECHO_N "checking for el_init... $ECHO_C" >&6
 if test "${ac_cv_funclib_el_init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -21368,7 +19205,7 @@ if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
 		fi
 		LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
 		cat >conftest.$ac_ext <<_ACEOF
-#line 21371 "configure"
+#line 19208 "configure"
 #include "confdefs.h"
 
 int
@@ -21380,20 +19217,11 @@ el_init()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21383: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21386: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21388: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21391: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:19220: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
+  cat conftest.$ac_ext >&5
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 	done
@@ -21410,13 +19238,13 @@ if false; then
 for ac_func in el_init
 do
 ac_ac_var=`echo "ac_cv_func_$ac_func" | $ac_tr_sh`
-echo "$as_me:21413: checking for $ac_func" >&5
+echo "$as_me:19241: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$ac_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 21419 "configure"
+#line 19247 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -21447,25 +19275,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21450: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21453: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21455: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21458: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:19278: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   eval "$ac_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$ac_ac_var=no"
+  cat conftest.$ac_ext >&5
+  eval "$ac_ac_var=no"
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:21468: result: `eval echo '${'$ac_ac_var'}'`" >&5
+echo "$as_me:19287: result: `eval echo '${'$ac_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$ac_ac_var'}'`" >&6
 if test `eval echo '${'$ac_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -21489,13 +19308,13 @@ case "$ac_res" in
 #define $ac_tr_func 1
 EOF
 
-	echo "$as_me:21492: result: yes" >&5
+	echo "$as_me:19311: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 	;;
 	no)
 	eval "ac_cv_func_el_init=no"
 	eval "LIB_el_init="
-	echo "$as_me:21498: result: no" >&5
+	echo "$as_me:19317: result: no" >&5
 echo "${ECHO_T}no" >&6
 	;;
 	*)
@@ -21509,20 +19328,20 @@ EOF
 #define $ac_tr_lib 1
 EOF
 
-	echo "$as_me:21512: result: yes, in $ac_res" >&5
+	echo "$as_me:19331: result: yes, in $ac_res" >&5
 echo "${ECHO_T}yes, in $ac_res" >&6
 	;;
 esac
 
 if test "$ac_cv_func_el_init" = yes ; then
-	echo "$as_me:21518: checking for four argument el_init" >&5
+	echo "$as_me:19337: checking for four argument el_init" >&5
 echo $ECHO_N "checking for four argument el_init... $ECHO_C" >&6
 if test "${ac_cv_func_el_init_four+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
 		cat >conftest.$ac_ext <<_ACEOF
-#line 21525 "configure"
+#line 19344 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 			#include <histedit.h>
@@ -21535,25 +19354,16 @@ el_init("", NULL, NULL, NULL);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21538: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21541: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21543: \"test -s conftest.$ac_objext\"") >&5
-  (eval test -s conftest.$ac_objext) 2>&5
-  ac_status=$?
-  echo "$as_me:21546: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:19357: \"$ac_compile\") >&5; (eval $ac_compile) 2>&5; } && test -s conftest.$ac_objext; then
   ac_cv_func_el_init_four=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_el_init_four=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_el_init_four=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:21556: result: $ac_cv_func_el_init_four" >&5
+echo "$as_me:19366: result: $ac_cv_func_el_init_four" >&5
 echo "${ECHO_T}$ac_cv_func_el_init_four" >&6
 	if test "$ac_cv_func_el_init_four" = yes; then
 
@@ -21624,13 +19434,13 @@ fi
 #
 # And also something wierd has happend with dec-osf1, fallback to bsd-ptys
 
-echo "$as_me:21627: checking for getmsg" >&5
+echo "$as_me:19437: checking for getmsg" >&5
 echo $ECHO_N "checking for getmsg... $ECHO_C" >&6
 if test "${ac_cv_func_getmsg+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 21633 "configure"
+#line 19443 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char getmsg (); below.  */
@@ -21661,30 +19471,21 @@ f = getmsg;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21664: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21667: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { (eval echo "$as_me:21669: \"test -s conftest$ac_exeext\"") >&5
-  (eval test -s conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21672: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+if { (eval echo $as_me:19474: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } && test -s conftest$ac_exeext; then
   ac_cv_func_getmsg=yes
 else
   echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getmsg=no
+  cat conftest.$ac_ext >&5
+  ac_cv_func_getmsg=no
 fi
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:21682: result: $ac_cv_func_getmsg" >&5
+echo "$as_me:19483: result: $ac_cv_func_getmsg" >&5
 echo "${ECHO_T}$ac_cv_func_getmsg" >&6
 
 if test "$ac_cv_func_getmsg" = "yes"; then
 
-echo "$as_me:21687: checking for working getmsg" >&5
+echo "$as_me:19488: checking for working getmsg" >&5
 echo $ECHO_N "checking for working getmsg... $ECHO_C" >&6
 if test "${ac_cv_func_getmsg_work+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -21693,7 +19494,7 @@ else
   ac_cv_func_getmsg_work=no
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 21696 "configure"
+#line 19497 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -21710,15 +19511,10 @@ int main()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:21713: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21716: \$? = $ac_status" >&5
-  (exit $ac_status); } && { (eval echo "$as_me:21717: \"./conftest$ac_exeext\"") >&5
-  (eval ./conftest$ac_exeext) 2>&5
-  ac_status=$?
-  echo "$as_me:21720: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
+{ (eval echo $as_me:19514: \"$ac_link\") >&5; (eval $ac_link) 2>&5; } &&
+  (./conftest$ac_exeext) >&5 2>&1;
+ac_status=$?
+if test $ac_status = 0; then
   ac_cv_func_getmsg_work=yes
 else
   echo "$as_me: program exited with status $ac_status" >&5
@@ -21726,10 +19522,12 @@ echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 ac_cv_func_getmsg_work=no
 fi
+
 rm -f conftest$ac_exeext conftest.$ac_ext
 fi
+
 fi
-echo "$as_me:21732: result: $ac_cv_func_getmsg_work" >&5
+echo "$as_me:19530: result: $ac_cv_func_getmsg_work" >&5
 echo "${ECHO_T}$ac_cv_func_getmsg_work" >&6
 test "$ac_cv_func_getmsg_work" = "yes" &&
 
@@ -21740,7 +19538,7 @@ EOF
 fi
 
 if test "$ac_cv_func_getmsg_work" = yes; then
-echo "$as_me:21743: checking for streamspty" >&5
+echo "$as_me:19541: checking for streamspty" >&5
 echo $ECHO_N "checking for streamspty... $ECHO_C" >&6
 case "$host" in
 *-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[01]*)
@@ -21750,7 +19548,7 @@ case "$host" in
 	krb_cv_sys_streamspty=yes
 	;;
 esac
-echo "$as_me:21753: result: $krb_cv_sys_streamspty" >&5
+echo "$as_me:19551: result: $krb_cv_sys_streamspty" >&5
 echo "${ECHO_T}$krb_cv_sys_streamspty" >&6
 fi
 if test "$krb_cv_sys_streamspty" = yes; then
@@ -21761,7 +19559,7 @@ EOF
 
 fi
 
-echo "$as_me:21764: checking which authentication modules should be built" >&5
+echo "$as_me:19562: checking which authentication modules should be built" >&5
 echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6
 
 LIB_AUTH_SUBDIRS=
@@ -21778,7 +19576,7 @@ case "${host}" in
 *-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
 esac
 
-echo "$as_me:21781: result: $LIB_AUTH_SUBDIRS" >&5
+echo "$as_me:19579: result: $LIB_AUTH_SUBDIRS" >&5
 echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6
 
 test "x$prefix" = xNONE && prefix=$ac_default_prefix
@@ -21805,7 +19603,59 @@ if false; then
 fi
 LTLIBOBJS=`echo "$LIBOBJS" | sed 's/\.o/\.lo/g'`
 
-ac_config_files="$ac_config_files Makefile include/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/des/Makefile lib/editline/Makefile lib/gssapi/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile doc/Makefile tools/Makefile"
+ac_config_files="$ac_config_files Makefile 		\
+	include/Makefile		\
+	include/kadm5/Makefile		\
+	lib/Makefile			\
+	lib/45/Makefile			\
+	lib/auth/Makefile		\
+	lib/auth/afskauthlib/Makefile	\
+	lib/auth/pam/Makefile		\
+	lib/auth/sia/Makefile		\
+	lib/asn1/Makefile		\
+	lib/com_err/Makefile		\
+	lib/des/Makefile		\
+	lib/editline/Makefile		\
+	lib/gssapi/Makefile		\
+	lib/hdb/Makefile		\
+	lib/kadm5/Makefile		\
+	lib/kafs/Makefile		\
+	lib/kdfs/Makefile		\
+	lib/krb5/Makefile		\
+	lib/otp/Makefile		\
+	lib/roken/Makefile		\
+	lib/sl/Makefile			\
+	lib/vers/Makefile		\
+	kuser/Makefile			\
+	kpasswd/Makefile		\
+	kadmin/Makefile			\
+	admin/Makefile			\
+	kdc/Makefile			\
+	appl/Makefile			\
+	appl/afsutil/Makefile		\
+	appl/ftp/Makefile		\
+	appl/ftp/common/Makefile	\
+	appl/ftp/ftp/Makefile		\
+	appl/ftp/ftpd/Makefile		\
+	appl/kx/Makefile		\
+	appl/login/Makefile		\
+	appl/otp/Makefile		\
+	appl/popper/Makefile		\
+	appl/push/Makefile		\
+	appl/rsh/Makefile		\
+	appl/rcp/Makefile		\
+	appl/su/Makefile		\
+	appl/xnlock/Makefile		\
+	appl/telnet/Makefile		\
+	appl/telnet/libtelnet/Makefile	\
+	appl/telnet/telnet/Makefile	\
+	appl/telnet/telnetd/Makefile	\
+	appl/test/Makefile		\
+	appl/kf/Makefile		\
+	appl/dceutils/Makefile		\
+	doc/Makefile			\
+	tools/Makefile			\
+"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -21866,19 +19716,49 @@ test "x$prefix" = xNONE && prefix=$ac_default_prefix
 # Let make expand exec_prefix.
 test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
 
-# VPATH is dangerous, but if there is a colon in the path, we need to
-# keep it.
+# Any assignment to VPATH causes Sun make to only execute
+# the first set of double-colon rules, so remove it if not needed.
+# If there is a colon in the path, we need to keep it.
 if test "x$srcdir" = x.; then
   ac_vpsub='/^[ 	]*VPATH[ 	]*=[^:]*$/d'
 fi
 
 DEFS=-DHAVE_CONFIG_H
 
+# Save into config.log some information that might help in debugging.
+echo >&5
+echo "Cache variables:" >&5
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+{
+  (set) 2>&1 |
+    case `(ac_space=' '; set | grep ac_space) 2>&1` in
+    *ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+        "s/'/'\\\\''/g;
+    	  s/^\\([_$ac_cr_alnum]*_cv_[_$ac_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;;
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n \
+        "s/^\\([_$ac_cr_alnum]*_cv_[_$ac_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+      ;;
+    esac;
+} | sed 's/^/| /' >&5
+echo >&5
+echo "confdefs.h:" >&5
+sed '/^$/d;s/^/| /' confdefs.h >&5
+
 : ${CONFIG_STATUS=./config.status}
 ac_clean_files_save=$ac_clean_files
 ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:21880: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
+{ echo "$as_me:19760: creating $CONFIG_STATUS" >&5
+echo "creating $CONFIG_STATUS" >&6;}
 cat >$CONFIG_STATUS <<\_ACEOF
 #! /bin/sh
 # Generated automatically by configure.
@@ -21903,43 +19783,6 @@ if expr a : '\(a\)' >/dev/null 2>&1; then
 else
   as_expr=false
 fi
-
-rm -f conftest conftest.exe conftest.file
-echo >conftest.file
-if ln -s conftest.file conftest 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conftest.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conftest.file conftest 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conftest conftest.exe conftest.file
-
-# Find out how to test for executable files. Don't use a zero-byte file,
-# as systems may use methods other than mode bits to determine executability.
-cat >conftest.file <<_ASEOF
-#! /bin/sh
-exit 0
-_ASEOF
-chmod +x conftest.file
-if test -x conftest.file >/dev/null 2>&1; then
-  as_executable_p="test -x"
-elif test -f conftest.file >/dev/null 2>&1; then
-  as_executable_p="test -f"
-else
-  { { echo "$as_me:21937: error: cannot check whether a file is executable on this system" >&5
-echo "$as_me: error: cannot check whether a file is executable on this system" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-rm -f conftest.file
-
 # Support unset when possible.
 if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
   as_unset=unset
@@ -21959,9 +19802,9 @@ $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; ex
 
 # IFS
 # We need space, tab and new line, in precisely that order.
-as_nl='
+ac_nl='
 '
-IFS=" 	$as_nl"
+IFS=" 	$ac_nl"
 
 # CDPATH.
 $as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; }
@@ -21970,18 +19813,22 @@ $as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; }
 # 0 standard input
 # 1 file creation
 # 2 errors and warnings
-# 5 compiler messages saved in config.log
+# 3 some systems may open it to /dev/tty
+# 4 used on the Kubota Titan
 # 6 checking for... messages and results
+# 5 compiler messages saved in config.log
+if test "$silent" = yes; then
+  exec 6>/dev/null
+else
+  exec 6>&1
+fi
 exec 5>>config.log
-exec 6>&1
 
 cat >&5 << EOF
 
-## ----------------------- ##
-## Running config.status.  ##
-## ----------------------- ##
+----------------------------------------------------------------------
 
-This file was extended by $as_me (heimdal 0.3e) 2.49d, executed with
+This file was extended by $as_me (heimdal 0.3f) 2.49b, executed with
  > $0 $@
 on `(hostname || uname -n) 2>/dev/null | sed 1q`
 
@@ -22037,11 +19884,12 @@ EOF
 
 cat >>$CONFIG_STATUS <<EOF
 ac_cs_version="\\
-$CONFIG_STATUS generated by $as_me (Autoconf 2.49d).
+$CONFIG_STATUS generated by $as_me (Autoconf 2.49b).
 Configured on host $ac_hostname by
   `echo "$0 $ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`"
-srcdir=$srcdir
-INSTALL="$INSTALL"
+
+ac_given_srcdir=$srcdir
+ac_given_INSTALL="$INSTALL"
 EOF
 
 cat >>$CONFIG_STATUS <<\EOF
@@ -22077,11 +19925,9 @@ cat >>$CONFIG_STATUS <<\EOF
     echo "$ac_cs_version"; exit 0 ;;
   --he | --h)
     # Conflict between --help and --header
-    { { echo "$as_me:22080: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; };;
+    {  echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+  { (exit 1); exit; }; };;
   --help | --hel | -h )
     echo "$ac_cs_usage"; exit 0 ;;
   --debug | --d* | -d )
@@ -22153,14 +19999,11 @@ Try \`$0 --help' for more information." >&2;}
   'include/config.h' ) CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
 
   # This is an error.
-  -*) { { echo "$as_me:22156: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; } ;;
-  *) { { echo "$as_me:22161: error: invalid argument: $1" >&5
-echo "$as_me: error: invalid argument: $1" >&2;}
-   { (exit 1); exit 1; }; };;
+  -*) {  echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+  { (exit 1); exit; }; } ;;
+  *) {  echo "$as_me: error: invalid argument: $1" >&2
+  { (exit 1); exit; }; };;
   esac
   shift
 done
@@ -22170,19 +20013,17 @@ EOF
 cat >>$CONFIG_STATUS <<\EOF
 # If the user did not use the arguments to specify the items to instantiate,
 # then the envvar interface is used.  Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
 if $ac_need_defaults; then
-  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+  CONFIG_FILES=${CONFIG_FILES="$config_files"}
+  CONFIG_HEADERS=${CONFIG_HEADERS="$config_headers"}
+  CONFIG_COMMANDS=${CONFIG_COMMANDS="$config_commands"}
 fi
 
 # Create a temporary directory, and hook for its removal unless debugging.
 $debug ||
 {
   trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
-  trap '{ (exit $?); exit $?; }' 1 2 13 15
+  trap '{ (exit $?); exit; }' 1 2 13 15
 }
 
 # Create a (secure) tmp directory for tmp files.
@@ -22197,7 +20038,7 @@ $debug ||
 } ||
 {
    echo "$me: cannot create a temporary directory in $TMPDIR" >&2
-   { (exit 1); exit 1; }
+   { (exit 1); exit; }
 }
 
 EOF
@@ -22207,6 +20048,15 @@ cat >>$CONFIG_STATUS <<EOF
 # INIT-COMMANDS section.
 #
 
+am_indx=1
+  for am_file in include/config.h; do
+    case " $CONFIG_HEADERS " in
+    *" $am_file "*)
+      echo timestamp > `echo $am_file | sed 's%:.*%%;s%[^/]*$%%'`stamp-h$am_indx
+      ;;
+    esac
+    am_indx=\`expr \$am_indx + 1\`
+  done
 AMDEP="$AMDEP"
 ac_aux_dir="$ac_aux_dir"
 
@@ -22240,24 +20090,21 @@ s,@includedir@,$includedir,;t t
 s,@oldincludedir@,$oldincludedir,;t t
 s,@infodir@,$infodir,;t t
 s,@mandir@,$mandir,;t t
-s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
-s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
-s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
 s,@ECHO_C@,$ECHO_C,;t t
 s,@ECHO_N@,$ECHO_N,;t t
 s,@ECHO_T@,$ECHO_T,;t t
+s,@CFLAGS@,$CFLAGS,;t t
+s,@CPPFLAGS@,$CPPFLAGS,;t t
+s,@CXXFLAGS@,$CXXFLAGS,;t t
+s,@FFLAGS@,$FFLAGS,;t t
 s,@DEFS@,$DEFS,;t t
+s,@LDFLAGS@,$LDFLAGS,;t t
 s,@LIBS@,$LIBS,;t t
 s,@CC@,$CC,;t t
-s,@CFLAGS@,$CFLAGS,;t t
-s,@LDFLAGS@,$LDFLAGS,;t t
 s,@ac_ct_CC@,$ac_ct_CC,;t t
 s,@OBJEXT@,$OBJEXT,;t t
 s,@EXEEXT@,$EXEEXT,;t t
 s,@CPP@,$CPP,;t t
-s,@CPPFLAGS@,$CPPFLAGS,;t t
 s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
 s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
 s,@INSTALL_DATA@,$INSTALL_DATA,;t t
@@ -22323,6 +20170,8 @@ s,@LIB_getsockopt@,$LIB_getsockopt,;t t
 s,@LIB_setsockopt@,$LIB_setsockopt,;t t
 s,@LIB_hstrerror@,$LIB_hstrerror,;t t
 s,@LIBOBJS@,$LIBOBJS,;t t
+s,@LIB_bswap16@,$LIB_bswap16,;t t
+s,@LIB_bswap32@,$LIB_bswap32,;t t
 s,@LIB_pidfile@,$LIB_pidfile,;t t
 s,@LIB_crypt@,$LIB_crypt,;t t
 s,@DIR_roken@,$DIR_roken,;t t
@@ -22457,7 +20306,7 @@ for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
   * )   ac_file_in=$ac_file.in ;;
   esac
 
-  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
+  # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.
   ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
          X"$ac_file" : 'X\(//\)[^/]' \| \
          X"$ac_file" : 'X\(//\)$' \| \
@@ -22471,19 +20320,13 @@ echo X"$ac_file" |
   	  s/.*/./; q'`
   if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
     { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
+  [\\/]* | ?:[\\/]* ) ac_incr_dir=;;
+  *)                      ac_incr_dir=.;;
 esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" || mkdir "$as_incr_dir"
-    ;;
-  esac
+ac_dummy="$ac_dir"
+for ac_mkdir_dir in `IFS=/; set X $ac_dummy; shift; echo "$@"`; do
+  ac_incr_dir=$ac_incr_dir/$ac_mkdir_dir
+  test -d $ac_incr_dir || mkdir $ac_incr_dir
 done; }
 
     ac_dir_suffix="/`echo $ac_dir|sed 's,^\./,,'`"
@@ -22493,29 +20336,26 @@ done; }
     ac_dir_suffix= ac_dots=
   fi
 
-  case $srcdir in
-  .)  ac_srcdir=.
-      if test -z "$ac_dots"; then
-         ac_top_srcdir=.
-      else
-         ac_top_srcdir=`echo $ac_dots | sed 's,/$,,'`
-      fi ;;
+  case $ac_given_srcdir in
+  .)  srcdir=.
+      if test -z "$ac_dots"; then top_srcdir=.
+      else top_srcdir=`echo $ac_dots | sed 's,/$,,'`; fi ;;
   [\\/]* | ?:[\\/]* )
-      ac_srcdir=$srcdir$ac_dir_suffix;
-      ac_top_srcdir=$srcdir ;;
+      srcdir=$ac_given_srcdir$ac_dir_suffix;
+      top_srcdir=$ac_given_srcdir ;;
   *) # Relative path.
-    ac_srcdir=$ac_dots$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_dots$srcdir ;;
+    srcdir=$ac_dots$ac_given_srcdir$ac_dir_suffix
+    top_srcdir=$ac_dots$ac_given_srcdir ;;
   esac
 
-  case $INSTALL in
-  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-  *) ac_INSTALL=$ac_dots$INSTALL ;;
+  case $ac_given_INSTALL in
+  [\\/$]* | ?:[\\/]* ) INSTALL=$ac_given_INSTALL ;;
+  *) INSTALL=$ac_dots$ac_given_INSTALL ;;
   esac
 
   if test x"$ac_file" != x-; then
-    { echo "$as_me:22517: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
+    { echo "$as_me:20357: creating $ac_file" >&5
+echo "creating $ac_file" >&6;}
     rm -f "$ac_file"
   fi
   # Let's still pretend it is `configure' which instantiates (i.e., don't
@@ -22524,6 +20364,9 @@ echo "$as_me: creating $ac_file" >&6;}
   configure_input="Generated automatically from `echo $ac_file_in |
                                                  sed 's,.*/,,'` by configure."
 
+  # Don't redirect the output to AC_FILE directly: use `mv' so that
+  # updating is atomic, and doesn't need trapping.
+
   # First look for the input files in the build tree, otherwise in the
   # src tree.
   ac_file_inputs=`IFS=:
@@ -22532,25 +20375,23 @@ echo "$as_me: creating $ac_file" >&6;}
       -) echo $tmp/stdin ;;
       [\\/$]* | ?:[\\/]*)
          # Absolute
-         test -f "$f" || { { echo "$as_me:22535: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
+         test -f "$f" || {  echo "$as_me: error: cannot find input file: $f" >&2
+  { (exit 1); exit; }; }
          echo $f;;
       *) # Relative
          if test -f "$f"; then
            # Build tree
            echo $f
-         elif test -f "$srcdir/$f"; then
+         elif test -f "$ac_given_srcdir/$f"; then
            # Source tree
-           echo $srcdir/$f
+           echo $ac_given_srcdir/$f
          else
            # /dev/null tree
-           { { echo "$as_me:22548: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
+           {  echo "$as_me: error: cannot find input file: $f" >&2
+  { (exit 1); exit; }; }
          fi;;
       esac
-    done` || { (exit 1); exit 1; }
+    done` || { (exit 1); exit; }
 EOF
 cat >>$CONFIG_STATUS <<EOF
   sed "$ac_vpsub
@@ -22560,9 +20401,9 @@ cat >>$CONFIG_STATUS <<\EOF
 :t
 /@[a-zA-Z_][a-zA-Z_0-9]*@/!b
 s,@configure_input@,$configure_input,;t t
-s,@srcdir@,$ac_srcdir,;t t
-s,@top_srcdir@,$ac_top_srcdir,;t t
-s,@INSTALL@,$ac_INSTALL,;t t
+s,@srcdir@,$srcdir,;t t
+s,@top_srcdir@,$top_srcdir,;t t
+s,@INSTALL@,$INSTALL,;t t
 " $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
   rm -f $tmp/stdin
   if test x"$ac_file" != x-; then
@@ -22606,8 +20447,8 @@ for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
   * )   ac_file_in=$ac_file.in ;;
   esac
 
-  test x"$ac_file" != x- && { echo "$as_me:22609: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
+  test x"$ac_file" != x- && { echo "$as_me:20450: creating $ac_file" >&5
+echo "creating $ac_file" >&6;}
 
   # First look for the input files in the build tree, otherwise in the
   # src tree.
@@ -22617,25 +20458,23 @@ echo "$as_me: creating $ac_file" >&6;}
       -) echo $tmp/stdin ;;
       [\\/$]* | ?:[\\/]*)
          # Absolute
-         test -f "$f" || { { echo "$as_me:22620: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
+         test -f "$f" || {  echo "$as_me: error: cannot find input file: $f" >&2
+  { (exit 1); exit; }; }
          echo $f;;
       *) # Relative
          if test -f "$f"; then
            # Build tree
            echo $f
-         elif test -f "$srcdir/$f"; then
+         elif test -f "$ac_given_srcdir/$f"; then
            # Source tree
-           echo $srcdir/$f
+           echo $ac_given_srcdir/$f
          else
            # /dev/null tree
-           { { echo "$as_me:22633: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
+           {  echo "$as_me: error: cannot find input file: $f" >&2
+  { (exit 1); exit; }; }
          fi;;
       esac
-    done` || { (exit 1); exit 1; }
+    done` || { (exit 1); exit; }
   # Remove the trailing spaces.
   sed 's/[ 	]*$//' $ac_file_inputs >$tmp/in
 
@@ -22667,7 +20506,7 @@ s,^[ 	]*#[ 	]*define[ 	][ 	]*\([^ 	][^ 	]*\)[ 	]*\(.*\)$,${ac_dA}\1${ac_dB}\1${a
 EOF
 # If some macros were called several times there might be several times
 # the same #defines, which is useless.  Nevertheless, we may not want to
-# sort them, since we want the *last* AC-DEFINE to be honored.
+# sort them, since we want the *last* AC_DEFINE to be honored.
 uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
 sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
 rm -f confdef2sed.sed
@@ -22747,8 +20586,8 @@ cat >>$CONFIG_STATUS <<\EOF
   rm -f $tmp/in
   if test x"$ac_file" != x-; then
     if cmp -s $ac_file $tmp/config.h 2>/dev/null; then
-      { echo "$as_me:22750: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
+      { echo "$as_me:20589: $ac_file is unchanged" >&5
+echo "$ac_file is unchanged" >&6;}
     else
       ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
          X"$ac_file" : 'X\(//\)[^/]' \| \
@@ -22763,19 +20602,13 @@ echo X"$ac_file" |
   	  s/.*/./; q'`
       if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
         { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
+  [\\/]* | ?:[\\/]* ) ac_incr_dir=;;
+  *)                      ac_incr_dir=.;;
 esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" || mkdir "$as_incr_dir"
-    ;;
-  esac
+ac_dummy="$ac_dir"
+for ac_mkdir_dir in `IFS=/; set X $ac_dummy; shift; echo "$@"`; do
+  ac_incr_dir=$ac_incr_dir/$ac_mkdir_dir
+  test -d $ac_incr_dir || mkdir $ac_incr_dir
 done; }
 
       fi
@@ -22798,7 +20631,7 @@ for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
   ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
 
   case $ac_dest in
-    default-1 ) test -z "$CONFIG_HEADERS" || echo timestamp > include/stamp-h ;;
+    default-1 ) test -z "$CONFIG_HEADERS" || echo timestamp >	   include/stamp-h ;;
     default-2 )
 test x"$AMDEP" != x"" ||
 for mf in $CONFIG_FILES; do
@@ -22849,7 +20682,7 @@ EOF
 chmod +x $CONFIG_STATUS
 ac_clean_files=$ac_clean_files_save
 
-test "$no_create" = yes || $SHELL $CONFIG_STATUS || { (exit 1); exit 1; }
+test "$no_create" = yes || $SHELL $CONFIG_STATUS || { (exit 1); exit; }
 
 HEIMDALVERSION="$PACKAGE-$VERSION"
 
diff --git a/crypto/heimdal/configure.in b/crypto/heimdal/configure.in
index b0b2e1c..5072966 100644
--- a/crypto/heimdal/configure.in
+++ b/crypto/heimdal/configure.in
@@ -1,7 +1,7 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_REVISION($Revision: 1.270 $)
+AC_REVISION($Revision: 1.278 $)
 AC_PREREQ(2.14.-1.1)dnl 2.14a
-AC_INIT(heimdal, 0.3e, heimdal-bugs@pdc.kth.se)
+AC_INIT(heimdal, 0.3f, heimdal-bugs@pdc.kth.se)
 AM_CONFIG_HEADER(include/config.h)
 
 dnl Checks for programs.
@@ -9,7 +9,7 @@ AC_PROG_CC
 AC_PROG_CPP
 AC_PROG_CC_STDC
 
-AM_INIT_AUTOMAKE(heimdal,0.3e)
+AM_INIT_AUTOMAKE(heimdal,0.3f)
 
 AC_PREFIX_DEFAULT(/usr/heimdal)
 
@@ -77,7 +77,10 @@ dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roke
 rk_ROKEN(lib/roken)
 LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
 
-AC_TEST_PACKAGE_NEW(openldap,[#include <ldap.h>],[-lldap -llber],,,OPENLDAP)
+AC_TEST_PACKAGE_NEW(openldap,
+[#include <lber.h>
+#include <ldap.h>],
+[-lldap -llber],,,OPENLDAP)
 
 if test "$openldap_libdir"; then
 	LIB_openldap="-R $openldap_libdir $LIB_openldap"
@@ -153,6 +156,7 @@ if test "$with_krb4" != "no"; then
 	LIBS="$save_LIBS"
 	CFLAGS="$save_CFLAGS"
 	LIB_kdb="-lkdb -lkrb"
+	test_LIB_krb4="$LIB_krb4"
 	if test "$krb4_libdir"; then
 		LIB_krb4="-R $krb4_libdir $LIB_krb4"
 		LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb"
@@ -173,11 +177,12 @@ AM_CONDITIONAL(DCE, test "$enable_dce" = yes)
 
 ## XXX quite horrible:
 if test -f /etc/ibmcxx.cfg; then
-	dpagaix_LDADD=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_CFLAGS=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'`
+	dpagaix_LDADD=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[[^=]]*=\(.*\)/\1/;s/,/ /gp;}'`
+	dpagaix_CFLAGS=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[[^=]]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'`
 else
 	dpagaix_CFLAGS="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
 	dpagaix_LDADD="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
+	dpagaix_LDFLAGS="-Wl,-bI:dfspag.exp"
 fi
 AC_SUBST(dpagaix_CFLAGS)
 AC_SUBST(dpagaix_LDADD)
@@ -555,18 +560,22 @@ AC_CHECK_HEADERS([				\
 	openssl/rc4.h				\
 ])
 
-AC_FIND_FUNC_NO_LIBS2(MD4_Init, crypto des, [], [], [], [$LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(MD5_Init, crypto des, [], [], [], [$LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(SHA1_Init, crypto des, [], [], [], [$LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(des_cbc_encrypt, crypto des, [], [], [], [$LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(RC4, crypto des, [], [], [], [$LIB_krb4])
+AC_FIND_FUNC_NO_LIBS2(MD4_Init, crypto des, [], [], [], [$test_LIB_krb4])
+AC_FIND_FUNC_NO_LIBS2(MD5_Init, crypto des, [], [], [], [$test_LIB_krb4])
+AC_FIND_FUNC_NO_LIBS2(SHA1_Init, crypto des, [], [], [], [$test_LIB_krb4])
+AC_FIND_FUNC_NO_LIBS2(des_cbc_encrypt, crypto des, [], [], [], [$test_LIB_krb4])
+AC_FIND_FUNC_NO_LIBS2(RC4, crypto des, [], [], [], [$test_LIB_krb4])
 if test "$ac_cv_func_des_cbc_encrypt" = "yes" -a \
 "$ac_cv_func_MD4_Init"  = "yes" -a \
 "$ac_cv_func_MD5_Init"  = "yes" -a \
 "$ac_cv_func_SHA1_Init" = "yes" -a \
 "$ac_cv_func_RC4" = "yes"; then
   DIR_des=''
-  LIB_des="-R $krb4_libdir -L$krb4_libdir $ac_cv_funclib_MD4_Init"
+  LIB_des=''
+  if test "$krb4_libdir" != ""; then
+    LIB_des="-R $krb4_libdir -L$krb4_libdir"
+  fi
+  LIB_des="$LIB_des $ac_cv_funclib_MD4_Init"
   LIB_des_appl="$LIB_des"
 else
   DIR_des='des'
diff --git a/crypto/heimdal/doc/Makefile.in b/crypto/heimdal/doc/Makefile.in
index 2638ef1..ffc5d89 100644
--- a/crypto/heimdal/doc/Makefile.in
+++ b/crypto/heimdal/doc/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies no-texinfo.tex
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 info_TEXINFOS = heimdal.texi
@@ -212,7 +215,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .dvi .et .h .info .ps .texi .texinfo .txi .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .dvi .info .ps .texi .texinfo .txi
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile
 
diff --git a/crypto/heimdal/doc/ack.texi b/crypto/heimdal/doc/ack.texi
index eedbc53..fe0113e 100644
--- a/crypto/heimdal/doc/ack.texi
+++ b/crypto/heimdal/doc/ack.texi
@@ -1,6 +1,6 @@
-@c $Id: ack.texi,v 1.13 2001/01/30 01:57:31 assar Exp $
+@c $Id: ack.texi,v 1.14 2001/02/24 05:09:23 assar Exp $
 
-@node  Acknowledgments, , Windows 2000 compatability, Top
+@node  Acknowledgments, , Migration, Top
 @comment  node-name,  next,  previous,  up
 @appendix Acknowledgments
 
diff --git a/crypto/heimdal/doc/heimdal.texi b/crypto/heimdal/doc/heimdal.texi
index 3d9d4cd..6bc92a9 100644
--- a/crypto/heimdal/doc/heimdal.texi
+++ b/crypto/heimdal/doc/heimdal.texi
@@ -1,6 +1,6 @@
 \input texinfo @c -*- texinfo -*-
 @c %**start of header
-@c $Id: heimdal.texi,v 1.16 2000/07/28 15:43:36 assar Exp $
+@c $Id: heimdal.texi,v 1.17 2001/02/24 05:09:24 assar Exp $
 @setfilename heimdal.info
 @settitle HEIMDAL
 @iftex
@@ -15,7 +15,7 @@
 @c %**end of header
 
 @c not yet @include version.texi
-@set UPDATED $Date: 2000/07/28 15:43:36 $
+@set UPDATED $Date: 2001/02/24 05:09:24 $
 @set EDITION 0.1
 @set VERSION 0.3a
 
@@ -227,6 +227,7 @@ to the following restrictions:
 * Things in search for a better place::  
 * Kerberos 4 issues::           
 * Windows 2000 compatability::
+* Programming with Kerberos::
 * Migration::
 * Acknowledgments::             
 
@@ -238,8 +239,9 @@ to the following restrictions:
 @include setup.texi
 @include misc.texi
 @include kerberos4.texi
-@include migration.texi
 @include win2k.texi
+@include programming.texi
+@include migration.texi
 @include ack.texi
 
 @c @shortcontents
diff --git a/crypto/heimdal/doc/kerberos4.texi b/crypto/heimdal/doc/kerberos4.texi
index 92614c8..613e352 100644
--- a/crypto/heimdal/doc/kerberos4.texi
+++ b/crypto/heimdal/doc/kerberos4.texi
@@ -1,6 +1,6 @@
-@c $Id: kerberos4.texi,v 1.12 2001/01/30 17:07:03 assar Exp $
+@c $Id: kerberos4.texi,v 1.13 2001/02/24 05:09:24 assar Exp $
 
-@node Kerberos 4 issues, Migration, Things in search for a better place, Top
+@node Kerberos 4 issues, Windows 2000 compatability, Things in search for a better place, Top
 @comment  node-name,  next,  previous,  up
 @chapter Kerberos 4 issues
 
diff --git a/crypto/heimdal/doc/migration.texi b/crypto/heimdal/doc/migration.texi
index 90deed7..67b843a 100644
--- a/crypto/heimdal/doc/migration.texi
+++ b/crypto/heimdal/doc/migration.texi
@@ -1,6 +1,6 @@
-@c $Id: migration.texi,v 1.2 2001/01/28 22:03:36 assar Exp $
+@c $Id: migration.texi,v 1.3 2001/02/24 05:09:24 assar Exp $
 
-@node Migration, Windows 2000 compatability, Kerberos 4 issues, Top
+@node Migration, Acknowledgments, Programming with Kerberos, Top
 @chapter Migration
 
 @section General issues
diff --git a/crypto/heimdal/doc/misc.texi b/crypto/heimdal/doc/misc.texi
index 994f6f2..8b3f980 100644
--- a/crypto/heimdal/doc/misc.texi
+++ b/crypto/heimdal/doc/misc.texi
@@ -1,4 +1,4 @@
-@c $Id: misc.texi,v 1.5 2001/01/28 22:11:23 assar Exp $
+@c $Id: misc.texi,v 1.6 2001/02/24 05:09:24 assar Exp $
 
 @node Things in search for a better place, Kerberos 4 issues, Setting up a realm, Top
 @chapter Things in search for a better place
@@ -56,3 +56,9 @@ protocol.
 A working solution would be to hook up a machine with a real operating
 system to the console of the Cisco and then use it as a backwards
 terminal server.
+
+@section Making things work on Transarc AFS
+
+@subsection How to get a KeyFile
+
+@file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM}
diff --git a/crypto/heimdal/doc/programming.texi b/crypto/heimdal/doc/programming.texi
new file mode 100644
index 0000000..ffcac21
--- /dev/null
+++ b/crypto/heimdal/doc/programming.texi
@@ -0,0 +1,287 @@
+@c $Id: programming.texi,v 1.2 2001/05/16 22:11:00 assar Exp $
+
+@node Programming with Kerberos
+@chapter Programming with Kerberos
+
+First you need to know how the Kerberos model works, go read the
+introduction text (@pxref{What is Kerberos?}).
+
+@macro manpage{man, section}
+@cite{\man\(\section\)}
+@end macro
+
+@menu
+* Kerberos 5 API Overview::     
+* Walkthru a sample Kerberos 5 client::  
+* Validating a password in a server application::  
+@end menu
+
+@node Kerberos 5 API Overview, Walkthru a sample Kerberos 5 client, Programming with Kerberos, Programming with Kerberos
+@section Kerberos 5 API Overview
+
+Most functions are documenteded in manual pages.  This overview only
+tries to point to where to look for a specific function.
+
+@subsection Kerberos context
+
+A kerberos context (@code{krb5_context}) holds all per thread state. All global variables that
+are context specific are stored in this struture, including default
+encryption types, credential-cache (ticket file), and default realms.
+
+See the manual pages for @manpage{krb5_context,3} and
+@manpage{krb5_init_context,3}.
+
+@subsection Kerberos authenication context
+
+Kerberos authentication context (@code{krb5_auth_context}) holds all
+context related to an authenticated connection, in a similar way to the
+kerberos context that holds the context for the thread or process.
+
+The @code{krb5_auth_context} is used by various functions that are
+directly related to authentication between the server/client. Example of
+data that this structure contains are various flags, addresses of client
+and server, port numbers, keyblocks (and subkeys), sequence numbers,
+replay cache, and checksum types.
+
+See the manual page for @manpage{krb5_auth_context,3}.
+
+@subsection Keytab managment
+
+A keytab is a storage for locally stored keys. Heimdal includes keytab
+support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's,
+and for storing keys in memory.
+
+See also manual page for @manpage{krb5_keytab,3}
+
+@node Walkthru a sample Kerberos 5 client, Validating a password in a server application, Kerberos 5 API Overview, Programming with Kerberos
+@section Walkthru a sample Kerberos 5 client
+
+This example contains parts of a sample TCP Kerberos 5 clients, if you
+want a real working client, please look in @file{appl/test} directory in
+the Heimdal distribution.
+
+All Kerberos error-codes that are returned from kerberos functions in
+this program are passed to @code{krb5_err}, that will print a
+descriptive text of the error code and exit. Graphical programs can
+convert error-code to a humal readable error-string with the
+@manpage{krb5_get_err_text,3} function.
+
+Note that you should not use any Kerberos function before
+@code{krb5_init_context()} have completed successfully. That is the
+reson @code{err()} is used when @code{krb5_init_context()} fails.
+
+First the client needs to call @code{krb5_init_context} to initialize
+the Kerberos 5 library. This is only needed once per thread
+in the program. If the function returns a non-zero value it indicates
+that either the Kerberos implemtation is failing or its disabled on
+this host.
+
+@example
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+@{
+        krb5_context context;
+
+        if (krb5_context(&context))
+                errx (1, "krb5_context");
+@end example
+
+Now the client wants to connect to the host at the other end. The
+preferred way of doing this is using @manpage{getaddrinfo,3} (for
+operating system that have this function implemented), since getaddrinfo
+is neutral to the address type and can use any protocol that is available.
+
+@example
+        struct addrinfo *ai, *a;
+        struct addrinfo hints;
+        int error;
+
+        memset (&hints, 0, sizeof(hints));
+        hints.ai_socktype = SOCK_STREAM;
+        hints.ai_protocol = IPPROTO_TCP;
+
+        error = getaddrinfo (hostname, "pop3", &hints, &ai);
+        if (error)
+                errx (1, "%s: %s", hostname, gai_strerror(error));
+
+        for (a = ai; a != NULL; a = a->ai_next) @{
+                int s;
+
+                s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+                if (s < 0)
+                        continue;
+                if (connect (s, a->ai_addr, a->ai_addrlen) < 0) @{
+                        warn ("connect(%s)", hostname);
+                            close (s);
+                            continue;
+                @}
+                freeaddrinfo (ai);
+                ai = NULL;
+        @}
+        if (ai) @{
+                    freeaddrinfo (ai);
+                    errx ("failed to contact %s", hostname);
+        @}
+@end example
+
+Before authenticating, an authentication context needs to be
+created. This context keeps all information for one (to be) authenticated
+connection (see @manpage{krb5_auth_context,3}).
+
+@example
+        status = krb5_auth_con_init (context, &auth_context);
+        if (status)
+                krb5_err (context, 1, status, "krb5_auth_con_init");
+@end example
+
+For setting the address in the authentication there is a help function
+@code{krb5_auth_con_setaddrs_from_fd} that does everthing that is needed
+when given a connected file descriptor to the socket.
+
+@example
+        status = krb5_auth_con_setaddrs_from_fd (context,
+                                                 auth_context,
+                                                 &sock);
+        if (status)
+                krb5_err (context, 1, status, 
+                          "krb5_auth_con_setaddrs_from_fd");
+@end example
+
+The next step is to build a server principal for the service we want
+to connect to. (See also @manpage{krb5_sname_to_principal,3}.)
+
+@example
+        status = krb5_sname_to_principal (context,
+                                          hostname,
+                                          service,
+                                          KRB5_NT_SRV_HST,
+                                          &server);
+        if (status)
+                krb5_err (context, 1, status, "krb5_sname_to_principal");
+@end example
+
+The client principal is not passed to @manpage{krb5_sendauth,3}
+function, this causes the @code{krb5_sendauth} function to try to figure it
+out itself.
+
+The server program is using the function @manpage{krb5_recvauth,3} to
+receive the Kerberos 5 authenticator.
+
+In this case, mutual authenication will be tried. That means that the server
+will authenticate to the client. Using mutual authenication
+is good since it enables the user to verify that they are talking to the
+right server (a server that knows the key).
+
+If you are using a non-blocking socket you will need to do all work of
+@code{krb5_sendauth} yourself. Basically you need to send over the
+authenticator from @manpage{krb5_mk_req,3} and, in case of mutual
+authentication, verifying the result from the server with
+@manpage{krb5_rd_rep,3}.
+
+@example
+        status = krb5_sendauth (context,
+                                &auth_context,
+                                &sock,
+                                VERSION,
+                                NULL,
+                                server,
+                                AP_OPTS_MUTUAL_REQUIRED,
+                                NULL,
+                                NULL,
+                                NULL,
+                                NULL,
+                                NULL,
+                                NULL);
+        if (status)
+                krb5_err (context, 1, status, "krb5_sendauth");
+@end example
+
+Once authentication has been performed, it is time to send some
+data. First we create a krb5_data structure, then we sign it with
+@manpage{krb5_mk_safe,3} using the @code{auth_context} that contains the
+session-key that was exchanged in the
+@manpage{krb5_sendauth,3}/@manpage{krb5_recvauth,3} authentication
+sequence.
+
+@example
+        data.data   = "hej";
+        data.length = 3;
+
+        krb5_data_zero (&packet);
+
+        status = krb5_mk_safe (context,
+                               auth_context,
+                               &data,
+                               &packet,
+                               NULL);
+        if (status)
+                krb5_err (context, 1, status, "krb5_mk_safe");
+@end example
+
+And send it over the network.
+
+@example
+        len = packet.length;
+        net_len = htonl(len);
+
+        if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+                err (1, "krb5_net_write");
+        if (krb5_net_write (context, &sock, packet.data, len) != len)
+                err (1, "krb5_net_write");
+@end example
+
+To send encrypted (and signed) data @manpage{krb5_mk_priv,3} should be
+used instead. @manpage{krb5_mk_priv,3} works the same way as
+@manpage{krb5_mk_safe,3}, with the exception that it encrypts the data
+in addition to signing it.
+
+@example
+        data.data   = "hemligt";
+        data.length = 7;
+
+        krb5_data_free (&packet);
+
+        status = krb5_mk_priv (context,
+                               auth_context,
+                               &data,
+                               &packet,
+                               NULL);
+        if (status)
+                krb5_err (context, 1, status, "krb5_mk_priv");
+@end example
+
+And send it over the network.
+
+@example
+        len = packet.length;
+        net_len = htonl(len);
+
+        if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+                err (1, "krb5_net_write");
+        if (krb5_net_write (context, &sock, packet.data, len) != len)
+                err (1, "krb5_net_write");
+
+@end example
+
+The server is using @manpage{krb5_rd_safe,3} and
+@manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet.
+
+@node Validating a password in a server application,  , Walkthru a sample Kerberos 5 client, Programming with Kerberos
+@section Validating a password in an application
+
+See the manual page for @manpage{krb5_verify_user,3}.
+
+@c @node Why you should use GSS-API for new applications, Walkthru a sample GSS-API client, Validating a password in a server application, Programming with Kerberos
+@c @section Why you should use GSS-API for new applications
+@c 
+@c SSPI, bah, bah, microsoft, bah, bah, almost GSS-API.
+@c 
+@c It would also be possible for other mechanisms then Kerberos, but that
+@c doesn't exist any other GSS-API implementations today.
+@c 
+@c @node Walkthru a sample GSS-API client, , Why you should use GSS-API for new applications, Programming with Kerberos
+@c @section Walkthru a sample GSS-API client
+@c 
+@c Write about how gssapi_clent.c works.
diff --git a/crypto/heimdal/doc/setup.texi b/crypto/heimdal/doc/setup.texi
index ed14306..8a1a31b 100644
--- a/crypto/heimdal/doc/setup.texi
+++ b/crypto/heimdal/doc/setup.texi
@@ -1,4 +1,4 @@
-@c $Id: setup.texi,v 1.21 2001/01/29 04:39:46 assar Exp $
+@c $Id: setup.texi,v 1.22 2001/02/11 17:10:34 assar Exp $
 
 @node Setting up a realm, Things in search for a better place, Building and Installing, Top
 
@@ -417,7 +417,7 @@ is the same thing as no salt at all).
 
 Common types of salting includes
 
-@itemize
+@itemize @bullet
 @item @code{v4} (or @code{des:pw-salt:})
 
 The Kerberos 4 salting is using no salt att all. Reson there is colon
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-00.txt
new file mode 100644
index 0000000..5845995
--- /dev/null
+++ b/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-00.txt
@@ -0,0 +1,725 @@
+
+
+Kerberos Working Group                                         M. Swift 
+Internet Draft                                         University of WA 
+Document: draft-ietf-krb-wg-kerberos-referrals-00.txt         J. Brezak 
+Category: Standards Track                                     Microsoft 
+                                                             J. Trostle 
+                                                          Cisco Systems 
+                                                             K. Raeburn 
+                                                                    MIT 
+                                                          February 2001 
+
+ 
+           Generating KDC Referrals to locate Kerberos realms 
+ 
+ 
+Status of this Memo 
+ 
+   This document is an Internet-Draft and is in full conformance with 
+   all provisions of Section 10 of RFC2026 [1].  
+    
+   Internet-Drafts are working documents of the Internet Engineering 
+   Task Force (IETF), its areas, and its working groups. Note that 
+   other groups may also distribute working documents as Internet-
+   Drafts. Internet-Drafts are draft documents valid for a maximum of 
+   six months and may be updated, replaced, or obsoleted by other 
+   documents at any time. It is inappropriate to use Internet- Drafts 
+   as reference material or to cite them other than as "work in 
+   progress."  
+    
+   The list of current Internet-Drafts can be accessed at 
+   http://www.ietf.org/ietf/1id-abstracts.txt  
+   The list of Internet-Draft Shadow Directories can be accessed at 
+   http://www.ietf.org/shadow.html. 
+    
+1. Abstract 
+    
+   The draft documents a new method for a Kerberos Key Distribution 
+   Center (KDC) to respond to client requests for kerberos tickets when 
+   the client does not have detailed configuration information on the 
+   realms of users or services. The KDC will handle requests for 
+   principals in other realms by returning either a referral error or a 
+   cross-realm TGT to another realm on the referral path. The clients 
+   will use this referral information to reach the realm of the target 
+   principal and then receive the ticket. 
+    
+2. Conventions used in this document 
+    
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
+   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
+   this document are to be interpreted as described in RFC-2119 [2]. 
+    
+3. Introduction 
+    
+
+
+  
+Swift                 Category - Standards Track                     1 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+   Current implementations of the Kerberos AS and TGS protocols, as 
+   defined in RFC 1510 [3], use principal names constructed from a 
+   known user or service name and realm. A service name is typically 
+   constructed from a name of the service and the DNS host name of the 
+   computer that is providing the service. Many existing deployments of 
+   Kerberos use a single Kerberos realm where all users and services 
+   would be using the same realm. However in an environment where there 
+   are multiple trusted Kerberos realms, the client needs to be able to 
+   determine what realm a particular user or service is in before 
+   making an AS or TGS request. Traditionally this requires client 
+   configuration to make this possible. 
+    
+   When having to deal with multiple trusted realms, users are forced 
+   to know what realm they are in before they can obtain a ticket 
+   granting ticket (TGT) with an AS request. However, in many cases the 
+   user would like to use a more familiar name that is not directly 
+   related to the realm of their Kerberos principal name. A good 
+   example of this is an RFC-822 style email name. This document 
+   describes a mechanism that would allow a user to specify a user 
+   principal name that is an alias for the user's Kerberos principal 
+   name. In practice this would be the name that the user specifies to 
+   obtain a TGT from a Kerberos KDC. The user principal name no longer 
+   has a direct relationship with the Kerberos principal or realm. Thus 
+   the administrator is able to move the user's principal to other 
+   realms without the user having to know that it happened. 
+    
+   Once a user has a TGT, they would like to be able to access services 
+   in any trusted Kerberos realm. To do this requires that the client 
+   be able to determine what realm the target service's host is in 
+   before making the TGS request. Current implementations of Kerberos 
+   typically have a table that maps DNS host names to corresponding 
+   Kerberos realms. In order for this to work on the client, each 
+   application canonicalizes the host name of the service by doing a 
+   DNS lookup followed by a reverse lookup using the returned IP 
+   address. The returned primary host name is then used in the 
+   construction of the principal name for the target service. In order 
+   for the correct realm to be added for the target host, the mapping 
+   table [domain_to_realm] is consulted for the realm corresponding to 
+   the DNS host name. The corresponding realm is then used to complete 
+   the target service principal name. 
+    
+   This traditional mechanism requires that each client have very 
+   detailed configuration information about the hosts that are 
+   providing services and their corresponding realms. Having client 
+   side configuration information can be very costly from an 
+   administration point of view - especially if there are many realms 
+   and computers in the environment. 
+    
+   Current implementations of Kerberos also have difficulty with 
+   services on hosts that can have multiple host names (multi-homed 
+   hosts). Traditionally, each host name would need to have a distinct 
+   principal and a corresponding key. An extreme example of this would 
+   be a Web server with multiple host names for each domain that it is 
+  
+Swift                 Category - Standards Track                     2 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+   supporting. Principal aliases allow multi-homed hosts to have a 
+   single Kerberos principal (with a single key) that can have 
+   identities for each distinct host name. This mechanism allows the 
+   Kerberos client to request a service ticket for the distinct 
+   hostname and allows the KDC to return a ticket for the single 
+   principal that the host is using. This canonical principal name 
+   allows the host to only have to manage a single key for all of the 
+   identities that it supports. In addition, the client only needs to 
+   know the realm of the canonical service name, not all of the 
+   identities. 
+    
+   This draft proposes a solution for these problems and simplifies 
+   administration by minimizing the configuration information needed on 
+   each computer using Kerberos. Specifically it describes a mechanism 
+   to allow the KDC to handle Canonicalization of names, provide for 
+   principal aliases for users and services and provide a mechanism for 
+   the KDC to determine the trusted realm authentication path by being 
+   able to generate referrals to other realms in order to locate 
+   principals. 
+    
+   To rectify these problems, this draft introduces three new kinds of   
+   KDC referrals: 
+        
+   1. AS ticket referrals, in which the client doesn't know which realm 
+      contains a user account.  
+   2. TGS ticket referrals, in which the client doesn't know which 
+      realm contains a server account.  
+   3. Cross realm shortcut referrals, in which the KDC chooses the next 
+      path on a referral chain 
+    
+4. Realm Organization Model 
+    
+   This draft assumes that the world of principals is arranged on 
+   multiple levels: the realm, the enterprise, and the world. A KDC may 
+   issue tickets for any principal in its realm or cross-realm tickets 
+   for realms with which it has a direct trust relationship. The KDC 
+   also has access to a trusted name service that can resolve any name 
+   from within its enterprise into a realm. This trusted name service 
+   removes the need to use an untrusted DNS lookup for name resolution. 
+    
+   For example, consider the following configuration, where lines 
+   indicate trust relationships: 
+    
+                  MS.COM  
+                /        \ 
+               /          \ 
+        OFFICE.MS.COM    NT.MS.COM 
+    
+   In this configuration, all users in the MS.COM enterprise could have 
+   a principal name such as alice@MS.COM, with the same realm portion. 
+   In addition, servers at MS.COM should be able to have DNS host names 
+   from any DNS domain independent of what Kerberos realm their 
+   principal resides in. 
+  
+Swift                 Category - Standards Track                     3 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+    
+5. Principal Names 
+    
+5.1 Service Principal Names 
+    
+   The standard Kerberos model in RFC 1510 [3] gives each Kerberos 
+   principal a single name. However, if a service is reachable by 
+   several addresses, it is useful for a principal to have multiple 
+   names. Consider a service running on a multi-homed machine. Rather 
+   than requiring a separate principal and password for each name it 
+   exports, a single account with multiple names could be used. 
+    
+   Multiple names are also useful for services in that clients need not 
+   perform DNS lookups to resolve a host name into a full DNS address. 
+   Instead, the service may have a name for each of its supported host 
+   names, including its IP address. Nonetheless, it is still convenient 
+   for the service to not have to be aware of all these names. Thus a 
+   new name may be added to DNS for a service by updating DNS and the 
+   KDC database without having to notify the service. In addition, it 
+   implies that these aliases are globally unique: they do not include 
+   a specifier dictating what realm contains the principal. Thus, an 
+   alias for a server is of the form "class/instance/name" and may be 
+   transmitted as any name type. 
+    
+5.2 Client Principal Names 
+    
+   Similarly, a client account may also have multiple principal names. 
+   More useful, though, is a globally unique name that allows 
+   unification of email and security principal names. For example, all 
+   users at MS may have a client principal name of the form 
+   "joe@MS.COM" even though the principals are contained in multiple 
+   realms. This global name is again an alias for the true client 
+   principal name, which is indicates what realm contains the 
+   principal. Thus, accounts "alice" in the realm ntdev.MS.COM and 
+   "bob" in office.MS.COM may logon as "alice@MS.COM" and "bob@MS.COM". 
+   This requires a new client principal name type, as the AS-REQ 
+   message only contains a single realm field, and the realm portion of 
+   this name doesn't correspond to any Kerberos realm. Thus, the entire 
+   name "alice@MS.COM" is transmitted in the client name field of the 
+   AS-REQ message, with a name type of KRB-NT-ENTERPRISE-PRINCIPAL. 
+    
+        KRB-NT-ENTERPRISE-PRINCIPAL     10 
+    
+5.3 Name Canonicalization 
+    
+   In order to support name aliases, the Kerberos client must 
+   explicitly request the name-canonicalization KDC option (bit 15) in 
+   the ticket flags for the TGS-REQ. This flag indicates to the KDC 
+   that the client is prepared to receive a reply with a different 
+   client or server principal name than the request. Thus, the 
+   KDCOptions types is redefined as: 
+    
+        KDCOptions ::=   BIT STRING { 
+  
+Swift                 Category - Standards Track                     4 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+                          reserved(0), 
+                          forwardable(1), 
+                          forwarded(2), 
+                          proxiable(3), 
+                          proxy(4), 
+                          allow-postdate(5), 
+                          postdated(6), 
+                          unused7(7), 
+                          renewable(8), 
+                          unused9(9), 
+                          unused10(10), 
+                          unused11(11), 
+                          name-canonicalize(15), 
+                          renewable-ok(27), 
+                          enc-tkt-in-skey(28), 
+                          renew(30), 
+                          validate(31) 
+         } 
+    
+6. Client Referrals 
+    
+   The simplest form of ticket referral is for a user requesting a 
+   ticket using an AS-REQ. In this case, the client machine will send 
+   the AS request to a convenient trusted realm, either the realm of 
+   the client machine or the realm of the client name. In the case of 
+   the name Alice@MS.COM, the client may optimistically choose to send 
+   the request to MS.COM. 
+    
+   The client will send the string "alice@MS.COM" in the client 
+   principal name field using the KRB-NT-ENTERPRISE-PRINCIPAL name type 
+   with the crealm set to MS.COM. The KDC will try to lookup the name 
+   in its local account database. If the account is present in the 
+   crealm of the request, it MUST return a KDC reply structure with the 
+   appropriate ticket. If the account is not present in the crealm 
+   specified in the request and the name-canonicalize flag in the 
+   KDCoptions is set, the KDC will try to lookup the entire name, 
+   Alice@MS.COM, using a name service. If this lookup is unsuccessful, 
+   it MUST return the error KDC_ERR_C_PRINCIPAL_UNKNOWN. If the lookup 
+   is successful, it MUST return an error KDC_ERR_WRONG_REALM (0x44) 
+   and in the error message the cname and crealm field MUST contain the 
+   client name and the true realm of the client. If the KDC contains 
+   the account locally, it MUST return a normal ticket. The client name 
+   and realm portions of the ticket and KDC reply message MUST be the 
+   client's true name in the realm, not the globally unique name. 
+    
+   If the client receives a KDC_ERR_WRONG_REALM error, it will issue a 
+   new AS request with the same client principal name used to generate 
+   the first referral to the realm specified by the crealm field of the 
+   kerberos error message from the first request. This request MUST 
+   produce a valid AS response with a ticket for the canonical user 
+   name. The ticket MUST also include the ticket extension containing 
+   the TE-REFERRAL-DATA with the referred-names set to the name from 
+
+  
+Swift                 Category - Standards Track                     5 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+   the AS request. Any other error or referral will terminate the 
+   request and result in a failed AS request. 
+    
+7. Server Referrals 
+    
+   The server referral mechanism is a bit more complex than the client 
+   referral mechanism. The primary problem is that the KDC must return 
+   a referral ticket rather than an error message, so it will include 
+   in the TGS response information about what realm contains the 
+   service. This is done by returning information about the server name 
+   in the pre-auth data field of the KDC reply. 
+    
+   If the KDC resolves the server principal name into a principal in 
+   its realm, it may return a normal ticket. If the name-canonicalize 
+   flag in the KDCoptions is not set, then the KDC MUST only look up 
+   the name as a normal principal name. Otherwise, it MUST search all 
+   aliases as well. The server principal name in both the ticket and 
+   the KDC reply MUST be the true server principal name instead of one 
+   of the aliases. This frees the application server from needing to 
+   know about all its aliases. 
+    
+   If the name-canonicalize flag in the KDCoptions is set and the KDC 
+   doesn't find the principal locally, the KDC can return a cross-realm 
+   ticket granting ticket to the next hop on the trust path towards a 
+   realm that may be able to resolve the principal name. 
+    
+   If the KDC can determine the service principal's realm, it can 
+   return the server realm as ticket extension data. The ticket 
+   extension MUST be encrypted using the session key from the ticket, 
+   and the same etype as is used to protect the TGS reply body. 
+    
+   The data itself is an ASN.1 encoded structure containing the 
+   server's realm, and if known, canonical principal name and alias 
+   names. The first name in the sequence is the canonical principal 
+   name. 
+    
+                TE-REFERRAL-INFO        20 
+                 
+                TE-REFERRAL-DATA ::= SEQUENCE { 
+                        referred-server-realm[0]  KERB-REALM 
+                        referred-names[1]         SEQUENCE OF 
+                        PrincipalNames OPTIONAL 
+                } 
+    
+    
+   The client can use this information to request a chain of cross-
+   realm ticket granting tickets until it reaches the realm of the 
+   server, and can then expect to receive a valid service ticket. 
+    
+   In order to facilitate cross-realm interoperability, a client SHOULD 
+   NOT send short names in TGS requests to the KDC. A short name is 
+   defined as a Kerberos name that includes a DNS name that is not 
+   fully qualified. The client MAY use forward DNS lookups to obtain 
+  
+Swift                 Category - Standards Track                     6 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+   the long name that corresponds to the user entered short name (the 
+   short name will be a prefix of the corresponding long name). 
+    
+   The client may use the referred-names field to tell if it already 
+   has a ticket to the server in its ticket cache. 
+    
+   The client can use this information to request a chain of cross-
+   realm ticket granting tickets until it reaches the realm of the 
+   server, and can then expect to receive a valid service ticket. 
+   However an implementation should limit the number of referrals that 
+   it processes to avoid infinite referral loops. A suggested limit is 
+   5 referrals before giving up. 
+    
+8. Cross Realm Routing 
+    
+   The current Kerberos protocol requires the client to explicitly 
+   request a cross-realm TGT for each pair of realms on a referral 
+   chain. As a result, the client machines need to be aware of the 
+   trust hierarchy and of any short-cut trusts (those that aren't 
+   parent-child trusts). This requires more configurations on the 
+   client. Instead, the client should be able to request a TGT to the 
+   target realm from each realm on the route. The KDC will determine 
+   the best path for the client and return a cross-realm TGT. The 
+   client has to be aware that a request for a cross-realm TGT may 
+   return a TGT for a realm different from the one requested. 
+    
+9. Security Considerations 
+ 
+   The original Kerberos specification stated that the server principal 
+   name in the KDC reply was the same as the server name in the 
+   request. These protocol changes break that assumption, so the client 
+   may be vulnerable to a denial of service attack by an attacker that 
+   replays replies from previous requests. It can verify that the 
+   request was one of its own by checking the client-address field or 
+   authtime field, though, so the damage is limited and detectable. 
+    
+   For the AS exchange case, it is important that the logon mechanism 
+   not trust a name that has not been used to authenticate the user. 
+   For example, the name that the user enters as part of a logon 
+   exchange may not be the name that the user authenticates as, given 
+   that the KDC_ERR_WRONG_REALM error may have been returned. The 
+   relevant Kerberos naming information for logon (if any), is the 
+   client name and client realm in the service ticket targeted at the 
+   workstation that was obtained using the user's initial TGT. 
+    
+   How the client name and client realm is mapped into a local account 
+   for logon is a local matter, but the client logon mechanism MUST use 
+   additional information such as the client realm and/or authorization 
+   attributes from the service ticket presented to the workstation by 
+   the user, when mapping the logon credentials to a local account on 
+   the workstation. 
+    
+10. Discussion 
+  
+Swift                 Category - Standards Track                     7 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+ 
+   This section contains issues and suggestions that need to be 
+   incorporated into this draft. From Ken Raeburn [raeburn@mit.edu]: 
+    
+   1) No means to do name canonicalization if you're not 
+      authenticating. Is it okay to require credentials in order to do 
+      canonicalization? If so, how about this: Send a TGS_REQ for the 
+      service name you have.  If you get back a TGS_REP for a service, 
+      great; pull out the name and throw out the credentials.  If you 
+      get back a TGS_REP for a TGT service, ask again in the specified 
+      realm.  If you get back a KRB_ERROR because policy prohibits you 
+      from authenticating to that service, we can add to the 
+      specification that the {realm,sname} in the KRB_ERROR must be the 
+      canonical name, and the checksum must be used.  As long as the 
+      checksum is present, it's still a secure exchange with the KDC.  
+       
+      If we have to be able to do name canonicalization without any 
+      sort of credentials, either client-side (tickets) or server-side 
+      (tickets automatically acquired via service key), I think we just 
+      lose. But maybe GSSAPI should be changed if that's the case. 
+    
+   2) Can't refer to another realm and specify a different service name 
+      to give to that realm's KDC.  The local KDC can tell you a 
+      different service name or a different realm name, but not both. 
+      This comes up in the "gnuftp.raeburn.org CNAME ftp.gnu.org" type 
+      of case I've mentioned. 
+       
+      Except ... the KDC-REP structure includes padata and ticket 
+      extensions fields that are extensible.  We could add a required 
+      value to one of them -- perhaps only in the case where you return 
+      a TGT when not asked -- that contains signed information about 
+      the principal name to ask for in the other realm.  (It would have 
+      to be required, otherwise a man-in-the-middle could make it go 
+      away.) Signing would be done using the session key for the TGS. 
+    
+   3) Secure canonicalization of service name in AS_REQ. If the 
+      response is an AS_REP, we need a way to tell that the altered 
+      server name wasn't a result of a MITM attack on the AS_REQ 
+      message.  Again, the KDC-REP extensible fields could have a new 
+      required value added when name canonicalization happens, 
+      indicating what the original principal name (in the AS_REQ 
+      message) was, and signed using the same key as protects the 
+      AS_REP.  If it doesn't match what the client requested, the 
+      messages were altered in transit. 
+    
+   4) Client name needs referral to another realm, and server name 
+      needs canonicalization of some sort. The above fixes wouldn't 
+      work for this case, and I'm not even sure which KDC should be 
+      doing the canonicalization anyways. 
+    
+    
+   The other-principal-name datum would probably look something like: 
+    
+  
+Swift                 Category - Standards Track                     8 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+       PrincipalAndNonce ::= SEQUENCE { 
+                    name[0]     PrincipalName, 
+                    nonce[1]    INTEGER         -- copied from KDC_REQ 
+       } 
+       SignedPrincipal ::= SEQUENCE { 
+                    name-and-nonce[0]   PrincipalAndNonce, 
+                    cksum[1]    Checksum 
+       } 
+       {PA,TE}-ORIGINAL-SERVER-PRINCIPAL ::= SignedPrincipal 
+       {PA,TE}-REMOTE-SERVER-PRINCIPAL ::= SignedPrincipal 
+    
+   with the checksum computed over the encoding of the 'name-and-nonce' 
+   field, and appropriate PA- or TE- numbers assigned.  I don't have a 
+   strong opinion on whether it'd be a pa-data or ticket extension; 
+   conceptually it seems like an abuse of either, but, well, I think 
+   I'd rather abuse them than leave the facility both in and 
+   inadequate. 
+    
+   The nonce is needed because multiple exchanges may be made with the 
+   same key, and these extension fields aren't packed in with the other 
+   encrypted data in the same response, so a MITM could pick apart 
+   multiple messages and mix-and-match components.  (In a TGS_REQ 
+   exchange, a subsession key would help, but it's not required.) 
+    
+   The extension field would be required to prevent a MITM from 
+   discarding the field from a response; a flag bit in a protected part 
+   of the message (probably in 'flags' in EncKDCRepPart) could also let 
+   us know of a cases where the information can be omitted, namely, 
+   when no name change is done.  Perhaps the bit should be set to 
+   indicate that a name change *was* done, and clear if it wasn't, 
+   making the no-change case more directly compatible with RFC1510. 
+ 
+11. References 
+    
+ 
+   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
+      9, RFC 2026, October 1996. 
+    
+   2  Bradner, S., "Key words for use in RFCs to Indicate Requirement 
+      Levels", BCP 14, RFC 2119, March 1997 
+    
+   3  Kohl, J., Neuman, C., "The Kerberos Network Authentication 
+      Service (V5)", RFC 1510, September 1993 
+    
+    
+12. Author's Addresses 
+    
+   Michael Swift 
+   University of Washington 
+   Seattle, Washington 
+   Email: mikesw@cs.washington.edu 
+    
+   John Brezak 
+  
+Swift                 Category - Standards Track                     9 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+   Microsoft 
+   One Microsoft Way 
+   Redmond, Washington 
+   Email: jbrezak@Microsoft.com 
+    
+   Jonathan Trostle 
+   Cisco Systems 
+   170 W. Tasman Dr. 
+   San Jose, CA 95134 
+   Email: jtrostle@cisco.com 
+    
+   Kenneth Raeburn 
+   Massachusetts Institute of Technology 77 
+   Massachusetts Avenue 
+   Cambridge, Massachusetts 02139 
+   Email: raeburn@mit.edu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+Swift                 Category - Standards Track                    10 
+
+
+
+
+
+
+
+
+                            KDC Referrals               February 2001 
+ 
+ 
+   Full Copyright Statement 
+
+   Copyright (C) The Internet Society (1999).  All Rights Reserved. 
+    
+   This document and translations of it may be copied and furnished to 
+   others, and derivative works that comment on or otherwise explain it 
+   or assist in its implementation may be prepared, copied, published 
+   and distributed, in whole or in part, without restriction of any 
+   kind, provided that the above copyright notice and this paragraph 
+   are included on all such copies and derivative works.  However, this   
+   document itself may not be modified in any way, such as by removing   
+   the copyright notice or references to the Internet Society or other   
+   Internet organizations, except as needed for the purpose of 
+   developing Internet standards in which case the procedures for 
+   copyrights defined in the Internet Standards process must be 
+   followed, or as required to translate it into languages other than 
+   English. 
+    
+   The limited permissions granted above are perpetual and will not be 
+   revoked by the Internet Society or its successors or assigns. 
+    
+   This document and the information contained herein is provided on an 
+   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
+   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
+   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
+   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
+   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 
+    
+    
+    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+Swift                 Category - Standards Track                    11 
+
+
+
+
+
+
+
diff --git a/crypto/heimdal/doc/win2k.texi b/crypto/heimdal/doc/win2k.texi
index baa1b47..1d48677 100644
--- a/crypto/heimdal/doc/win2k.texi
+++ b/crypto/heimdal/doc/win2k.texi
@@ -1,6 +1,6 @@
-@c $Id: win2k.texi,v 1.12 2001/01/28 22:10:35 assar Exp $
+@c $Id: win2k.texi,v 1.13 2001/02/24 05:09:24 assar Exp $
 
-@node Windows 2000 compatability, Acknowledgments, Migration, Top
+@node Windows 2000 compatability, Programming with Kerberos, Kerberos 4 issues, Top
 @comment  node-name,  next,  previous,  up
 @chapter Windows 2000 compatability
 
diff --git a/crypto/heimdal/include/Makefile.in b/crypto/heimdal/include/Makefile.in
index 705f743..b335bc8 100644
--- a/crypto/heimdal/include/Makefile.in
+++ b/crypto/heimdal/include/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -184,6 +185,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
 CHECK_LOCAL = 
 
 SUBDIRS = kadm5
@@ -264,12 +267,13 @@ config.h.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 
 GZIP_ENV = --best
+DIST_SUBDIRS =  $(SUBDIRS)
 SOURCES = bits.c
 OBJECTS = bits.$(OBJEXT)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile
 
@@ -400,11 +404,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -450,6 +459,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/include/config.h.in b/crypto/heimdal/include/config.h.in
index 069bc3f..151344d 100644
--- a/crypto/heimdal/include/config.h.in
+++ b/crypto/heimdal/include/config.h.in
@@ -88,6 +88,12 @@
 /* Define if you have the <bsdsetjmp.h> header file. */
 #undef HAVE_BSDSETJMP_H
 
+/* Define if you have the `bswap16' function. */
+#undef HAVE_BSWAP16
+
+/* Define if you have the `bswap32' function. */
+#undef HAVE_BSWAP32
+
 /* Define if you have the <capability.h> header file. */
 #undef HAVE_CAPABILITY_H
 
@@ -256,6 +262,9 @@
 /* Define if you have the `getopt' function. */
 #undef HAVE_GETOPT
 
+/* Define if you have the `getprogname' function. */
+#undef HAVE_GETPROGNAME
+
 /* Define if you have the `getpwnam_r' function. */
 #undef HAVE_GETPWNAM_R
 
@@ -281,7 +290,7 @@
 #undef HAVE_GETUSERSHELL
 
 /* define if you have a glob() that groks GLOB_BRACE, GLOB_NOCHECK,
-   GLOB_QUOTE, and GLOB_TILDE */
+   GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT */
 #undef HAVE_GLOB
 
 /* Define if you have the `grantpt' function. */
@@ -374,9 +383,6 @@
 /* Define if you have the `memmove' function. */
 #undef HAVE_MEMMOVE
 
-/* Define if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
 /* Define if you have the `mkstemp' function. */
 #undef HAVE_MKSTEMP
 
@@ -554,6 +560,9 @@
 /* Define if you have the `setproctitle' function. */
 #undef HAVE_SETPROCTITLE
 
+/* Define if you have the `setprogname' function. */
+#undef HAVE_SETPROGNAME
+
 /* Define if you have the `setregid' function. */
 #undef HAVE_SETREGID
 
@@ -608,9 +617,6 @@
 /* Define if you have the <standards.h> header file. */
 #undef HAVE_STANDARDS_H
 
-/* Define if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
 /* Define if you have the `strcasecmp' function. */
 #undef HAVE_STRCASECMP
 
@@ -623,12 +629,6 @@
 /* Define if you have the `strftime' function. */
 #undef HAVE_STRFTIME
 
-/* Define if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
 /* Define if you have the `strlcat' function. */
 #undef HAVE_STRLCAT
 
@@ -752,6 +752,9 @@
 /* Define if you have the <sys/bitypes.h> header file. */
 #undef HAVE_SYS_BITYPES_H
 
+/* Define if you have the <sys/bswap.h> header file. */
+#undef HAVE_SYS_BSWAP_H
+
 /* Define if you have the <sys/capability.h> header file. */
 #undef HAVE_SYS_CAPABILITY_H
 
@@ -1295,3 +1298,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
 #  define WORDS_BIGENDIAN 1
 #  endif
 #endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/heimdal/include/kadm5/Makefile.in b/crypto/heimdal/include/kadm5/Makefile.in
index 02f8027..384afce 100644
--- a/crypto/heimdal/include/kadm5/Makefile.in
+++ b/crypto/heimdal/include/kadm5/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 CLEANFILES = admin.h kadm5_err.h private.h
@@ -207,7 +210,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign include/kadm5/Makefile
 
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog
index f28577c..ccc615e 100644
--- a/crypto/heimdal/kadmin/ChangeLog
+++ b/crypto/heimdal/kadmin/ChangeLog
@@ -1,3 +1,46 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
+
+2001-05-15  Assar Westerlund  <assar@sics.se>
+
+	* kadmin.c (main): some error cleaning required
+
+2001-05-14  Assar Westerlund  <assar@sics.se>
+
+	* kadmind.c: new krb5_config_parse_file
+	* kadmin.c: new krb5_config_parse_file
+	* kadm_conn.c: update to new krb5_sockaddr2address
+
+2001-05-07  Assar Westerlund  <assar@sics.se>
+
+	* kadmin_locl.h (foreach_principal): update prototype
+	* get.c (getit): new foreach_principal
+	* ext.c (ext_keytab): new foreach_principal
+	* del.c (del_entry): new foreach_principal
+	* cpw.c (cpw_entry): new foreach_principal
+	* util.c (foreach_principal): add `funcname' and try printing the
+	error string
+
+2001-05-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* rename.c: fix argument number test
+	
+2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* del_enctype.c: fix argument count check after getarg change;
+	spotted by mark@MCS.VUW.AC.NZ
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* kadmind.c (main): use a `struct sockaddr_storage' to be able to
+	store all types of addresses
+
+2001-02-07  Assar Westerlund  <assar@sics.se>
+
+	* kadmin.c: add --keytab / _K, from Leif Johansson
+	<leifj@it.su.se>
+
 2001-01-29  Assar Westerlund  <assar@sics.se>
 
 	* kadm_conn.c (spawn_child): close the newly created socket in the
diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in
index 1e84e56..dd2ec13 100644
--- a/crypto/heimdal/kadmin/Makefile.in
+++ b/crypto/heimdal/kadmin/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 sbin_PROGRAMS = kadmin
@@ -331,7 +334,7 @@ OBJECTS = $(am_add_random_users_OBJECTS) $(am_kadmin_OBJECTS) $(am_kadmind_OBJEC
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign kadmin/Makefile
 
@@ -509,6 +512,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c
index 24cde70..f0b7f4c 100644
--- a/crypto/heimdal/kadmin/add-random-users.c
+++ b/crypto/heimdal/kadmin/add-random-users.c
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: add-random-users.c,v 1.2 2000/12/31 07:43:39 assar Exp $");
+RCSID("$Id: add-random-users.c,v 1.3 2001/02/20 01:44:49 assar Exp $");
 
 #define WORDS_FILENAME "/usr/share/dict/words"
 
@@ -146,7 +146,7 @@ main(int argc, char **argv)
 {
     int optind = 0;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
 	usage(1);
     if (help_flag)
diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c
index 3abc1d1..06200d6 100644
--- a/crypto/heimdal/kadmin/cpw.c
+++ b/crypto/heimdal/kadmin/cpw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: cpw.c,v 1.11 2000/04/12 10:45:54 assar Exp $");
+RCSID("$Id: cpw.c,v 1.12 2001/05/07 05:30:23 assar Exp $");
 
 struct cpw_entry_data {
     int random_key;
@@ -202,7 +202,7 @@ cpw_entry(int argc, char **argv)
     argv += optind;
 
     for(i = 0; i < argc; i++)
-	ret = foreach_principal(argv[i], do_cpw_entry, &data);
+	ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
 
     if (data.key_data) {
 	int16_t dummy;
diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c
index 9d7e91b..1697656 100644
--- a/crypto/heimdal/kadmin/del.c
+++ b/crypto/heimdal/kadmin/del.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: del.c,v 1.5 2000/09/10 19:17:00 joda Exp $");
+RCSID("$Id: del.c,v 1.6 2001/05/07 05:30:50 assar Exp $");
 
 static int
 do_del_entry(krb5_principal principal, void *data)
@@ -75,6 +75,6 @@ del_entry(int argc, char **argv)
     }
 
     for(i = 1; i < argc; i++)
-	ret = foreach_principal(argv[i], do_del_entry, NULL);
+	ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
     return 0;
 }
diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c
index 1333a4d..985cc84 100644
--- a/crypto/heimdal/kadmin/del_enctype.c
+++ b/crypto/heimdal/kadmin/del_enctype.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: del_enctype.c,v 1.6 2000/09/10 19:17:23 joda Exp $");
+RCSID("$Id: del_enctype.c,v 1.7 2001/04/19 07:26:52 joda Exp $");
 
 /*
  * del_enctype principal enctypes...
@@ -73,7 +73,7 @@ del_enctype(int argc, char **argv)
 	usage ();
 	return 0;
     }
-    if(argc - optind < 3 || help_flag) {
+    if(argc - optind < 2 || help_flag) {
 	usage ();
 	return 0;
     }
diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c
index 9d2be17..6b3f3af 100644
--- a/crypto/heimdal/kadmin/ext.c
+++ b/crypto/heimdal/kadmin/ext.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: ext.c,v 1.5 2000/01/02 03:58:02 assar Exp $");
+RCSID("$Id: ext.c,v 1.6 2001/05/07 05:31:12 assar Exp $");
 
 struct ext_keytab_data {
     krb5_keytab keytab;
@@ -107,10 +107,9 @@ ext_keytab(int argc, char **argv)
     argv += optind;
 
     for(i = 0; i < argc; i++) 
-	foreach_principal(argv[i], do_ext_keytab, &data);
+	foreach_principal(argv[i], do_ext_keytab, "ext", &data);
 
     krb5_kt_close(context, data.keytab);
 
     return 0;
 }
-
diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c
index 7ecea7c..30eea9d 100644
--- a/crypto/heimdal/kadmin/get.c
+++ b/crypto/heimdal/kadmin/get.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -34,7 +34,7 @@
 #include "kadmin_locl.h"
 #include <parse_units.h>
 
-RCSID("$Id: get.c,v 1.12 2000/12/15 14:24:24 joda Exp $");
+RCSID("$Id: get.c,v 1.13 2001/05/07 05:31:43 assar Exp $");
 
 struct get_entry_data {
     void (*header)(void);
@@ -270,7 +270,7 @@ getit(const char *name, int terse_flag, int argc, char **argv)
     argv += optind;
 
     for(i = 0; i < argc; i++)
-	ret = foreach_principal(argv[i], do_get_entry, &data);
+	ret = foreach_principal(argv[i], do_get_entry, "get", &data);
     return 0;
 usage:
     arg_printusage (args, num_args, name, "principal...");
diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c
index 28bf177..3914822 100644
--- a/crypto/heimdal/kadmin/kadm_conn.c
+++ b/crypto/heimdal/kadmin/kadm_conn.c
@@ -36,7 +36,7 @@
 #include <sys/wait.h>
 #endif
 
-RCSID("$Id: kadm_conn.c,v 1.11 2001/01/29 08:43:01 assar Exp $");
+RCSID("$Id: kadm_conn.c,v 1.13 2001/05/16 22:06:44 assar Exp $");
 
 struct kadm_port {
     char *port;
@@ -137,14 +137,14 @@ spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
 	krb5_warn(context, errno, "accept");
 	return 1;
     }
-    e = krb5_sockaddr2address(sa, &addr);
+    e = krb5_sockaddr2address(context, sa, &addr);
     if(e)
 	krb5_warn(context, e, "krb5_sockaddr2address");
     else {
 	e = krb5_print_address (&addr, buf, sizeof(buf), 
 				&buf_len);
 	if(e) 
-	    krb5_warn(context, e, "krb5_sockaddr2address");
+	    krb5_warn(context, e, "krb5_print_address");
 	else
 	    krb5_warnx(context, "connection from %s", buf);
 	krb5_free_address(context, &addr);
@@ -243,7 +243,8 @@ start_server(krb5_context context)
 	}
 
 	if(e) {
-	    krb5_warn(context, krb5_eai_to_heim_errno(e), "%s", portstr);
+	    krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
+		      "%s", portstr);
 	    continue;
 	}
 	i = 0;
diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8
index fb23cfe..67072af 100644
--- a/crypto/heimdal/kadmin/kadmin.8
+++ b/crypto/heimdal/kadmin/kadmin.8
@@ -1,4 +1,4 @@
-.\" $Id: kadmin.8,v 1.2 2000/09/19 12:29:48 assar Exp $
+.\" $Id: kadmin.8,v 1.5 2001/06/08 21:27:57 joda Exp $
 .\"
 .Dd September 10, 2000
 .Dt KADMIN 8
@@ -9,23 +9,33 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string Oc
+.Fl -principal= Ns Ar string
+.Xc
+.Oc
+.Oo Fl K Ar string \*(Ba Xo
+.Fl -keytab= Ns Ar string
 .Xc
+.Oc
 .Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file Oc
+.Fl -config-file= Ns Ar file
 .Xc
+.Oc
 .Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file Oc
+.Fl -key-file= Ns Ar file
 .Xc
+.Oc
 .Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm Oc
+.Fl -realm= Ns Ar realm
 .Xc
+.Oc
 .Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host Oc
+.Fl -admin-server= Ns Ar host
 .Xc
+.Oc
 .Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number Oc
+.Fl -server-port= Ns Ar port number
 .Xc
+.Oc
 .Op Fl l | Fl -local
 .Op Fl h | Fl -help
 .Op Fl v | Fl -version
@@ -47,6 +57,11 @@ Supported options:
 .Xc
 principal to authenticate as
 .It Xo
+.Fl K Ar string Ns ,
+.Fl -keytab= Ns Ar string
+.Xc
+keytab for authentication pricipal
+.It Xo
 .Fl c Ar file Ns ,
 .Fl -config-file= Ns Ar file
 .Xc
@@ -90,8 +105,9 @@ will prompt for commands to process. Commands include:
 .Op Fl r | Fl -random-key
 .Op Fl -random-password
 .Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string Oc
+.Fl -password= Ns Ar string
 .Xc
+.Oc
 .Op Fl -key= Ns Ar string
 .Op Fl -max-ticket-life= Ns Ar lifetime
 .Op Fl -max-renewable-life= Ns Ar lifetime
@@ -108,8 +124,9 @@ creates a new principal
 .Op Fl r | Fl -random-key
 .Op Fl -random-password
 .Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string Oc
+.Fl -password= Ns Ar string
 .Xc
+.Oc
 .Op Fl -key= Ns Ar string
 .Ar principal...
 .Pp
@@ -134,8 +151,9 @@ belonging to the principal is known to not handle certain enctypes
 .Pp
 .Nm ext_keytab
 .Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string Oc
+.Fl -keytab= Ns Ar string
 .Xc
+.Oc
 .Ar principal...
 .Pp
 .Bd -ragged -offset indent
@@ -163,8 +181,9 @@ renames a principal
 .Pp
 .Nm modify
 .Oo Fl a Ar attributes \*(Ba Xo
-.Fl -attributes= Ns Ar attributes Oc
+.Fl -attributes= Ns Ar attributes
 .Xc
+.Oc
 .Op Fl -max-ticket-life= Ns Ar lifetime
 .Op Fl -max-renewable-life= Ns Ar lifetime
 .Op Fl -expiration-time= Ns Ar time
diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c
index 5a21ffb..058187c 100644
--- a/crypto/heimdal/kadmin/kadmin.c
+++ b/crypto/heimdal/kadmin/kadmin.c
@@ -34,7 +34,7 @@
 #include "kadmin_locl.h"
 #include <sl.h>
 
-RCSID("$Id: kadmin.c,v 1.34 2001/01/26 22:20:52 joda Exp $");
+RCSID("$Id: kadmin.c,v 1.38 2001/05/15 06:34:35 assar Exp $");
 
 static char *config_file;
 static char *keyfile;
@@ -45,10 +45,13 @@ static char *realm;
 static char *admin_server;
 static int server_port = 0;
 static char *client_name;
+static char *keytab;
 
 static struct getargs args[] = {
     {	"principal", 	'p',	arg_string,	&client_name,
 	"principal to authenticate as" },
+    {   "keytab",	'K',	arg_string,	&keytab,
+   	"keytab for authentication pricipal" },
     { 
 	"config-file",	'c',	arg_string,	&config_file, 
 	"location of config file",	"file" 
@@ -222,7 +225,7 @@ main(int argc, char **argv)
     int optind = 0;
     int e;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     ret = krb5_init_context(&context);
     if (ret)
@@ -245,12 +248,13 @@ main(int argc, char **argv)
     if (config_file == NULL)
 	config_file = HDB_DB_DIR "/kdc.conf";
 
-    if(krb5_config_parse_file(config_file, &cf) == 0) {
+    if(krb5_config_parse_file(context, config_file, &cf) == 0) {
 	const char *p = krb5_config_get_string (context, cf, 
 						"kdc", "key-file", NULL);
 	if (p)
 	    keyfile = strdup(p);
     }
+    krb5_clear_error_string (context);
 
     memset(&conf, 0, sizeof(conf));
     if(realm) {
@@ -278,6 +282,14 @@ main(int argc, char **argv)
 					     &conf, 0, 0, 
 					     &kadm_handle);
 	actual_cmds = commands;
+    } else if (keytab) {
+        ret = kadm5_c_init_with_skey_ctx(context,
+					 client_name,
+					 keytab,
+					 KADM5_ADMIN_SERVICE,
+                                         &conf, 0, 0,
+                                         &kadm_handle);
+        actual_cmds = commands + 4; /* XXX */
     } else {
 	ret = kadm5_c_init_with_password_ctx(context, 
 					     client_name,
diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8
new file mode 100644
index 0000000..31885a7
--- /dev/null
+++ b/crypto/heimdal/kadmin/kadmin.cat8
@@ -0,0 +1,123 @@
+
+KADMIN(8)                UNIX System Manager's Manual                KADMIN(8)
+
+NNAAMMEE
+     kkaaddmmiinn - Kerberos administration utility
+
+SSYYNNOOPPSSIISS
+     kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
+     _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
+     ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
+     ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
+     [_c_o_m_m_a_n_d]
+
+DDEESSCCRRIIPPTTIIOONN
+     The kkaaddmmiinn program is used to make modification to the Kerberos database,
+     either remotely via the kadmind(8) daemon, or locally (with the --ll op-
+     tion).
+
+     Supported options:
+
+     --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
+             principal to authenticate as
+
+     --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
+             keytab for authentication pricipal
+
+     --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+             location of config file
+
+     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+             location of master key file
+
+     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+             realm to use
+
+     --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
+             server to contact
+
+     --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
+             port to use
+
+     --ll, ----llooccaall
+             local admin mode
+
+     If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
+     mands to process. Commands include:
+
+           aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+           ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
+           [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
+           [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
+
+                 creates a new principal
+
+           ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
+           ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+
+                 changes the password of an existing principal
+
+           ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
+
+                 removes a principal
+
+           ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
+
+
+                 removes some enctypes from a principal, this can be useful
+                 the service belonging to the principal is known to not handle
+                 certain enctypes
+
+           eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
+
+                 creates a keytab with the keys of the specified principals
+
+           ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.
+
+                 lists the principals that match the expressions (which are
+                 shell glob like), long format gives more information, and
+                 terse just prints the names
+
+           rreennaammee _f_r_o_m _t_o
+
+                 renames a principal
+
+           mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
+           [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
+           [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
+           [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l
+
+                 modifies certain attributes of a principal
+
+           pprriivviilleeggeess
+
+                 lists the operations you are allowd to perform
+
+     When running in local mode, the following commands can also be used.
+
+           dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
+
+                 writes the database in ``human readable'' form to the speci-
+                 fied file, or standard out
+
+           iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
+           [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m
+
+                 initialises the Kerberos database with entries for a new
+                 realm, it's possible to have more than one realm served by
+                 one server
+
+           llooaadd _f_i_l_e
+
+                 reads a previously dumped database, and re-creates that
+                 database from scratch
+
+           mmeerrggee _f_i_l_e
+
+                 similar to lliisstt but just modifies the database with the en-
+                 tries in the dump file
+
+SSEEEE AALLSSOO
+     kadmind(8),  kdc(8)
+
+ HEIMDAL                      September 10, 2000                             2
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8
index 9b76683..928d12f 100644
--- a/crypto/heimdal/kadmin/kadmind.8
+++ b/crypto/heimdal/kadmin/kadmind.8
@@ -7,19 +7,23 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file Oc
+.Fl -config-file= Ns Ar file
 .Xc
+.Oc
 .Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file Oc
+.Fl -key-file= Ns Ar file
 .Xc
+.Oc
 .Op Fl -keytab= Ns Ar keytab
 .Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm Oc
+.Fl -realm= Ns Ar realm
 .Xc
+.Oc
 .Op Fl d | Fl -debug
 .Oo Fl p Ar port \*(Ba Xo
-.Fl -ports= Ns Ar port Oc
+.Fl -ports= Ns Ar port
 .Xc
+.Oc
 .Sh DESCRIPTION
 .Nm
 listens for requests for changes to the Kerberos database and performs
@@ -40,7 +44,8 @@ but the
 .Xr kpasswdd 8 
 daemon is responsible for the Kerberos 5 password changing protocol
 (used by
-.Xr kpasswd 1 ).
+.Xr kpasswd 1 )
+.
 .Pp
 This daemon should only be run on ther master server, and not on any
 slaves.
diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c
index 7c1696b..c8fe8ec 100644
--- a/crypto/heimdal/kadmin/kadmind.c
+++ b/crypto/heimdal/kadmin/kadmind.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: kadmind.c,v 1.24 2000/12/31 07:45:23 assar Exp $");
+RCSID("$Id: kadmind.c,v 1.27 2001/05/14 06:16:41 assar Exp $");
 
 static char *check_library  = NULL;
 static char *check_function = NULL;
@@ -98,7 +98,7 @@ main(int argc, char **argv)
     krb5_log_facility *logf;
     krb5_keytab keytab;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     ret = krb5_init_context(&context);
     if (ret)
@@ -128,7 +128,7 @@ main(int argc, char **argv)
     if (config_file == NULL)
 	config_file = HDB_DB_DIR "/kdc.conf";
 
-    if(krb5_config_parse_file(config_file, &cf) == 0) {
+    if(krb5_config_parse_file(context, config_file, &cf) == 0) {
 	const char *p = krb5_config_get_string (context, cf, 
 						"kdc", "key-file", NULL);
 	if (p)
@@ -143,11 +143,12 @@ main(int argc, char **argv)
 
     {
 	int fd = 0;
-	struct sockaddr sa;
-	socklen_t sa_size;
+	struct sockaddr_storage __ss;
+	struct sockaddr *sa = (struct sockaddr *)&__ss;
+	socklen_t sa_size = sizeof(__ss);
 	krb5_auth_context ac = NULL;
 	int debug_port;
-	sa_size = sizeof(sa);
+
 	if(debug_flag) {
 	    if(port_str == NULL)
 		debug_port = krb5_getportbyname (context, "kerberos-adm", 
@@ -155,7 +156,7 @@ main(int argc, char **argv)
 	    else
 		debug_port = htons(atoi(port_str));
 	    mini_inetd(debug_port);
-	} else if(roken_getsockname(STDIN_FILENO, &sa, &sa_size) < 0 && 
+	} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && 
 		   errno == ENOTSOCK) {
 	    parse_ports(context, port_str ? port_str : "+");
 	    pidfile(NULL);
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8
new file mode 100644
index 0000000..c03ae18
--- /dev/null
+++ b/crypto/heimdal/kadmin/kadmind.cat8
@@ -0,0 +1,93 @@
+
+KADMIND(8)               UNIX System Manager's Manual               KADMIND(8)
+
+NNAAMMEE
+     kkaaddmmiinndd - server for administrative access to kerberos database
+
+SSYYNNOOPPSSIISS
+     kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+     [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
+     ----ppoorrttss==_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkaaddmmiinndd listens for requests for changes to the Kerberos database and
+     performs these, subject to permissions.  When starting, if stdin is a
+     socket it assumes that it has been started by inetd(8),  otherwise it be-
+     haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
+     option causes kkaaddmmiinndd to accept exactly one connection, which is useful
+     for debugging.
+
+     If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
+     ministrative protocol and the Kerberos 4 protocol. Password changes via
+     the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpass-
+     wdd(8) daemon is responsible for the Kerberos 5 password changing proto-
+     col (used by kpasswd(1))
+
+     This daemon should only be run on ther master server, and not on any
+     slaves.
+
+     Principals are always allowed to change their own password and list their
+     own principals.  Apart from that, doing any operation requires permission
+     explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
+     this file is:
+
+     _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
+
+     Where rights is any combination of:
+
+     ++oo   change-password | cpw
+
+     ++oo   list
+
+     ++oo   delete
+
+     ++oo   modify
+
+     ++oo   add
+
+     ++oo   get
+
+     ++oo   all
+
+     And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to principals
+     that match the glob-style pattern.
+
+     Supported options:
+
+     --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+             location of config file
+
+     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+             location of master key file
+
+     ----kkeeyyttaabb==_k_e_y_t_a_b
+
+
+             what keytab to use
+
+     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+             realm to use
+
+     --dd, ----ddeebbuugg
+             enable debugging
+
+     --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
+             ports to listen to. By default, if run as a daemon, it listen to
+             ports 749, and 751 (if built with Kerberos 4 support), but you
+             can add any number of ports with this option. The port string is
+             a whitespace separated list of port specifications, with the spe-
+             cial string ``+'' representing the default set of ports.
+
+FFIILLEESS
+     _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
+
+EEXXAAMMPPLLEESS
+     This will cause kadmind to listen to port 4711 in addition to any com-
+     piled in defaults:
+
+           # kadmind --ports="+ 4711" &
+
+SSEEEE AALLSSOO
+     kdc(8),  kadmin(1),  kpasswdd(8),  kpasswd(1)
+
+ HEIMDAL                         June 7, 2000                                2
diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c
index c53a7ad..f117554 100644
--- a/crypto/heimdal/kadmin/load.c
+++ b/crypto/heimdal/kadmin/load.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -34,7 +34,7 @@
 #include "kadmin_locl.h"
 #include <kadm5/private.h>
 
-RCSID("$Id: load.c,v 1.40 2001/01/04 15:59:26 assar Exp $");
+RCSID("$Id: load.c,v 1.41 2001/02/20 01:44:49 assar Exp $");
 
 struct entry {
     char *principal;
diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c
index aabe08c..92fb2fc 100644
--- a/crypto/heimdal/kadmin/random_password.c
+++ b/crypto/heimdal/kadmin/random_password.c
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: random_password.c,v 1.3 1999/12/02 17:04:58 joda Exp $");
+RCSID("$Id: random_password.c,v 1.4 2001/02/15 04:20:53 assar Exp $");
 
 /* This file defines some a function that generates a random password,
    that can be used when creating a large amount of principals (such
@@ -57,9 +57,9 @@ random_password(char *pw, size_t len)
 {
 #ifdef OTP_STYLE
     {
-	des_cblock newkey;
+	OtpKey newkey;
 
-	des_new_random_key(&newkey);
+	krb5_generate_random_block(&newkey, sizeof(newkey));
 	otp_print_stddict (newkey, pw, len);
 	strlwr(pw);
     }
@@ -80,11 +80,11 @@ random_password(char *pw, size_t len)
 #ifndef OTP_STYLE
 /* return a random value in range 0-127 */
 static int
-RND(des_cblock *key, int *left)
+RND(unsigned char *key, int keylen, int *left)
 {
     if(*left == 0){
-	des_new_random_key(key);
-	*left = 8;
+	krb5_generate_random_block(key, keylen);
+	*left = keylen;
     }
     (*left)--;
     return ((unsigned char*)key)[*left];
@@ -120,7 +120,7 @@ generate_password(char **pw, int num_classes, ...)
     } *classes;
     va_list ap;
     int len, i;
-    des_cblock rbuf; /* random buffer */
+    unsigned char rbuf[8]; /* random buffer */
     int rleft = 0;
 
     classes = malloc(num_classes * sizeof(*classes));
@@ -138,11 +138,12 @@ generate_password(char **pw, int num_classes, ...)
 	return;
     for(i = 0; i < len; i++) {
 	int j;
-	int x = RND(&rbuf, &rleft) % (len - i);
+	int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);
 	int t = 0;
 	for(j = 0; j < num_classes; j++) {
 	    if(x < t + classes[j].freq) {
-		(*pw)[i] = classes[j].str[RND(&rbuf, &rleft) % classes[j].len];
+		(*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)
+					 % classes[j].len];
 		classes[j].freq--;
 		break;
 	    }
diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c
index 0ba2a58..ac5f4d6 100644
--- a/crypto/heimdal/kadmin/rename.c
+++ b/crypto/heimdal/kadmin/rename.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kadmin_locl.h"
 
-RCSID("$Id: rename.c,v 1.3 2000/09/10 19:19:20 joda Exp $");
+RCSID("$Id: rename.c,v 1.4 2001/05/04 13:07:03 joda Exp $");
 
 static struct getargs args[] = {
     { "help", 'h', arg_flag, NULL }
@@ -62,7 +62,7 @@ rename_entry(int argc, char **argv)
 	usage ();
 	return 0;
     }
-    if(argc - optind < 3 || help_flag) {
+    if(argc - optind != 2 || help_flag) {
 	usage ();
 	return 0;
     }
diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c
index 8d7abc3..4a5e1c0 100644
--- a/crypto/heimdal/kadmin/util.c
+++ b/crypto/heimdal/kadmin/util.c
@@ -34,7 +34,7 @@
 #include "kadmin_locl.h"
 #include <parse_units.h>
 
-RCSID("$Id: util.c,v 1.30 2001/01/11 23:07:29 assar Exp $");
+RCSID("$Id: util.c,v 1.32 2001/05/14 06:17:20 assar Exp $");
 
 /*
  * util.c - functions for parsing, unparsing, and editing different
@@ -461,6 +461,7 @@ is_expression(const char *string)
 int
 foreach_principal(const char *exp, 
 		  int (*func)(krb5_principal, void*), 
+		  const char *funcname,
 		  void *data)
 {
     char **princs;
@@ -498,19 +499,8 @@ foreach_principal(const char *exp,
 	    continue;
 	}
 	ret = (*func)(princ_ent, data);
-	if(ret) {
-	    char *tmp;
-	    krb5_error_code ret2;
-
-	    ret2 = krb5_unparse_name(context, princ_ent, &tmp);
-	    if(ret2) {
-		krb5_warn(context, ret2, "krb5_unparse_name");
-		krb5_warn(context, ret, "<unknown principal>");
-	    } else {
-		krb5_warn(context, ret, "%s", tmp);
-		free(tmp);
-	    }
-	}
+	if(ret)
+	    krb5_warn(context, ret, "%s %s", funcname, princs[i]);
 	krb5_free_principal(context, princ_ent);
     }
     kadm5_free_name_list(kadm_handle, princs, &num_princs);
diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c
index df70988..ebe747f 100644
--- a/crypto/heimdal/kdc/524.c
+++ b/crypto/heimdal/kdc/524.c
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: 524.c,v 1.19 2001/01/30 01:44:07 assar Exp $");
+RCSID("$Id: 524.c,v 1.20 2001/05/14 06:17:47 assar Exp $");
 
 #ifdef KRB4
 
@@ -136,7 +136,7 @@ set_address (EncTicketPart *et,
     if (v4_addr == NULL)
 	return ENOMEM;
 
-    ret = krb5_sockaddr2address(addr, v4_addr);
+    ret = krb5_sockaddr2address(context, addr, v4_addr);
     if(ret) {
 	free (v4_addr);
 	kdc_log(0, "Failed to convert address (%s)", from);
diff --git a/crypto/heimdal/kdc/Makefile.in b/crypto/heimdal/kdc/Makefile.in
index d5c394d..90d7e04 100644
--- a/crypto/heimdal/kdc/Makefile.in
+++ b/crypto/heimdal/kdc/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = string2key
@@ -317,7 +320,7 @@ OBJECTS = $(am_hprop_OBJECTS) $(am_hpropd_OBJECTS) $(am_kdc_OBJECTS) $(am_kstash
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign kdc/Makefile
 
@@ -522,6 +525,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/kdc/config.c b/crypto/heimdal/kdc/config.c
index 0621db1..78f75d3 100644
--- a/crypto/heimdal/kdc/config.c
+++ b/crypto/heimdal/kdc/config.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -35,7 +35,7 @@
 #include <getarg.h>
 #include <parse_bytes.h>
 
-RCSID("$Id: config.c,v 1.33 2000/09/10 19:27:17 joda Exp $");
+RCSID("$Id: config.c,v 1.36 2001/05/17 07:13:43 joda Exp $");
 
 static char *config_file;	/* location of kdc config file */
 
@@ -250,7 +250,7 @@ configure(int argc, char **argv)
     if(config_file == NULL)
 	config_file = _PATH_KDC_CONF;
     
-    if(krb5_config_parse_file(config_file, &cf))
+    if(krb5_config_parse_file(context, config_file, &cf))
 	cf = NULL;
     
     get_dbinfo(cf);
@@ -286,6 +286,7 @@ configure(int argc, char **argv)
 
 	for (i = 0; i < addresses_str.num_strings; ++i)
 	    add_one_address (addresses_str.strings[i], i == 0);
+	free_getarg_strings (&addresses_str);
     } else {
 	char **foo = krb5_config_get_strings (context, cf,
 					      "kdc", "addresses", NULL);
@@ -310,11 +311,11 @@ configure(int argc, char **argv)
 	enable_http = krb5_config_get_bool(context, cf, "kdc", 
 					   "enable-http", NULL);
     check_ticket_addresses = 
-	krb5_config_get_bool(context, cf, "kdc", 
-			     "check-ticket-addresses", NULL);
+	krb5_config_get_bool_default(context, cf, TRUE, "kdc", 
+				     "check-ticket-addresses", NULL);
     allow_null_ticket_addresses = 
-	krb5_config_get_bool(context, cf, "kdc", 
-			     "allow-null-ticket-addresses", NULL);
+	krb5_config_get_bool_default(context, cf, TRUE, "kdc", 
+				     "allow-null-ticket-addresses", NULL);
 
     allow_anonymous = 
 	krb5_config_get_bool(context, cf, "kdc", 
diff --git a/crypto/heimdal/kdc/connect.c b/crypto/heimdal/kdc/connect.c
index 4533cea..7f13310 100644
--- a/crypto/heimdal/kdc/connect.c
+++ b/crypto/heimdal/kdc/connect.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: connect.c,v 1.80 2000/10/08 21:36:29 assar Exp $");
+RCSID("$Id: connect.c,v 1.82 2001/05/14 06:18:11 assar Exp $");
 
 /*
  * a tuple describing on what to listen
@@ -242,7 +242,7 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
 
     init_descr (d);
 
-    ret = krb5_addr2sockaddr (a, sa, &sa_size, port);
+    ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
     if (ret) {
 	krb5_warn(context, ret, "krb5_addr2sockaddr");
 	close(d->s);
@@ -401,7 +401,7 @@ static void
 addr_to_string(struct sockaddr *addr, size_t addr_len, char *str, size_t len)
 {
     krb5_address a;
-    krb5_sockaddr2address(addr, &a);
+    krb5_sockaddr2address(context, addr, &a);
     if(krb5_print_address(&a, str, len, &len) == 0) {
 	krb5_free_address(context, &a);
 	return;
@@ -462,7 +462,7 @@ handle_udp(struct descr *d)
 
     buf = malloc(max_request);
     if(buf == NULL){
-	kdc_log(0, "Failed to allocate %u bytes", max_request);
+	kdc_log(0, "Failed to allocate %lu bytes", (unsigned long)max_request);
 	return;
     }
 
@@ -556,14 +556,15 @@ grow_descr (struct descr *d, size_t n)
 
 	d->size += max(1024, d->len + n);
 	if (d->size >= max_request) {
-	    kdc_log(0, "Request exceeds max request size (%u bytes).",
-		    d->size);
+	    kdc_log(0, "Request exceeds max request size (%lu bytes).",
+		    (unsigned long)d->size);
 	    clear_descr(d);
 	    return -1;
 	}
 	tmp = realloc (d->buf, d->size);
 	if (tmp == NULL) {
-	    kdc_log(0, "Failed to re-allocate %u bytes.", d->size);
+	    kdc_log(0, "Failed to re-allocate %lu bytes.",
+		    (unsigned long)d->size);
 	    clear_descr(d);
 	    return -1;
 	}
@@ -632,7 +633,8 @@ handle_http_tcp (struct descr *d)
     }
     data = malloc(strlen(t));
     if (data == NULL) {
-	kdc_log(0, "Failed to allocate %u bytes", strlen(t));
+	kdc_log(0, "Failed to allocate %lu bytes",
+		(unsigned long)strlen(t));
 	return -1;
     }
     if(*t == '/')
@@ -750,8 +752,8 @@ loop(void)
 	    if(d[i].s >= 0){
 		if(d[i].type == SOCK_STREAM && 
 		   d[i].timeout && d[i].timeout < time(NULL)) {
-		    kdc_log(1, "TCP-connection from %s expired after %u bytes",
-			    d[i].addr_string, d[i].len);
+		    kdc_log(1, "TCP-connection from %s expired after %lu bytes",
+			    d[i].addr_string, (unsigned long)d[i].len);
 		    clear_descr(&d[i]);
 		    continue;
 		}
diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8
index b1e1cd9..ae8ee85 100644
--- a/crypto/heimdal/kdc/hprop.8
+++ b/crypto/heimdal/kdc/hprop.8
@@ -1,4 +1,4 @@
-.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $
+.\" $Id: hprop.8,v 1.10 2001/06/08 21:35:31 joda Exp $
 .\"
 .Dd June 19, 2000
 .Dt HPROP 8
@@ -9,27 +9,33 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl m Ar file \*(Ba Xo
-.Fl -master-key= Ns Pa file Oc
+.Fl -master-key= Ns Pa file
 .Xc
+.Oc
 .Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Pa file Oc
+.Fl -database= Ns Pa file
 .Xc
+.Oc
 .Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump
 .Op Fl 4 | Fl -v4-db
 .Op Fl K | Fl -ka-db
 .Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell Oc
+.Fl -cell= Ns Ar cell
 .Xc
+.Oc
 .Op Fl S | Fl -kaspecials
 .Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string Oc
+.Fl -v4-realm= Ns Ar string
 .Xc
+.Oc
 .Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab Oc
+.Fl -keytab= Ns Ar keytab
 .Xc
+.Oc
 .Oo Fl R Ar string \*(Ba Xo
-.Fl -v5-realm= Ns Ar string Oc
+.Fl -v5-realm= Ns Ar string
 .Xc
+.Oc
 .Op Fl D | Fl -decrypt
 .Op Fl E | Fl -encrypt
 .Op Fl n | Fl -stdout
diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c
index 8ce9f10..b5d1743 100644
--- a/crypto/heimdal/kdc/hprop.c
+++ b/crypto/heimdal/kdc/hprop.c
@@ -33,7 +33,7 @@
 
 #include "hprop.h"
 
-RCSID("$Id: hprop.c,v 1.60 2001/02/05 03:40:00 assar Exp $");
+RCSID("$Id: hprop.c,v 1.62 2001/02/20 01:44:50 assar Exp $");
 
 static int version_flag;
 static int help_flag;
@@ -457,11 +457,11 @@ ka_dump(struct prop_data *pd, const char *file, const char *cell)
 	krb5_err(pd->context, 1, errno, "open(%s)", file);
     read_block(pd->context, fd, 0, &header, sizeof(header));
     if(header.version1 != header.version2)
-	krb5_errx(pd->context, 1, "Version mismatch in header: %d/%d", 
-		  ntohl(header.version1), ntohl(header.version2));
+	krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld",
+		  (long)ntohl(header.version1), (long)ntohl(header.version2));
     if(ntohl(header.version1) != 5)
-	krb5_errx(pd->context, 1, "Unknown database version %d (expected 5)", 
-		  ntohl(header.version1));
+	krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)", 
+		  (long)ntohl(header.version1));
     for(i = 0; i < ntohl(header.hashsize); i++){
 	int32_t pos = ntohl(header.hash[i]);
 	while(pos){
@@ -787,7 +787,7 @@ main(int argc, char **argv)
 
     int type = 0;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
diff --git a/crypto/heimdal/kdc/hprop.cat8 b/crypto/heimdal/kdc/hprop.cat8
new file mode 100644
index 0000000..f6c70b4
--- /dev/null
+++ b/crypto/heimdal/kdc/hprop.cat8
@@ -0,0 +1,103 @@
+
+HPROP(8)                 UNIX System Manager's Manual                 HPROP(8)
+
+NNAAMMEE
+     hhpprroopp - propagate the KDC database
+
+SSYYNNOOPPSSIISS
+     hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e]
+     [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_r_b_4_-_d_u_m_p] [--44 | ----vv44--ddbb] [--KK |
+     ----kkaa--ddbb] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--rr _s_t_r_i_n_g |
+     ----vv44--rreeaallmm==_s_t_r_i_n_g] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g |
+     ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE | ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv
+     | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp] _h_o_s_t[:_p_o_r_t] _._._.
+
+DDEESSCCRRIIPPTTIIOONN
+     hhpprroopp takes a principal database in a specified format and converts it
+     into a stream of Heimdal database records. This stream can either be
+     written to standard out, or (more commonly) be propagated to a hpropd(8)
+     server running on a different machine.
+
+     If propagating, it connects to all _h_o_s_t_s specified on the command by
+     opening a TCP connection to port 754 (service hprop) and sends the
+     database in encrypted form.
+
+     Supported options:
+
+     --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e
+             Where to find the master key to encrypt or decrypt keys with.
+
+     --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
+             The database to be propagated.
+
+     ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_r_b_4_-_d_u_m_p
+             Specifies the type of the source database. Alternatives include:
+
+             heimdal    a Heimdal database
+
+             mit-dump   a MIT Kerberos 5 dump file
+
+             krb4-db    a Kerberos 4 database
+
+             krb4-dump  a Kerberos 4 dump file
+
+             kaserver   a Transarc kaserver database
+
+     --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
+             The keytab to use for fetching the key to be used for authenti-
+             cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used
+             from this keytab.  The default is to fetch the key from the KDC
+             database.
+
+     --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g
+             Local realm override.
+
+     --DD, ----ddeeccrryypptt
+             The encryption keys in the database can either be in clear, or
+             encrypted with a master key. This option thansmits the database
+             with unencrypted keys.
+
+     --EE, ----eennccrryypptt
+             This option thansmits the database with encrypted keys.
+
+     --nn, ----ssttddoouutt
+             Dump the database on stdout, in a format that can be fed to
+             hpropd.
+
+     The following options are only valid if hhpprroopp is compiled with support
+     for Kerberos 4 (kaserver).
+
+     --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g
+             v4 realm to use
+
+     --cc _c_e_l_l, ----cceellll==_c_e_l_l
+             The AFS cell name, used if reading a kaserver database.
+
+     --SS, ----kkaassppeecciiaallss
+             Also dump the principals marked as special in the kaserver
+             database.
+
+     --44, ----vv44--ddbb
+             Deprecated, identical to `--source=krb4-db'.
+
+     --KK, ----kkaa--ddbb
+             Deprecated, identical to `--source=kaserver'.
+
+EEXXAAMMPPLLEESS
+     The following will propagate a database to another machine (which should
+     run hpropd(8):)
+
+           $ hprop slave-1 slave-2
+
+     Copy a Kerberos 4 database to a Kerberos 5 slave:
+
+           $ hprop --source=krb4-db -E krb5-slave
+
+     Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
+
+           $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n
+
+SSEEEE AALLSSOO
+     hpropd(8)
+
+ HEIMDAL                         June 19, 2000                               2
diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8
index 35e416f..dd26547 100644
--- a/crypto/heimdal/kdc/hpropd.8
+++ b/crypto/heimdal/kdc/hpropd.8
@@ -1,4 +1,4 @@
-.\" $Id: hpropd.8,v 1.5 2000/11/12 15:37:33 joda Exp $
+.\" $Id: hpropd.8,v 1.7 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd August 27, 1997
 .Dt HPROPD 8
@@ -9,14 +9,16 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file Oc
+.Fl -database= Ns Ar file
 .Xc
+.Oc
 .Op Fl n | Fl -stdin
 .Op Fl -print
 .Op Fl i | Fl -no-inetd
 .Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab Oc
+.Fl -keytab= Ns Ar keytab
 .Xc
+.Oc
 .Op Fl 4 | Fl -v4dump
 .Sh DESCRIPTION
 .Nm
diff --git a/crypto/heimdal/kdc/hpropd.c b/crypto/heimdal/kdc/hpropd.c
index 2cfdd15..da5498b 100644
--- a/crypto/heimdal/kdc/hpropd.c
+++ b/crypto/heimdal/kdc/hpropd.c
@@ -33,7 +33,7 @@
 
 #include "hprop.h"
 
-RCSID("$Id: hpropd.c,v 1.31 2001/01/25 12:37:39 assar Exp $");
+RCSID("$Id: hpropd.c,v 1.32 2001/02/20 01:44:50 assar Exp $");
 
 #ifdef KRB4
 static des_cblock mkey4;
@@ -213,7 +213,7 @@ main(int argc, char **argv)
     int fd_out = -1;
 #endif
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     ret = krb5_init_context(&context);
     if(ret)
diff --git a/crypto/heimdal/kdc/hpropd.cat8 b/crypto/heimdal/kdc/hpropd.cat8
new file mode 100644
index 0000000..5218e6d
--- /dev/null
+++ b/crypto/heimdal/kdc/hpropd.cat8
@@ -0,0 +1,43 @@
+
+HPROPD(8)                UNIX System Manager's Manual                HPROPD(8)
+
+NNAAMMEE
+     hhpprrooppdd - receive a propagated database
+
+SSYYNNOOPPSSIISS
+     hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii |
+     ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp]
+
+DDEESSCCRRIIPPTTIIOONN
+     hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local
+     database.
+
+     By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket
+     and expects to receive the dumped database over stdin otherwise.  If the
+     database is sent over the network, it is authenticated and encrypted.
+     Only connections from kadmin/hprop are accepted.
+
+     Options supported:
+
+     --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
+             database
+
+     --nn, ----ssttddiinn
+             read from stdin
+
+     ----pprriinntt
+             print dump to stdout
+
+     --ii, ----nnoo--iinneettdd
+             Not started from inetd
+
+     --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
+             keytab to use for authentication
+
+     --44, ----vv44dduummpp
+             create v4 type DB
+
+SSEEEE AALLSSOO
+     hprop(8)
+
+ HEIMDAL                        August 27, 1997                              1
diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c
index 175ddb6..5920895 100644
--- a/crypto/heimdal/kdc/kaserver.c
+++ b/crypto/heimdal/kdc/kaserver.c
@@ -33,11 +33,10 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: kaserver.c,v 1.15 2001/01/28 21:51:05 assar Exp $");
+RCSID("$Id: kaserver.c,v 1.16 2001/02/05 10:49:43 assar Exp $");
 
 #ifdef KASERVER
 
-#include "kerberos4.h"
 #include <rx.h>
 
 #define KA_AUTHENTICATION_SERVICE 731
@@ -406,10 +405,10 @@ do_authenticate (struct rx_header *hdr,
     snprintf (client_name, sizeof(client_name), "%s.%s@%s",
 	      name, instance, v4_realm);
 
-    client_entry = db_fetch4 (name, instance, v4_realm);
-    if (client_entry == NULL) {
-	kdc_log(0, "Client not found in database: %s",
-		client_name);
+    ret = db_fetch4 (name, instance, v4_realm, &client_entry);
+    if (ret) {
+	kdc_log(0, "Client not found in database: %s: %s",
+		client_name, krb5_get_err_text(context, ret));
 	make_error_reply (hdr, KANOENT, reply);
 	goto out;
     }
@@ -417,9 +416,10 @@ do_authenticate (struct rx_header *hdr,
     snprintf (server_name, sizeof(server_name), "%s.%s@%s",
 	      "krbtgt", v4_realm, v4_realm);
 
-    server_entry = db_fetch4 ("krbtgt", v4_realm, v4_realm);
-    if (server_entry == NULL) {
-	kdc_log(0, "Server not found in database: %s", server_name);
+    ret = db_fetch4 ("krbtgt", v4_realm, v4_realm, &server_entry);
+    if (ret) {
+	kdc_log(0, "Server not found in database: %s: %s",
+		server_name, krb5_get_err_text(context, ret));
 	make_error_reply (hdr, KANOENT, reply);
 	goto out;
     }
@@ -599,9 +599,10 @@ do_getticket (struct rx_header *hdr,
     snprintf (server_name, sizeof(server_name),
 	      "%s.%s@%s", name, instance, v4_realm);
 
-    server_entry = db_fetch4 (name, instance, v4_realm);
-    if (server_entry == NULL) {
-	kdc_log(0, "Server not found in database: %s", server_name);
+    ret = db_fetch4 (name, instance, v4_realm, &server_entry);
+    if (ret) {
+	kdc_log(0, "Server not found in database: %s: %s",
+		server_name, krb5_get_err_text(context, ret));
 	make_error_reply (hdr, KANOENT, reply);
 	goto out;
     }
@@ -614,10 +615,10 @@ do_getticket (struct rx_header *hdr,
 	goto out;
     }
 
-    krbtgt_entry = db_fetch4 ("krbtgt", v4_realm, v4_realm);
-    if (krbtgt_entry == NULL) {
-	kdc_log(0, "Server not found in database: %s.%s@%s",
-		"krbtgt", v4_realm, v4_realm);
+    ret = db_fetch4 ("krbtgt", v4_realm, v4_realm, &krbtgt_entry);
+    if (ret) {
+	kdc_log(0, "Server not found in database: %s.%s@%s: %s",
+		"krbtgt", v4_realm, v4_realm, krb5_get_err_text(context, ret));
 	make_error_reply (hdr, KANOENT, reply);
 	goto out;
     }
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8
index 1687dcd..8437c63 100644
--- a/crypto/heimdal/kdc/kdc.8
+++ b/crypto/heimdal/kdc/kdc.8
@@ -1,4 +1,4 @@
-.\" $Id: kdc.8,v 1.11 2001/01/26 22:46:28 assar Exp $
+.\" $Id: kdc.8,v 1.13 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd July 27, 1997
 .Dt KDC 8
@@ -9,20 +9,23 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file Oc
+.Fl -config-file= Ns Ar file
 .Xc
+.Oc
 .Op Fl p | Fl -no-require-preauth
 .Op Fl -max-request= Ns Ar size
 .Op Fl H | Fl -enable-http
 .Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string Oc
+.Fl -v4-realm= Ns Ar string
 .Xc
+.Oc
 .Op Fl K | Fl -no-kaserver
 .Op Fl r Ar realm
 .Op Fl -v4-realm= Ns Ar realm
 .Oo Fl P Ar string \*(Ba Xo
-.Fl -ports= Ns Ar string Oc
+.Fl -ports= Ns Ar string
 .Xc
+.Oc
 .Op Fl -addresses= Ns Ar list of addresses
 .Sh DESCRIPTION
 .Nm
diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8
new file mode 100644
index 0000000..234b76d
--- /dev/null
+++ b/crypto/heimdal/kdc/kdc.cat8
@@ -0,0 +1,118 @@
+
+KDC(8)                   UNIX System Manager's Manual                   KDC(8)
+
+NNAAMMEE
+     kkddcc - Kerberos 5 server
+
+SSYYNNOOPPSSIISS
+     kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
+     [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
+     [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
+     ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkddcc serves requests for tickets. When it starts, it first checks the
+     flags passed, any options that are not specified with a command line flag
+     is taken from a config file, or from a default compiled-in value.
+
+     Options supported:
+
+     --cc _f_i_l_e
+
+     ----ccoonnffiigg--ffiillee==_f_i_l_e
+             Specifies the location of the config file, the default is
+             _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be spec-
+             ified in the config file.
+
+     --pp
+
+     ----nnoo--rreeqquuiirree--pprreeaauutthh
+             Turn off the requirement for pre-autentication in the initial AS-
+             REQ for all principals. The use of pre-authentication makes it
+             more difficult to do offline password attacks. You might want to
+             turn it off if you have clients that doesn't do pre-authentica-
+             tion. Since the version 4 protocol doesn't support any pre-au-
+             thentication, so serving version 4 clients is just about the same
+             as not requiring pre-athentication. The default is to require
+             pre-authentication. Adding the require-preauth per principal is a
+             more flexible way of handling this.
+
+     ----mmaaxx--rreeqquueesstt==_s_i_z_e
+             Gives an upper limit on the size of the requests that the kdc is
+             willing to handle.
+
+     --HH, ----eennaabbllee--hhttttpp
+             Makes the kdc listen on port 80 and handle requests encapsulated
+             in HTTP.
+
+     --KK, ----nnoo--kkaasseerrvveerr
+             Disables kaserver emulation (in case it's compiled in).
+
+     --rr _r_e_a_l_m
+
+     ----vv44--rreeaallmm==_r_e_a_l_m
+             What realm this server should act as when dealing with version 4
+             requests. The database can contain any number of realms, but
+             since the version 4 protocol doesn't contain a realm for the
+             server, it must be explicitly specified. The default is whatever
+             is returned by kkrrbb__ggeett__llrreeaallmm().  This option is only availabe if
+             the KDC has been compiled with version 4 support.
+
+     --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
+             Specifies the set of ports the KDC should listen on.  It is given
+             as a white-space separated list of services or port numbers.
+
+     ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
+             The list of addresses to listen for requests on.  By default, the
+             kdc will listen on all the locally configured addresses.  If only
+             a subset is desired, or the automatic detection fails, this op-
+             tion might be used.
+
+     All activities , are logged to one or more destinations, see
+     krb5.conf(5),  and krb5_openlog(3).  The entity used for logging is kkddcc.
+
+CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
+     The configuration file has the same syntax as the _k_r_b_5_._c_o_n_f file (you can
+     actually put the configuration in _/_e_t_c_/_k_r_b_5_._c_o_n_f, and then start the KDC
+     with ----ccoonnffiigg--ffiillee==_/_e_t_c_/_k_r_b_5_._c_o_n_f). All options should be in a section
+     called ``kdc''. All the command-line options can preferably be added in
+     the configuration file.  The only difference is the pre-authentication
+     flag, that has to be specified as:
+
+           require-preauth = no
+
+     (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
+
+     And there are some configuration options which do not have command-line
+     equivalents:
+
+           check-ticket-addresses = _b_o_o_l_e_a_n
+                Check the addresses in the ticket when processing TGS re-
+                quests.  The default is FALSE.
+
+           allow-null-ticket-addresses = _b_o_o_l_e_a_n
+                Permit tickets with no addresses.  This option is only rele-
+                vant when check-ticket-addresses is TRUE.
+
+           allow-anonymous = _b_o_o_l_e_a_n
+                Permit anonymous tickets with no addresses.
+
+           encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
+                Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
+                code.  The Heimdal clients allow both.
+
+           kdc_warn_pwexpire = _t_i_m_e
+                How long before password/principal expiration the KDC should
+                start sending out warning messages.
+
+     An example of a config file:
+
+           [kdc]
+                   require-preauth = no
+                   v4-realm = FOO.SE
+                   key-file = /key-file
+
+SSEEEE AALLSSOO
+     kinit(1)
+
+ HEIMDAL                         July 27, 1997                               2
diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c
index 90cc49e..e540b12 100644
--- a/crypto/heimdal/kdc/kerberos5.c
+++ b/crypto/heimdal/kdc/kerberos5.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: kerberos5.c,v 1.123 2001/01/30 01:44:08 assar Exp $");
+RCSID("$Id: kerberos5.c,v 1.133 2001/05/22 20:16:22 assar Exp $");
 
 #define MAX_TIME ((time_t)((1U << 31) - 1))
 
@@ -415,7 +415,7 @@ check_addresses(HostAddresses *addresses, const struct sockaddr *from)
     if(addresses == NULL)
 	return allow_null_ticket_addresses;
     
-    ret = krb5_sockaddr2address (from, &addr);
+    ret = krb5_sockaddr2address (context, from, &addr);
     if(ret)
 	return FALSE;
 
@@ -630,7 +630,8 @@ as_rep(KDC_REQ *req,
 		      &foo_data,
 		      client_princ,
 		      server_princ,
-		      0,
+		      NULL,
+		      NULL,
 		      reply);
 	free(buf);
 	kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
@@ -804,17 +805,17 @@ as_rep(KDC_REQ *req,
     if (client->pw_end
 	&& (kdc_warn_pwexpire == 0
 	    || kdc_time + kdc_warn_pwexpire <= *client->pw_end)) {
-	ek.last_req.val[ek.last_req.len].lr_type  = 6;
+	ek.last_req.val[ek.last_req.len].lr_type  = LR_PW_EXPTIME;
 	ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end;
 	++ek.last_req.len;
     }
     if (client->valid_end) {
-	ek.last_req.val[ek.last_req.len].lr_type  = 7;
+	ek.last_req.val[ek.last_req.len].lr_type  = LR_ACCT_EXPTIME;
 	ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end;
 	++ek.last_req.len;
     }
     if (ek.last_req.len == 0) {
-	ek.last_req.val[ek.last_req.len].lr_type  = 0;
+	ek.last_req.val[ek.last_req.len].lr_type  = LR_NONE;
 	ek.last_req.val[ek.last_req.len].lr_value = 0;
 	++ek.last_req.len;
     }
@@ -862,7 +863,8 @@ out:
 		      NULL,
 		      client_princ,
 		      server_princ,
-		      0,
+		      NULL,
+		      NULL,
 		      reply);
 	ret = 0;
     }
@@ -978,7 +980,9 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
 	    old_life -= *tgt->starttime;
 	else
 	    old_life -= tgt->authtime;
-	et->endtime = min(*et->renew_till, *et->starttime + old_life);
+	et->endtime = *et->starttime + old_life;
+	if (et->renew_till != NULL)
+	    et->endtime = min(*et->renew_till, et->endtime);
     }	    
     
     /* checks for excess flags */
@@ -1006,7 +1010,8 @@ fix_transited_encoding(TransitedEncoding *tr,
 			tr->tr_type);
 		return KRB5KDC_ERR_TRTYPE_NOSUPP;
 	    }
-	    ret = krb5_domain_x500_decode(tr->contents,
+	    ret = krb5_domain_x500_decode(context, 
+					  tr->contents,
 					  &realms, 
 					  &num_realms,
 					  client_realm,
@@ -1285,10 +1290,15 @@ out:
     return ret;
 }
 
+/*
+ * return the realm of a krbtgt-ticket or NULL
+ */
+
 static Realm 
-is_krbtgt(PrincipalName *p)
+get_krbtgt_realm(const PrincipalName *p)
 {
-    if(p->name_string.len == 2 && strcmp(p->name_string.val[0], "krbtgt") == 0)
+    if(p->name_string.len == 2
+       && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0)
 	return p->name_string.val[1];
     else
 	return NULL;
@@ -1307,12 +1317,25 @@ find_rpath(Realm r)
 }
 	    
 
+static krb5_boolean
+need_referral(krb5_principal server, krb5_realm **realms)
+{
+    if(server->name.name_type != KRB5_NT_SRV_INST ||
+       server->name.name_string.len != 2)
+	return FALSE;
+ 
+    return krb5_get_host_realm_int(context, server->name.name_string.val[1],
+				   FALSE, realms) == 0;
+}
+
 static krb5_error_code
 tgs_rep2(KDC_REQ_BODY *b,
 	 PA_DATA *tgs_req,
 	 krb5_data *reply,
 	 const char *from,
-	 struct sockaddr *from_addr)
+	 const struct sockaddr *from_addr,
+	 time_t **csec,
+	 int **cusec)
 {
     krb5_ap_req ap_req;
     krb5_error_code ret;
@@ -1332,6 +1355,9 @@ tgs_rep2(KDC_REQ_BODY *b,
     krb5_principal sp = NULL;
     AuthorizationData *auth_data = NULL;
 
+    *csec  = NULL;
+    *cusec = NULL;
+
     memset(&ap_req, 0, sizeof(ap_req));
     ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req);
     if(ret){
@@ -1340,7 +1366,7 @@ tgs_rep2(KDC_REQ_BODY *b,
 	goto out2;
     }
     
-    if(!is_krbtgt(&ap_req.ticket.sname)){
+    if(!get_krbtgt_realm(&ap_req.ticket.sname)){
 	/* XXX check for ticket.sname == req.sname */
 	kdc_log(0, "PA-DATA is not a ticket-granting ticket");
 	ret = KRB5KDC_ERR_POLICY; /* ? */
@@ -1409,6 +1435,29 @@ tgs_rep2(KDC_REQ_BODY *b,
 	goto out2;
     }
 
+    {
+	krb5_authenticator auth;
+
+	ret = krb5_auth_getauthenticator(context, ac, &auth);
+	if (ret == 0) {
+	    *csec   = malloc(sizeof(**csec));
+	    if (*csec == NULL) {
+		krb5_free_authenticator(context, &auth);
+		kdc_log(0, "malloc failed");
+		goto out2;
+	    }
+	    **csec  = auth->ctime;
+	    *cusec  = malloc(sizeof(**cusec));
+	    if (*cusec == NULL) {
+		krb5_free_authenticator(context, &auth);
+		kdc_log(0, "malloc failed");
+		goto out2;
+	    }
+	    **csec  = auth->cusec;
+	    krb5_free_authenticator(context, &auth);
+	}
+    }
+
     cetype = ap_req.authenticator.etype;
 
     tgt = &ticket->ticket;
@@ -1506,7 +1555,7 @@ tgs_rep2(KDC_REQ_BODY *b,
 		goto out;
 	    }
 	    t = &b->additional_tickets->val[0];
-	    if(!is_krbtgt(&t->sname)){
+	    if(!get_krbtgt_realm(&t->sname)){
 		kdc_log(0, "Additional ticket is not a ticket-granting ticket");
 		ret = KRB5KDC_ERR_POLICY;
 		goto out2;
@@ -1548,18 +1597,36 @@ tgs_rep2(KDC_REQ_BODY *b,
 
 	if(ret){
 	    Realm req_rlm, new_rlm;
-	    if(loop++ < 2 && (req_rlm = is_krbtgt(&sp->name))){
-		new_rlm = find_rpath(req_rlm);
-		if(new_rlm) {
-		    kdc_log(5, "krbtgt for realm %s not found, trying %s", 
-			    req_rlm, new_rlm);
+	    krb5_realm *realms;
+
+	    if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+		if(loop++ < 2) {
+		    new_rlm = find_rpath(req_rlm);
+		    if(new_rlm) {
+			kdc_log(5, "krbtgt for realm %s not found, trying %s", 
+				req_rlm, new_rlm);
+			krb5_free_principal(context, sp);
+			free(spn);
+			krb5_make_principal(context, &sp, r, 
+					    KRB5_TGS_NAME, new_rlm, NULL);
+			krb5_unparse_name(context, sp, &spn);	
+			goto server_lookup;
+		    }
+		}
+	    } else if(need_referral(sp, &realms)) {
+		if (strcmp(realms[0], sp->realm) != 0) {
+		    kdc_log(5, "returning a referral to realm %s for "
+			    "server %s that was not found",
+			    realms[0], spn);
 		    krb5_free_principal(context, sp);
 		    free(spn);
-		    krb5_make_principal(context, &sp, r, 
-					"krbtgt", new_rlm, NULL);
-		    krb5_unparse_name(context, sp, &spn);	
+		    krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
+					realms[0], NULL);
+		    krb5_unparse_name(context, sp, &spn);
+		    krb5_free_host_realm(context, realms);
 		    goto server_lookup;
 		}
+		krb5_free_host_realm(context, realms);
 	    }
 	    kdc_log(0, "Server not found in database: %s: %s", spn,
 		    krb5_get_err_text(context, ret));
@@ -1624,15 +1691,21 @@ tgs_rep2(KDC_REQ_BODY *b,
 	    free_ent(client);
     }
 out2:
-    if(ret)
+    if(ret) {
 	krb5_mk_error(context,
 		      ret,
 		      e_text,
 		      NULL,
 		      cp,
 		      sp,
-		      0,
+		      NULL,
+		      NULL,
 		      reply);
+	free(*csec);
+	free(*cusec);
+	*csec  = NULL;
+	*cusec = NULL;
+    }
     krb5_free_principal(context, cp);
     krb5_free_principal(context, sp);
     if (ticket) {
@@ -1647,6 +1720,7 @@ out2:
 
     if(krbtgt)
 	free_ent(krbtgt);
+
     return ret;
 }
 
@@ -1660,6 +1734,8 @@ tgs_rep(KDC_REQ *req,
     krb5_error_code ret;
     int i = 0;
     PA_DATA *tgs_req = NULL;
+    time_t *csec = NULL;
+    int *cusec = NULL;
 
     if(req->padata == NULL){
 	ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
@@ -1675,7 +1751,8 @@ tgs_rep(KDC_REQ *req,
 	kdc_log(0, "TGS-REQ from %s without PA-TGS-REQ", from);
 	goto out;
     }
-    ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr);
+    ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr,
+		   &csec, &cusec);
 out:
     if(ret && data->data == NULL){
 	krb5_mk_error(context,
@@ -1684,8 +1761,11 @@ out:
 		      NULL,
 		      NULL,
 		      NULL,
-		      0,
+		      csec,
+		      cusec,
 		      data);
     }
+    free(csec);
+    free(cusec);
     return 0;
 }
diff --git a/crypto/heimdal/kdc/kstash.8 b/crypto/heimdal/kdc/kstash.8
index a9d34c3..afbad1e 100644
--- a/crypto/heimdal/kdc/kstash.8
+++ b/crypto/heimdal/kdc/kstash.8
@@ -1,4 +1,4 @@
-.\" $Id: kstash.8,v 1.3 2000/09/01 16:37:52 joda Exp $
+.\" $Id: kstash.8,v 1.5 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd September  1, 2000
 .Dt KSTASH 8
@@ -9,11 +9,13 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl e Ar string \*(Ba Xo
-.Fl -enctype= Ns Ar string Oc
+.Fl -enctype= Ns Ar string
 .Xc
+.Oc
 .Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file Oc
+.Fl -key-file= Ns Ar file
 .Xc
+.Oc
 .Op Fl -convert-file
 .Op Fl -master-key-fd= Ns Ar fd
 .Op Fl h | Fl -help
diff --git a/crypto/heimdal/kdc/kstash.cat8 b/crypto/heimdal/kdc/kstash.cat8
new file mode 100644
index 0000000..7dd2c7a
--- /dev/null
+++ b/crypto/heimdal/kdc/kstash.cat8
@@ -0,0 +1,34 @@
+
+KSTASH(8)                UNIX System Manager's Manual                KSTASH(8)
+
+NNAAMMEE
+     kkssttaasshh - store the KDC master password in a file
+
+SSYYNNOOPPSSIISS
+     kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+     [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkssttaasshh reads the Kerberos master key and stores it in a file that will be
+     used by the KDC.
+
+     Supported options:
+
+     --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g
+             the encryption type to use, defaults to DES3-CBC-SHA1
+
+     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+             the name of the master key file
+
+     ----ccoonnvveerrtt--ffiillee
+             don't ask for a new master key, just read an old master key file,
+             and writes it back in the new keyfile format
+
+     ----mmaasstteerr--kkeeyy--ffdd==_f_d
+             filedescriptor to read passphrase from, if not specified the
+             passphrase will be read from the terminal
+
+SSEEEE AALLSSOO
+     kdc(8)
+
+ HEIMDAL                       September 1, 2000                             1
diff --git a/crypto/heimdal/kdc/main.c b/crypto/heimdal/kdc/main.c
index a14ae84..146bd91 100644
--- a/crypto/heimdal/kdc/main.c
+++ b/crypto/heimdal/kdc/main.c
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: main.c,v 1.24 2000/12/31 07:46:14 assar Exp $");
+RCSID("$Id: main.c,v 1.25 2001/02/20 01:44:50 assar Exp $");
 
 sig_atomic_t exit_flag = 0;
 krb5_context context;
@@ -48,7 +48,7 @@ int
 main(int argc, char **argv)
 {
     krb5_error_code ret;
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     
     ret = krb5_init_context(&context);
     if (ret)
diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8
index b286733..50d7c29 100644
--- a/crypto/heimdal/kdc/string2key.8
+++ b/crypto/heimdal/kdc/string2key.8
@@ -1,4 +1,4 @@
-.\" $Id: string2key.8,v 1.2 2000/03/04 14:02:55 assar Exp $
+.\" $Id: string2key.8,v 1.4 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd March  4, 2000
 .Dt STRING2KEY 8
@@ -12,17 +12,21 @@
 .Op Fl 4 | Fl -version4
 .Op Fl a | Fl -afs
 .Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell Oc
+.Fl -cell= Ns Ar cell
 .Xc
+.Oc
 .Oo Fl w Ar password \*(Ba Xo
-.Fl -password= Ns Ar password Oc
+.Fl -password= Ns Ar password
 .Xc
+.Oc
 .Oo Fl p Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal Oc
+.Fl -principal= Ns Ar principal
 .Xc
+.Oc
 .Oo Fl k Ar string \*(Ba Xo
-.Fl -keytype= Ns Ar string Oc
+.Fl -keytype= Ns Ar string
 .Xc
+.Oc
 .Ar password
 .Sh DESCRIPTION
 .Nm
diff --git a/crypto/heimdal/kdc/string2key.cat8 b/crypto/heimdal/kdc/string2key.cat8
new file mode 100644
index 0000000..d70e150
--- /dev/null
+++ b/crypto/heimdal/kdc/string2key.cat8
@@ -0,0 +1,42 @@
+
+STRING2KEY(8)            UNIX System Manager's Manual            STRING2KEY(8)
+
+NNAAMMEE
+     ssttrriinngg22kkeeyy - map a password into a key
+
+SSYYNNOOPPSSIISS
+     ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l |
+     ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l |
+     ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d
+
+DDEESSCCRRIIPPTTIIOONN
+     ssttrriinngg22kkeeyy performs the string-to-key function.  This is useful when you
+     want to handle the raw key instead of the password.  Supported options:
+
+     --55, ----vveerrssiioonn55
+             Output Kerberos v5 string-to-key
+
+     --44, ----vveerrssiioonn44
+             Output Kerberos v4 string-to-key
+
+     --aa, ----aaffss
+             Output AFS string-to-key
+
+     --cc _c_e_l_l, ----cceellll==_c_e_l_l
+             AFS cell to use
+
+     --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d
+             Password to use
+
+     --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l
+             Kerberos v5 principal to use
+
+     --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g
+             Keytype
+
+     ----vveerrssiioonn
+             print version
+
+     ----hheellpp
+
+ HEIMDAL                         March 4, 2000                               1
diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in
index ae146d5..372a1d6 100644
--- a/crypto/heimdal/kpasswd/Makefile.in
+++ b/crypto/heimdal/kpasswd/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 man_MANS = kpasswd.1 kpasswdd.8
@@ -271,7 +274,7 @@ OBJECTS = $(am_kpasswd_OBJECTS) kpasswd-generator.$(OBJEXT) $(am_kpasswdd_OBJECT
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign kpasswd/Makefile
 
@@ -484,6 +487,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/kpasswd/kpasswd-generator.c b/crypto/heimdal/kpasswd/kpasswd-generator.c
index 6bd836c..41ca65d 100644
--- a/crypto/heimdal/kpasswd/kpasswd-generator.c
+++ b/crypto/heimdal/kpasswd/kpasswd-generator.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "kpasswd_locl.h"
 
-RCSID("$Id: kpasswd-generator.c,v 1.2 2000/12/31 07:47:38 assar Exp $");
+RCSID("$Id: kpasswd-generator.c,v 1.4 2001/05/12 15:17:10 assar Exp $");
 
 static unsigned
 read_words (const char *filename, char ***ret_w)
@@ -63,6 +63,7 @@ read_words (const char *filename, char ***ret_w)
 static int
 nop_prompter (krb5_context context,
 	      void *data,
+	      const char *name,
 	      const char *banner,
 	      int num_prompts,
 	      krb5_prompt prompts[])
@@ -176,7 +177,7 @@ main(int argc, char **argv)
     int nreq;
     char *end;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
 	usage(1);
     argc -= optind;
diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1
index eddb7ef..50e5cd8 100644
--- a/crypto/heimdal/kpasswd/kpasswd.1
+++ b/crypto/heimdal/kpasswd/kpasswd.1
@@ -1,4 +1,4 @@
-.\" $Id: kpasswd.1,v 1.2 2000/06/27 00:51:06 assar Exp $
+.\" $Id: kpasswd.1,v 1.3 2001/05/02 08:59:22 assar Exp $
 .\"
 .Dd Aug 27, 1997
 .Dt KPASSWD 1
diff --git a/crypto/heimdal/kpasswd/kpasswd.cat1 b/crypto/heimdal/kpasswd/kpasswd.cat1
new file mode 100644
index 0000000..874fb22
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswd.cat1
@@ -0,0 +1,20 @@
+
+KPASSWD(1)                   UNIX Reference Manual                  KPASSWD(1)
+
+NNAAMMEE
+     kkppaasssswwdd - Kerberos 5 password changing program
+
+SSYYNNOOPPSSIISS
+     kkppaasssswwdd [_p_r_i_n_c_i_p_a_l]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkppaasssswwdd is the client for changing passwords.
+
+DDIIAAGGNNOOSSTTIICCSS
+     If the password quality check fails or some other error occurs, an expla-
+     nation is printed.
+
+SSEEEE AALLSSOO
+     kpasswdd(8)
+
+ HEIMDAL                         Aug 27, 1997                                1
diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h
index 61f2284..c2ba5ed1 100644
--- a/crypto/heimdal/kpasswd/kpasswd_locl.h
+++ b/crypto/heimdal/kpasswd/kpasswd_locl.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: kpasswd_locl.h,v 1.9 2000/08/04 11:22:51 joda Exp $ */
+/* $Id: kpasswd_locl.h,v 1.10 2001/02/15 04:20:54 assar Exp $ */
 
 #ifndef __KPASSWD_LOCL_H__
 #define __KPASSWD_LOCL_H__
@@ -95,7 +95,11 @@
 #include <err.h>
 #include <roken.h>
 #include <getarg.h>
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#else
 #include <des.h>
+#endif
 #include <krb5.h>
 
 #endif /* __KPASSWD_LOCL_H__ */
diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8
index 21e918b..5cf4b24 100644
--- a/crypto/heimdal/kpasswd/kpasswdd.8
+++ b/crypto/heimdal/kpasswd/kpasswdd.8
@@ -1,4 +1,4 @@
-.\" $Id: kpasswdd.8,v 1.3 2001/01/11 21:36:43 assar Exp $
+.\" $Id: kpasswdd.8,v 1.5 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd April 19, 1999
 .Dt KPASSWDD 8
@@ -11,14 +11,17 @@
 .Op Fl -check-library= Ns Ar library
 .Op Fl -check-function= Ns Ar function
 .Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec Oc
+.Fl -keytab= Ns Ar kspec
 .Xc
+.Oc
 .Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm Oc
+.Fl -realm= Ns Ar realm
 .Xc
+.Oc
 .Oo Fl p Ar string \*(Ba Xo
-.Fl -port= Ns Ar string Oc
+.Fl -port= Ns Ar string
 .Xc
+.Oc
 .Op Fl -version
 .Op Fl -help
 .Sh DESCRIPTION
diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c
index 4c6f197..4ddb078 100644
--- a/crypto/heimdal/kpasswd/kpasswdd.c
+++ b/crypto/heimdal/kpasswd/kpasswdd.c
@@ -32,7 +32,7 @@
  */
 
 #include "kpasswd_locl.h"
-RCSID("$Id: kpasswdd.c,v 1.49 2001/01/11 21:33:53 assar Exp $");
+RCSID("$Id: kpasswdd.c,v 1.51 2001/05/14 06:18:56 assar Exp $");
 
 #include <kadm5/admin.h>
 
@@ -138,7 +138,8 @@ reply_error (krb5_principal server,
 			 &e_data,
 			 NULL,
 			 server,
-			 0,
+			 NULL,
+			 NULL,
 			 &error_data);
     krb5_data_free (&e_data);
     if (ret) {
@@ -366,7 +367,10 @@ process (krb5_principal server,
 	return;
     }
 
-    ret = krb5_sockaddr2address (sa, &other_addr);
+    krb5_auth_con_setflags (context, auth_context,
+			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+    ret = krb5_sockaddr2address (context, sa, &other_addr);
     if (ret) {
 	krb5_warn (context, ret, "krb5_sockaddr2address");
 	goto out;
@@ -443,8 +447,7 @@ doit (krb5_keytab keytab, int port)
     for (i = 0; i < n; ++i) {
 	int sa_size;
 
-	krb5_addr2sockaddr (&addrs.val[i], sa, &sa_size, port);
-
+	krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port);
 	
 	sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
 	if (sockets[i] < 0)
diff --git a/crypto/heimdal/kpasswd/kpasswdd.cat8 b/crypto/heimdal/kpasswd/kpasswdd.cat8
new file mode 100644
index 0000000..b7d2e8d
--- /dev/null
+++ b/crypto/heimdal/kpasswd/kpasswdd.cat8
@@ -0,0 +1,54 @@
+
+KPASSWDD(8)              UNIX System Manager's Manual              KPASSWDD(8)
+
+NNAAMMEE
+     kkppaasssswwdddd - Kerberos 5 password changing server
+
+SSYYNNOOPPSSIISS
+     kkppaasssswwdddd [----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y] [----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n] [--kk _k_s_p_e_c
+     | ----kkeeyyttaabb==_k_s_p_e_c] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--pp _s_t_r_i_n_g | ----ppoorrtt==_s_t_r_i_n_g]
+     [----vveerrssiioonn] [----hheellpp]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkppaasssswwdddd serves request for password changes. It listens on UDP port 464
+     (service kpasswd) and processes requests when they arrive. It changes the
+     database directly and should thus only run on the master KDC.
+
+     Supported options:
+
+     ----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y
+             If your system has support for dynamic loading of shared li-
+             braries, you can use an external function to check password qual-
+             ity. This option specifies which library to load.
+
+     ----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n
+             This is the function to call in the loaded library. The function
+             should look like this:
+
+             _c_o_n_s_t _c_h_a_r _* ppaasssswwdd__cchheecckk(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l
+             _p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_a_s_s_w_o_r_d)
+
+             _c_o_n_t_e_x_t is an initialized context; _p_r_i_n_c_i_p_a_l is the one who tries
+             to change passwords, and _p_a_s_s_w_o_r_d is the new password. Note that
+             the password (in _p_a_s_s_w_o_r_d_-_>_d_a_t_a) is not zero terminated.
+
+     --kk _k_s_p_e_c, ----kkeeyyttaabb==_k_s_p_e_c
+             keytab to get authentication key from
+
+     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+             default realm
+
+     --pp _s_t_r_i_n_g, ----ppoorrtt==_s_t_r_i_n_g
+             port to listen on (default service kpasswd - 464).
+
+DDIIAAGGNNOOSSTTIICCSS
+     If an error occurs, the error message is returned to the user and/or
+     logged to syslog.
+
+BBUUGGSS
+     The default password quality checks are too basic.
+
+SSEEEE AALLSSOO
+     kdc(8),  kpasswd(1)
+
+ HEIMDAL                        April 19, 1999                               1
diff --git a/crypto/heimdal/kuser/Makefile.in b/crypto/heimdal/kuser/Makefile.in
index 40ab2b6..45dd3d2 100644
--- a/crypto/heimdal/kuser/Makefile.in
+++ b/crypto/heimdal/kuser/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(bin_PROGRAMS)
 
 man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1
@@ -313,7 +316,7 @@ OBJECTS = generate-requests.$(OBJEXT) $(am_kauth_OBJECTS) kdecode_ticket.$(OBJEX
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign kuser/Makefile
 
@@ -483,6 +486,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/kuser/generate-requests.c b/crypto/heimdal/kuser/generate-requests.c
index f7f5dd1..74371a7 100644
--- a/crypto/heimdal/kuser/generate-requests.c
+++ b/crypto/heimdal/kuser/generate-requests.c
@@ -33,7 +33,7 @@
 
 #include "kuser_locl.h"
 
-RCSID("$Id: generate-requests.c,v 1.2 2000/12/31 07:49:27 assar Exp $");
+RCSID("$Id: generate-requests.c,v 1.3 2001/02/20 01:44:51 assar Exp $");
 
 static krb5_error_code
 null_key_proc (krb5_context context,
@@ -134,7 +134,7 @@ main(int argc, char **argv)
     int nreq;
     char *end;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
 	usage(1);
     argc -= optind;
diff --git a/crypto/heimdal/kuser/kdecode_ticket.c b/crypto/heimdal/kuser/kdecode_ticket.c
index 499a3e9..74ca5af 100644
--- a/crypto/heimdal/kuser/kdecode_ticket.c
+++ b/crypto/heimdal/kuser/kdecode_ticket.c
@@ -33,7 +33,7 @@
 
 #include "kuser_locl.h"
 
-RCSID("$Id: kdecode_ticket.c,v 1.4 2000/12/31 07:50:19 assar Exp $");
+RCSID("$Id: kdecode_ticket.c,v 1.5 2001/02/20 01:44:51 assar Exp $");
 
 static char *etype_str;
 static int version_flag;
@@ -103,7 +103,7 @@ main(int argc, char **argv)
     krb5_creds in, *out;
     int optind = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     ret = krb5_init_context (&context);
     if (ret)
diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1
index 6ac96a2..8d8b430 100644
--- a/crypto/heimdal/kuser/kdestroy.1
+++ b/crypto/heimdal/kuser/kdestroy.1
@@ -1,4 +1,4 @@
-.\" $Id: kdestroy.1,v 1.2 1999/05/14 14:05:40 assar Exp $
+.\" $Id: kdestroy.1,v 1.3 2001/05/02 08:59:22 assar Exp $
 .\"
 .Dd August 27, 1997
 .Dt KDESTROY 1
diff --git a/crypto/heimdal/kuser/kdestroy.c b/crypto/heimdal/kuser/kdestroy.c
index 847c50e..a1a5c0d 100644
--- a/crypto/heimdal/kuser/kdestroy.c
+++ b/crypto/heimdal/kuser/kdestroy.c
@@ -32,7 +32,7 @@
  */
 
 #include "kuser_locl.h"
-RCSID("$Id: kdestroy.c,v 1.12 2000/12/31 07:51:09 assar Exp $");
+RCSID("$Id: kdestroy.c,v 1.13 2001/02/20 01:44:51 assar Exp $");
 
 static const char *cache;
 static int help_flag;
@@ -68,7 +68,7 @@ main (int argc, char **argv)
     int optind = 0;
     int exit_val = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
diff --git a/crypto/heimdal/kuser/kdestroy.cat1 b/crypto/heimdal/kuser/kdestroy.cat1
new file mode 100644
index 0000000..0949f96
--- /dev/null
+++ b/crypto/heimdal/kuser/kdestroy.cat1
@@ -0,0 +1,30 @@
+
+KDESTROY(1)                  UNIX Reference Manual                 KDESTROY(1)
+
+NNAAMMEE
+     kkddeessttrrooyy - destroy the current ticket file
+
+SSYYNNOOPPSSIISS
+     kkddeessttrrooyy [--cc _c_a_c_h_e_f_i_l_e] [----ccaacchhee==_c_a_c_h_e_f_i_l_e] [----nnoo--uunnlloogg] [----nnoo--ddeelleettee--vv44]
+     [----vveerrssiioonn] [----hheellpp]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkddeessttrrooyy remove the current set of tickets.
+
+     Supported options:
+
+     --cc _c_a_c_h_e_f_i_l_e
+
+     --ccaacchhee==_c_a_c_h_e_f_i_l_e
+             The cache file to remove.
+
+     ----nnoo--uunnlloogg
+             Do not remove AFS tokens.
+
+     ----nnoo--ddeelleettee--vv44
+             Do not remove v4 tickets.
+
+SSEEEE AALLSSOO
+     kinit(1),  klist(1)
+
+ HEIMDAL                        August 27, 1997                              1
diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1
index 4fcadbb..c7235f3 100644
--- a/crypto/heimdal/kuser/kgetcred.1
+++ b/crypto/heimdal/kuser/kgetcred.1
@@ -1,4 +1,4 @@
-.\" $Id: kgetcred.1,v 1.2 1999/05/13 22:26:35 assar Exp $
+.\" $Id: kgetcred.1,v 1.4 2001/06/08 21:40:40 joda Exp $
 .\"
 .Dd May 14, 1999
 .Dt KGETCRED 1
@@ -9,8 +9,9 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl e Ar enctype \*(Ba Xo
-.Fl -enctype= Ns Ar enctype Oc
+.Fl -enctype= Ns Ar enctype
 .Xc
+.Oc
 .Op Fl -version
 .Op Fl -help
 .Ar service
diff --git a/crypto/heimdal/kuser/kgetcred.c b/crypto/heimdal/kuser/kgetcred.c
index a2b3b27..6707455 100644
--- a/crypto/heimdal/kuser/kgetcred.c
+++ b/crypto/heimdal/kuser/kgetcred.c
@@ -33,7 +33,7 @@
 
 #include "kuser_locl.h"
 
-RCSID("$Id: kgetcred.c,v 1.4 2000/12/31 07:52:59 assar Exp $");
+RCSID("$Id: kgetcred.c,v 1.5 2001/02/20 01:44:51 assar Exp $");
 
 static char *etype_str;
 static int version_flag;
@@ -65,7 +65,7 @@ main(int argc, char **argv)
     krb5_creds in, *out;
     int optind = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     ret = krb5_init_context (&context);
     if (ret)
diff --git a/crypto/heimdal/kuser/kgetcred.cat1 b/crypto/heimdal/kuser/kgetcred.cat1
new file mode 100644
index 0000000..63a6c98
--- /dev/null
+++ b/crypto/heimdal/kuser/kgetcred.cat1
@@ -0,0 +1,27 @@
+
+KGETCRED(1)                  UNIX Reference Manual                 KGETCRED(1)
+
+NNAAMMEE
+     kkggeettccrreedd - get a ticket for a particular service
+
+SSYYNNOOPPSSIISS
+     kkggeettccrreedd [--ee _e_n_c_t_y_p_e | ----eennccttyyppee==_e_n_c_t_y_p_e] [----vveerrssiioonn] [----hheellpp] _s_e_r_v_i_c_e
+
+DDEESSCCRRIIPPTTIIOONN
+     kkggeettccrreedd obtains a ticket for a service.  Usually tickets for services
+     are obtained automatically when needed but sometimes for some odd reason
+     you want to obtain a particular ticket or of a special type.
+
+     Supported options:
+
+     --ee _e_n_c_t_y_p_e, ----eennccttyyppee==_e_n_c_t_y_p_e
+             encryption type to use
+
+     ----vveerrssiioonn
+
+     ----hheellpp
+
+SSEEEE AALLSSOO
+     kinit(1),  klist(1)
+
+ HEIMDAL                         May 14, 1999                                1
diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1
index 8775e7a..8c2fc81 100644
--- a/crypto/heimdal/kuser/kinit.1
+++ b/crypto/heimdal/kuser/kinit.1
@@ -1,4 +1,4 @@
-.\" $Id: kinit.1,v 1.8 2001/01/28 21:44:56 assar Exp $
+.\" $Id: kinit.1,v 1.11 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd May 29, 1998
 .Dt KINIT 1
@@ -12,38 +12,45 @@
 .Op Fl 4 | Fl -524init
 .Op Fl -afslog
 .Oo Fl c Ar cachename \*(Ba Xo
-.Fl -cache= Ns Ar cachename Oc
+.Fl -cache= Ns Ar cachename
 .Xc
+.Oc
 .Op Fl f | Fl -forwardable
 .Oo Fl t Ar keytabname \*(Ba Xo
-.Fl -keytab= Ns Ar keytabname Oc
+.Fl -keytab= Ns Ar keytabname
 .Xc
+.Oc
 .Oo Fl l Ar time \*(Ba Xo
-.Fl -lifetime= Ns Ar time Oc
+.Fl -lifetime= Ns Ar time
 .Xc
+.Oc
 .Op Fl p | Fl -proxiable
 .Op Fl R | Fl -renew
 .Op Fl -renewable
 .Oo Fl r Ar time \*(Ba Xo
-.Fl -renewable-life= Ns Ar time Oc
+.Fl -renewable-life= Ns Ar time
 .Xc
+.Oc
 .Oo Fl S Ar principal \*(Ba Xo
-.Fl -server= Ns Ar principal Oc
+.Fl -server= Ns Ar principal
 .Xc
+.Oc
 .Oo Fl s Ar time \*(Ba Xo
-.Fl -start-time= Ns Ar time Oc
+.Fl -start-time= Ns Ar time
 .Xc
+.Oc
 .Op Fl k | Fl -use-keytab
 .Op Fl v | Fl -validate
 .Oo Fl e Ar enctype \*(Ba Xo
-.Fl -enctypes= Ns Ar enctype Oc
+.Fl -enctypes= Ns Ar enctype
 .Xc
+.Oc
 .Op Fl -fcache-version= Ns Ar integer
 .Op Fl -no-addresses
 .Op Fl -anonymous
 .Op Fl -version
 .Op Fl -help
-.Op Ar principal
+.Op Ar principal Op Ar command
 .Sh DESCRIPTION
 .Nm
 is used to authenticate to the kerberos server as
@@ -184,6 +191,13 @@ options can be set to a default value from the
 .Dv appdefaults
 section in krb5.conf, see
 .Xr krb5_appdefault 3 .
+.Pp
+If  a
+.Ar command
+is given, 
+.Nm kinit
+will setup new credentials caches, and AFS PAG, and then run the given
+command. When it finishes the credentials will be removed.
 .Sh ENVIRONMENT
 .Bl -tag -width Ds
 .It Ev KRB5CCNAME
diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c
index be2857c..560e0e2 100644
--- a/crypto/heimdal/kuser/kinit.c
+++ b/crypto/heimdal/kuser/kinit.c
@@ -32,7 +32,7 @@
  */
 
 #include "kuser_locl.h"
-RCSID("$Id: kinit.c,v 1.69 2001/01/05 16:32:55 joda Exp $");
+RCSID("$Id: kinit.c,v 1.75 2001/05/07 21:08:15 assar Exp $");
 
 #ifdef KRB4
 /* for when the KDC tells us it's a v4 one, we try to talk that */
@@ -248,7 +248,7 @@ usage (int ret)
     arg_printusage (args,
 		    sizeof(args)/sizeof(*args),
 		    NULL,
-		    "[principal]");
+		    "[principal [command]]");
     exit (ret);
 }
 
@@ -290,9 +290,12 @@ renew_validate(krb5_context context,
     flags.i = 0;
     flags.b.renewable         = flags.b.renew = renew;
     flags.b.validate          = validate;
-    flags.b.forwardable       = forwardable_flag;
-    flags.b.proxiable         = proxiable_flag;
-    flags.b.request_anonymous = anonymous_flag;
+    if (forwardable_flag != -1)
+	flags.b.forwardable       = forwardable_flag;
+    if (proxiable_flag != -1)
+	flags.b.proxiable         = proxiable_flag;
+    if (anonymous_flag != -1)
+	flags.b.request_anonymous = anonymous_flag;
     if(life)
 	in.times.endtime = time(NULL) + life;
 
@@ -339,7 +342,7 @@ main (int argc, char **argv)
     krb5_addresses no_addrs;
     char passwd[256];
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
     memset(&cred, 0, sizeof(cred));
     
     ret = krb5_init_context (&context);
@@ -376,9 +379,6 @@ main (int argc, char **argv)
     argc -= optind;
     argv += optind;
 
-    if (argc > 1)
-	usage (1);
-
     if (argv[0]) {
 	ret = krb5_parse_name (context, argv[0], &principal);
 	if (ret)
@@ -394,8 +394,26 @@ main (int argc, char **argv)
 
     if(cred_cache) 
 	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-    else
-	ret = krb5_cc_default (context, &ccache);
+    else {
+	if(argc > 1) {
+	    char s[1024];
+	    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache);
+	    if(ret)
+		krb5_err(context, 1, ret, "creating cred cache");
+	    snprintf(s, sizeof(s), "%s:%s",
+		     krb5_cc_get_type(context, ccache),
+		     krb5_cc_get_name(context, ccache));
+	    setenv("KRB5CCNAME", s, 1);
+#ifdef KRB4
+	    snprintf(s, sizeof(s), "%s_XXXXXX", TKT_ROOT);
+	    close(mkstemp(s));
+	    setenv("KRBTKFILE", s, 1);
+	    if (k_hasafs ())
+		k_setpag();
+#endif
+	} else
+	    ret = krb5_cc_default (context, &ccache);
+    }
     if (ret)
 	krb5_err (context, 1, ret, "resolving credentials cache");
 
@@ -437,7 +455,7 @@ main (int argc, char **argv)
 	    errx (1, "unparsable time: %s", renew_life);
 
 	krb5_get_init_creds_opt_set_renew_life (&opt, tmp);
-    } else if (renewable_flag)
+    } else if (renewable_flag == 1)
 	krb5_get_init_creds_opt_set_renew_life (&opt, 1 << 30);
 
     if(ticket_life != 0)
@@ -570,9 +588,18 @@ main (int argc, char **argv)
     }
     if(do_afslog && k_hasafs())
 	krb5_afslog(context, ccache, NULL, NULL);
-#endif
     krb5_free_creds_contents (context, &cred);
-    krb5_cc_close (context, ccache);
+#endif
+    if(argc > 1) {
+	simple_execvp(argv[1], argv+1);
+	krb5_cc_destroy(context, ccache);
+#ifdef KRB4
+	dest_tkt();
+	if(k_hasafs())
+	    k_unlog();
+#endif
+    } else 
+	krb5_cc_close (context, ccache);
     krb5_free_context (context);
     return 0;
 }
diff --git a/crypto/heimdal/kuser/kinit.cat1 b/crypto/heimdal/kuser/kinit.cat1
new file mode 100644
index 0000000..3507385
--- /dev/null
+++ b/crypto/heimdal/kuser/kinit.cat1
@@ -0,0 +1,119 @@
+
+KINIT(1)                     UNIX Reference Manual                    KINIT(1)
+
+NNAAMMEE
+     kkiinniitt, kkaauutthh - acquire initial tickets
+
+SSYYNNOOPPSSIISS
+     kkiinniitt [--44 | ----552244iinniitt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e | ----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff
+           | ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e | ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e |
+           ----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee] [--RR | ----rreenneeww] [----rreenneewwaabbllee]
+           [--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS _p_r_i_n_c_i_p_a_l |
+           ----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] [--kk |
+           ----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e | ----eennccttyyppeess==_e_n_c_t_y_p_e]
+           [----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss]
+           [----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if
+     none is given, a system generated default (typically your login name at
+     the default realm), and acquire a ticket granting ticket that can later
+     be used to obtain tickets for other services.
+
+     If you have compiled kinit with Kerberos 4 support and you have a Ker-
+     beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets.
+
+     Supported options:
+
+     --cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e
+             The credentials cache to put the acquired ticket in, if other
+             than default.
+
+     --ff, ----ffoorrwwaarrddaabbllee
+             Get ticket that can be forwarded to another host.
+
+     --tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e
+             Don't ask for a password, but instead get the key from the speci-
+             fied keytab.
+
+     --ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e
+             Specifies the lifetime of the ticket. The argument can either be
+             in seconds, or a more human readable string like `1h'.
+
+     --pp, ----pprrooxxiiaabbllee
+             Request tickets with the proxiable flag set.
+
+     --RR, ----rreenneeww
+             Try to renew ticket. The ticket must have the `renewable' flag
+             set, and must not be expired.
+
+     ----rreenneewwaabbllee
+             The same as ----rreenneewwaabbllee--lliiffee, with an infinite time.
+
+     --rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e
+             The max renewable ticket life.
+
+     --SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l
+             Get a ticket for a service other than krbtgt/LOCAL.REALM.
+
+     --ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e
+             Obtain a ticket that starts to be valid _t_i_m_e (which can really be
+             a generic time specification, like `1h') seconds into the future.
+
+     --kk, ----uussee--kkeeyyttaabb
+             The same as ----kkeeyyttaabb, but with the default keytab name (normally
+
+             _F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b).
+
+     --vv, ----vvaalliiddaattee
+             Try to validate an invalid ticket.
+
+     --ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s
+             Request tickets with this particular enctype.
+
+     ----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n
+             Create a credentials cache of version vveerrssiioonn.
+
+     ----nnoo--aaddddrreesssseess
+             Request a ticket with no addresses.
+
+     ----aannoonnyymmoouuss
+             Request an anonymous ticket (which means that the ticket will be
+             issued to an anonymous principal, typically ``anonymous@REALM).''
+
+     The following options are only available if kkiinniitt has been compiled with
+     support for Kerberos 4. The kkaauutthh program is identical to kkiinniitt, but has
+     these options enabled by default.
+
+     --44, ----552244iinniitt
+             Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
+             patible ticket. It will store this ticket in the default Kerberos
+             4 ticket file.
+
+     ----aaffsslloogg
+             Gets AFS tickets, converts them to version 4 format, and stores
+             them in the kernel. Only useful if you have AFS.
+
+     The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can
+     be set to a default value from the appdefaults section in krb5.conf, see
+     krb5_appdefault(3).
+
+     If  a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS
+     PAG, and then run the given command. When it finishes the credentials
+     will be removed.
+
+EENNVVIIRROONNMMEENNTT
+     KRB5CCNAME
+             Specifies the default cache file.
+
+     KRB5_CONFIG
+             The directory where the _k_r_b_5_._c_o_n_f can be found, default is _/_e_t_c.
+
+     KRBTKFILE
+             Specifies the Kerberos 4 ticket file to store version 4 tickets
+             in.
+
+SSEEEE AALLSSOO
+     kdestroy(1),  klist(1),  krb5.conf(5),  krb5_appdefault(3)
+
+ HEIMDAL                         May 29, 1998                                2
diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1
index 7676508..296e4fa 100644
--- a/crypto/heimdal/kuser/klist.1
+++ b/crypto/heimdal/kuser/klist.1
@@ -1,4 +1,4 @@
-.\" $Id: klist.1,v 1.6 2000/07/08 20:47:58 joda Exp $
+.\" $Id: klist.1,v 1.8 2001/06/08 21:35:32 joda Exp $
 .\"
 .Dd July 8, 2000
 .Dt KLIST 1
@@ -9,8 +9,9 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl c Ar cache \*(Ba Xo
-.Fl -cache= Ns Ar cache Oc
+.Fl -cache= Ns Ar cache
 .Xc
+.Oc
 .Op Fl s | Fl t | Fl -test
 .Op Fl 4 | Fl -v4
 .Op Fl T | Fl -tokens
diff --git a/crypto/heimdal/kuser/klist.c b/crypto/heimdal/kuser/klist.c
index 6bfaeb8..ebeebad 100644
--- a/crypto/heimdal/kuser/klist.c
+++ b/crypto/heimdal/kuser/klist.c
@@ -34,7 +34,7 @@
 #include "kuser_locl.h"
 #include "rtbl.h"
 
-RCSID("$Id: klist.c,v 1.62 2001/01/25 12:37:01 assar Exp $");
+RCSID("$Id: klist.c,v 1.64 2001/05/11 19:55:13 assar Exp $");
 
 static char*
 printable_time(time_t t)
@@ -275,8 +275,8 @@ print_tickets (krb5_context context,
     }
     while (krb5_cc_next_cred (context,
 			      ccache,
-			      &creds,
-			      &cursor) == 0) {
+			      &cursor,
+			      &creds) == 0) {
 	if(do_verbose){
 	    print_cred_verbose(context, &creds);
 	}else{
@@ -629,7 +629,7 @@ main (int argc, char **argv)
     int optind = 0;
     int exit_status = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
 	usage(1);
diff --git a/crypto/heimdal/kuser/klist.cat1 b/crypto/heimdal/kuser/klist.cat1
new file mode 100644
index 0000000..20f2c33
--- /dev/null
+++ b/crypto/heimdal/kuser/klist.cat1
@@ -0,0 +1,89 @@
+
+KLIST(1)                     UNIX Reference Manual                    KLIST(1)
+
+NNAAMMEE
+     kklliisstt - list Kerberos credentials
+
+SSYYNNOOPPSSIISS
+     kklliisstt [--cc _c_a_c_h_e | ----ccaacchhee==_c_a_c_h_e] [--ss | --tt | ----tteesstt] [--44 | ----vv44] [--TT |
+     ----ttookkeennss] [--55 | ----vv55] [--vv | ----vveerrbboossee] [--ff] [----vveerrssiioonn] [----hheellpp]
+
+DDEESSCCRRIIPPTTIIOONN
+     kklliisstt reads and displays the current tickets in the crential cache (also
+     known as the ticket file).
+
+     Options supported:
+
+     --cc _c_a_c_h_e, ----ccaacchhee==_c_a_c_h_e
+             credentials cache to list
+
+     --ss, --tt, ----tteesstt
+             Test for there being an active and valid TGT for the local realm
+             of the user in the credential cache.
+
+     --44, ----vv44
+             display v4 tickets
+
+     --TT, ----ttookkeennss
+             display AFS tokens
+
+     --55, ----vv55
+             display v5 cred cache (this is the default)
+
+     --ff      Include ticket flags in short form, each charcted stands for a
+             specific flag, as follows:
+                   F    forwardable
+                   f    forwarded
+                   P    proxiable
+                   p    proxied
+                   D    postdate-able
+                   d    postdated
+                   R    renewable
+                   I    initial
+                   i    invalid
+                   A    pre-authenticated
+                   H    hardware authenticated
+
+             This information is also output with the ----vveerrbboossee option, but in
+             a more verbose way.
+
+     --vv, ----vveerrbboossee
+             Verbose output. Include all possible information:
+
+                   Server
+                         the princial the ticket is for
+
+                   Ticket etype
+                         the encryption type use in the ticket, followed by
+                         the key version of the ticket, if it is available
+
+                   Session key
+                         the encryption type of the session key, if it's dif-
+                         ferent from the encryption type of the ticket
+
+                   Auth time
+
+                         the time the authentication exchange took place
+
+                   Start time
+                         the time that this tickets is valid from (only print-
+                         ed if it's different from the auth time)
+
+                   End time
+                         when the ticket expires, if it has already expired
+                         this is also noted
+
+                   Renew till
+                         the maximum possible end time of any ticket derived
+                         from this one
+
+                   Ticket flags
+                         the flags set on the ticket
+
+                   Addresses
+                         the set of addresses from which this ticket is valid
+
+SSEEEE AALLSSOO
+     kinit(1),  kdestroy(1)
+
+ HEIMDAL                         July 8, 2000                                2
diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in
index 66dfc0f..52341d5 100644
--- a/crypto/heimdal/lib/45/Makefile.in
+++ b/crypto/heimdal/lib/45/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 lib_LIBRARIES = @EXTRA_LIB45@
@@ -229,7 +232,7 @@ OBJECTS = $(am_lib45_a_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/45/Makefile
 
@@ -327,6 +330,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in
index 22a350f..fec9b2c 100644
--- a/crypto/heimdal/lib/Makefile.in
+++ b/crypto/heimdal/lib/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 @KRB4_TRUE@dir_45 = @KRB4_TRUE@45
@@ -215,7 +218,7 @@ DIST_SUBDIRS =  @DIR_roken@ vers editline com_err sl asn1 @DIR_des@ krb5 \
 kafs hdb kadm5 gssapi auth 45 otp kdfs
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile
 
@@ -256,11 +259,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -306,6 +314,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am
index 8f89441..e4f0149 100644
--- a/crypto/heimdal/lib/asn1/Makefile.am
+++ b/crypto/heimdal/lib/asn1/Makefile.am
@@ -1,11 +1,11 @@
-# $Id: Makefile.am,v 1.59 2001/01/30 01:46:53 assar Exp $
+# $Id: Makefile.am,v 1.63 2001/05/16 23:49:27 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
 YFLAGS = -d
 
 lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 4:0:2
+libasn1_la_LDFLAGS = -version-info 5:0:0
 
 BUILT_SOURCES =			\
 	$(gen_files:.x=.c)	\
@@ -22,6 +22,7 @@ gen_files =					\
 	asn1_AuthorizationData.x		\
 	asn1_CKSUMTYPE.x			\
 	asn1_Checksum.x				\
+	asn1_ENCTYPE.x				\
 	asn1_ETYPE_INFO.x			\
 	asn1_ETYPE_INFO_ENTRY.x			\
 	asn1_EncAPRepPart.x			\
@@ -47,6 +48,7 @@ gen_files =					\
 	asn1_KerberosTime.x			\
 	asn1_KrbCredInfo.x			\
 	asn1_LastReq.x				\
+	asn1_LR_TYPE.x				\
 	asn1_MESSAGE_TYPE.x			\
 	asn1_METHOD_DATA.x			\
 	asn1_NAME_TYPE.x			\
@@ -68,17 +70,27 @@ noinst_PROGRAMS = asn1_compile asn1_print
 check_PROGRAMS = check-der
 TESTS = check-der
 
-asn1_compile_SOURCES = parse.y lex.l main.c hash.c symbol.c gen.c \
-	gen_encode.c gen_decode.c gen_free.c gen_length.c gen_copy.c \
-	gen_glue.c
-
-libasn1_la_SOURCES = \
-	der_get.c \
-	der_put.c \
-	der_free.c \
-	der_length.c \
-	der_copy.c \
-	timegm.c \
+asn1_compile_SOURCES = 				\
+	gen.c					\
+	gen_copy.c				\
+	gen_decode.c				\
+	gen_encode.c				\
+	gen_free.c				\
+	gen_glue.c				\
+	gen_length.c				\
+	hash.c					\
+	lex.l					\
+	main.c					\
+	parse.y					\
+	symbol.c
+
+libasn1_la_SOURCES =				\
+	der_get.c				\
+	der_put.c				\
+	der_free.c				\
+	der_length.c				\
+	der_copy.c				\
+	timegm.c				\
 	$(BUILT_SOURCES)
 
 asn1_compile_LDADD = \
@@ -93,20 +105,20 @@ asn1_print_LDADD = $(check_der_LDADD)
 
 TESTS = check-der
 
-CLEANFILES = lex.c parse.c parse.h asn1.h $(BUILT_SOURCES) \
+CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \
 	$(gen_files) asn1_files
 
-include_HEADERS = asn1.h asn1_err.h der.h
+include_HEADERS = krb5_asn1.h asn1_err.h der.h
 
 $(asn1_compile_OBJECTS): parse.h
 
-$(gen_files) asn1.h: asn1_files
+$(gen_files) krb5_asn1.h: asn1_files
 
 asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
+	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 krb5_asn1
 
-$(libasn1_la_OBJECTS): asn1.h asn1_err.h
+$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h
 
-$(asn1_print_OBJECTS): asn1.h
+$(asn1_print_OBJECTS): krb5_asn1.h
 
 EXTRA_DIST = asn1_err.et
diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in
index 7652c10..5717f31 100644
--- a/crypto/heimdal/lib/asn1/Makefile.in
+++ b/crypto/heimdal/lib/asn1/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.59 2001/01/30 01:46:53 assar Exp $
+# $Id: Makefile.am,v 1.63 2001/05/16 23:49:27 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,12 +186,14 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 YFLAGS = -d
 
 lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 4:0:2
+libasn1_la_LDFLAGS = -version-info 5:0:0
 
 BUILT_SOURCES = \
 	$(gen_files:.x=.c)	\
@@ -208,6 +211,7 @@ gen_files = \
 	asn1_AuthorizationData.x		\
 	asn1_CKSUMTYPE.x			\
 	asn1_Checksum.x				\
+	asn1_ENCTYPE.x				\
 	asn1_ETYPE_INFO.x			\
 	asn1_ETYPE_INFO_ENTRY.x			\
 	asn1_EncAPRepPart.x			\
@@ -233,6 +237,7 @@ gen_files = \
 	asn1_KerberosTime.x			\
 	asn1_KrbCredInfo.x			\
 	asn1_LastReq.x				\
+	asn1_LR_TYPE.x				\
 	asn1_MESSAGE_TYPE.x			\
 	asn1_METHOD_DATA.x			\
 	asn1_NAME_TYPE.x			\
@@ -255,18 +260,28 @@ check_PROGRAMS = check-der
 
 TESTS = check-der
 
-asn1_compile_SOURCES = parse.y lex.l main.c hash.c symbol.c gen.c \
-	gen_encode.c gen_decode.c gen_free.c gen_length.c gen_copy.c \
-	gen_glue.c
+asn1_compile_SOURCES = \
+	gen.c					\
+	gen_copy.c				\
+	gen_decode.c				\
+	gen_encode.c				\
+	gen_free.c				\
+	gen_glue.c				\
+	gen_length.c				\
+	hash.c					\
+	lex.l					\
+	main.c					\
+	parse.y					\
+	symbol.c
 
 
 libasn1_la_SOURCES = \
-	der_get.c \
-	der_put.c \
-	der_free.c \
-	der_length.c \
-	der_copy.c \
-	timegm.c \
+	der_get.c				\
+	der_put.c				\
+	der_free.c				\
+	der_length.c				\
+	der_copy.c				\
+	timegm.c				\
 	$(BUILT_SOURCES)
 
 
@@ -282,11 +297,11 @@ check_der_LDADD = \
 
 asn1_print_LDADD = $(check_der_LDADD)
 
-CLEANFILES = lex.c parse.c parse.h asn1.h $(BUILT_SOURCES) \
+CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \
 	$(gen_files) asn1_files
 
 
-include_HEADERS = asn1.h asn1_err.h der.h
+include_HEADERS = krb5_asn1.h asn1_err.h der.h
 
 EXTRA_DIST = asn1_err.et
 subdir = lib/asn1
@@ -308,28 +323,29 @@ am_libasn1_la_OBJECTS =  der_get.lo der_put.lo der_free.lo der_length.lo \
 der_copy.lo timegm.lo asn1_APOptions.lo asn1_AP_REP.lo asn1_AP_REQ.lo \
 asn1_AS_REP.lo asn1_AS_REQ.lo asn1_Authenticator.lo \
 asn1_AuthorizationData.lo asn1_CKSUMTYPE.lo asn1_Checksum.lo \
-asn1_ETYPE_INFO.lo asn1_ETYPE_INFO_ENTRY.lo asn1_EncAPRepPart.lo \
-asn1_EncASRepPart.lo asn1_EncKDCRepPart.lo asn1_EncKrbCredPart.lo \
-asn1_EncKrbPrivPart.lo asn1_EncTGSRepPart.lo asn1_EncTicketPart.lo \
-asn1_EncryptedData.lo asn1_EncryptionKey.lo asn1_HostAddress.lo \
-asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \
-asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo asn1_KRB_ERROR.lo \
-asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo asn1_KRB_SAFE_BODY.lo \
-asn1_KerberosTime.lo asn1_KrbCredInfo.lo asn1_LastReq.lo \
-asn1_MESSAGE_TYPE.lo asn1_METHOD_DATA.lo asn1_NAME_TYPE.lo \
-asn1_PADATA_TYPE.lo asn1_PA_DATA.lo asn1_PA_ENC_TS_ENC.lo \
-asn1_Principal.lo asn1_PrincipalName.lo asn1_Realm.lo asn1_TGS_REP.lo \
-asn1_TGS_REQ.lo asn1_Ticket.lo asn1_TicketFlags.lo \
-asn1_TransitedEncoding.lo asn1_UNSIGNED.lo asn1_err.lo
+asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO_ENTRY.lo \
+asn1_EncAPRepPart.lo asn1_EncASRepPart.lo asn1_EncKDCRepPart.lo \
+asn1_EncKrbCredPart.lo asn1_EncKrbPrivPart.lo asn1_EncTGSRepPart.lo \
+asn1_EncTicketPart.lo asn1_EncryptedData.lo asn1_EncryptionKey.lo \
+asn1_HostAddress.lo asn1_HostAddresses.lo asn1_KDCOptions.lo \
+asn1_KDC_REP.lo asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \
+asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \
+asn1_KRB_SAFE_BODY.lo asn1_KerberosTime.lo asn1_KrbCredInfo.lo \
+asn1_LastReq.lo asn1_LR_TYPE.lo asn1_MESSAGE_TYPE.lo \
+asn1_METHOD_DATA.lo asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo \
+asn1_PA_DATA.lo asn1_PA_ENC_TS_ENC.lo asn1_Principal.lo \
+asn1_PrincipalName.lo asn1_Realm.lo asn1_TGS_REP.lo asn1_TGS_REQ.lo \
+asn1_Ticket.lo asn1_TicketFlags.lo asn1_TransitedEncoding.lo \
+asn1_UNSIGNED.lo asn1_err.lo
 libasn1_la_OBJECTS =  $(am_libasn1_la_OBJECTS)
 check_PROGRAMS =  check-der$(EXEEXT)
 noinst_PROGRAMS =  asn1_compile$(EXEEXT) asn1_print$(EXEEXT)
 PROGRAMS =  $(noinst_PROGRAMS)
 
-am_asn1_compile_OBJECTS =  parse.$(OBJEXT) lex.$(OBJEXT) main.$(OBJEXT) \
-hash.$(OBJEXT) symbol.$(OBJEXT) gen.$(OBJEXT) gen_encode.$(OBJEXT) \
-gen_decode.$(OBJEXT) gen_free.$(OBJEXT) gen_length.$(OBJEXT) \
-gen_copy.$(OBJEXT) gen_glue.$(OBJEXT)
+am_asn1_compile_OBJECTS =  gen.$(OBJEXT) gen_copy.$(OBJEXT) \
+gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \
+gen_glue.$(OBJEXT) gen_length.$(OBJEXT) hash.$(OBJEXT) lex.$(OBJEXT) \
+main.$(OBJEXT) parse.$(OBJEXT) symbol.$(OBJEXT)
 asn1_compile_OBJECTS =  $(am_asn1_compile_OBJECTS)
 asn1_compile_DEPENDENCIES = 
 asn1_compile_LDFLAGS = 
@@ -364,7 +380,7 @@ OBJECTS = $(am_libasn1_la_OBJECTS) $(am_asn1_compile_OBJECTS) asn1_print.$(OBJEX
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .l .lo .o .obj .x .y
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .l .lo .o .obj .y
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/asn1/Makefile
 
@@ -510,6 +526,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -598,6 +619,9 @@ check-am: all-am
 check: check-am
 installcheck-am:
 installcheck: installcheck-am
+all-recursive-am: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
 install-exec-am: install-libLTLIBRARIES
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
@@ -674,12 +698,12 @@ distclean-noinstPROGRAMS clean-noinstPROGRAMS \
 maintainer-clean-noinstPROGRAMS uninstall-includeHEADERS \
 install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \
 maintainer-clean-tags check-TESTS distdir info-am info dvi-am dvi \
-check-local check check-am installcheck-am installcheck install-exec-am \
-install-exec install-data-local install-data-am install-data install-am \
-install uninstall-am uninstall all-local all-redirect all-am all \
-install-strip installdirs mostlyclean-generic distclean-generic \
-clean-generic maintainer-clean-generic clean mostlyclean distclean \
-maintainer-clean
+check-local check check-am installcheck-am installcheck \
+all-recursive-am install-exec-am install-exec install-data-local \
+install-data-am install-data install-am install uninstall-am uninstall \
+all-local all-redirect all-am all install-strip installdirs \
+mostlyclean-generic distclean-generic clean-generic \
+maintainer-clean-generic clean mostlyclean distclean maintainer-clean
 
 
 install-suid-programs:
@@ -812,14 +836,14 @@ check-local::
 
 $(asn1_compile_OBJECTS): parse.h
 
-$(gen_files) asn1.h: asn1_files
+$(gen_files) krb5_asn1.h: asn1_files
 
 asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
+	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 krb5_asn1
 
-$(libasn1_la_OBJECTS): asn1.h asn1_err.h
+$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h
 
-$(asn1_print_OBJECTS): asn1.h
+$(asn1_print_OBJECTS): krb5_asn1.h
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/crypto/heimdal/lib/asn1/asn1_print.c b/crypto/heimdal/lib/asn1/asn1_print.c
index e66ac22..587d7e0 100644
--- a/crypto/heimdal/lib/asn1/asn1_print.c
+++ b/crypto/heimdal/lib/asn1/asn1_print.c
@@ -37,7 +37,7 @@
 #include <getarg.h>
 #include <err.h>
 
-RCSID("$Id: asn1_print.c,v 1.6 2000/12/29 03:34:16 assar Exp $");
+RCSID("$Id: asn1_print.c,v 1.7 2001/02/20 01:44:52 assar Exp $");
 
 static struct et_list *et_list;
 
@@ -224,7 +224,7 @@ main(int argc, char **argv)
 {
     int optind = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
     initialize_asn1_error_table_r (&et_list);
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
diff --git a/crypto/heimdal/lib/asn1/gen_decode.c b/crypto/heimdal/lib/asn1/gen_decode.c
index bed19a9..9303698 100644
--- a/crypto/heimdal/lib/asn1/gen_decode.c
+++ b/crypto/heimdal/lib/asn1/gen_decode.c
@@ -33,7 +33,7 @@
 
 #include "gen_locl.h"
 
-RCSID("$Id: gen_decode.c,v 1.15 2001/01/29 08:36:45 assar Exp $");
+RCSID("$Id: gen_decode.c,v 1.16 2001/02/10 18:14:38 assar Exp $");
 
 static void
 decode_primitive (const char *typename, const char *name)
@@ -281,7 +281,7 @@ generate_type_decode (const Symbol *s)
 	   s->gen_name, s->gen_name);
 
   fprintf (codefile, "#define FORW "
-	   "if(e) return e; "
+	   "if(e) goto fail; "
 	   "p += l; "
 	   "len -= l; "
 	   "ret += l\n\n");
@@ -308,13 +308,19 @@ generate_type_decode (const Symbol *s)
 	     "size_t ret = 0, reallen;\n"
 	     "size_t l;\n"
 	     "int i, e;\n\n");
-    fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
-    fprintf(codefile, "reallen = 0;\n"); /* hack to avoid `unused variable' */
+    fprintf (codefile, "memset(data, 0, sizeof(*data));\n");
+    fprintf (codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
+    fprintf (codefile, "reallen = 0;\n"); /* hack to avoid `unused variable' */
 
     decode_type ("data", s->type);
     fprintf (codefile, 
 	     "if(size) *size = ret;\n"
 	     "return 0;\n");
+    fprintf (codefile,
+	     "fail:\n"
+	     "free_%s(data);\n"
+	     "return e;\n",
+	     s->gen_name);
     break;
   default:
     abort ();
diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1
index c5382f3..1fa8b7b 100644
--- a/crypto/heimdal/lib/asn1/k5.asn1
+++ b/crypto/heimdal/lib/asn1/k5.asn1
@@ -1,4 +1,4 @@
--- $Id: k5.asn1,v 1.23 2000/12/11 06:30:35 assar Exp $
+-- $Id: k5.asn1,v 1.25 2001/05/14 06:12:13 assar Exp $
 
 KERBEROS5 DEFINITIONS ::=
 BEGIN
@@ -77,6 +77,29 @@ CKSUMTYPE ::= INTEGER {
 	CKSUMTYPE_HMAC_MD5_ENC(-1138)	-- even more unofficial
 }
 
+--enctypes
+ENCTYPE ::= INTEGER {
+	ETYPE_NULL(0),
+	ETYPE_DES_CBC_CRC(1),
+	ETYPE_DES_CBC_MD4(2),
+	ETYPE_DES_CBC_MD5(3),
+	ETYPE_DES3_CBC_MD5(5),
+	ETYPE_OLD_DES3_CBC_SHA1(7),
+	ETYPE_SIGN_DSA_GENERATE(8),
+	ETYPE_ENCRYPT_RSA_PRIV(9),
+	ETYPE_ENCRYPT_RSA_PUB(10),
+	ETYPE_DES3_CBC_SHA1(16),	-- with key derivation
+	ETYPE_ARCFOUR_HMAC_MD5(23),
+	ETYPE_ARCFOUR_HMAC_MD5_56(24),
+	ETYPE_ENCTYPE_PK_CROSS(48),
+-- these are for Heimdal internal use
+	ETYPE_DES_CBC_NONE(-0x1000),
+	ETYPE_DES3_CBC_NONE(-0x1001),
+	ETYPE_DES_CFB64_NONE(-0x1002),
+	ETYPE_DES_PCBC_NONE(-0x1003),
+	ETYPE_DES3_CBC_NONE_IVEC(-0x1004)
+}
+
 -- this is sugar to make something ASN1 does not have: unsigned
 
 UNSIGNED ::= INTEGER (0..4294967295)
@@ -162,14 +185,25 @@ KDCOptions ::= BIT STRING {
 	validate(31)
 }
 
+LR-TYPE ::= INTEGER {
+	LR_NONE(0),		-- no information
+	LR_INITIAL_TGT(1),	-- last initial TGT request
+	LR_INITIAL(2),		-- last initial request
+	LR_ISSUE_USE_TGT(3),	-- time of newest TGT used
+	LR_RENEWAL(4),		-- time of last renewal
+	LR_REQUEST(5),		-- time of last request (of any type)
+	LR_PW_EXPTIME(6),	-- expiration time of password
+	LR_ACCT_EXPTIME(7)	-- expiration time of account
+}
 
 LastReq ::= SEQUENCE OF SEQUENCE {
-	lr-type[0]		INTEGER,
+	lr-type[0]		LR-TYPE,
 	lr-value[1]		KerberosTime
 }
 
+
 EncryptedData ::= SEQUENCE {
-	etype[0] 		INTEGER, -- EncryptionType
+	etype[0] 		ENCTYPE, -- EncryptionType
 	kvno[1]			INTEGER OPTIONAL,
 	cipher[2]		OCTET STRING -- ciphertext
 }
@@ -230,7 +264,7 @@ PA-DATA ::= SEQUENCE {
 }
 
 ETYPE-INFO-ENTRY ::= SEQUENCE {
-	etype[0]		INTEGER,
+	etype[0]		ENCTYPE,
 	salt[1]			OCTET STRING OPTIONAL,
 	salttype[2]		INTEGER OPTIONAL
 }
@@ -249,7 +283,7 @@ KDC-REQ-BODY ::= SEQUENCE {
 	till[5]			KerberosTime OPTIONAL,
 	rtime[6]		KerberosTime OPTIONAL,
 	nonce[7]		INTEGER,
-	etype[8]		SEQUENCE OF INTEGER, -- EncryptionType,
+	etype[8]		SEQUENCE OF ENCTYPE, -- EncryptionType,
 					-- in preference order
 	addresses[9]		HostAddresses OPTIONAL,
 	enc-authorization-data[10] EncryptedData OPTIONAL,
diff --git a/crypto/heimdal/lib/asn1/lex.l b/crypto/heimdal/lib/asn1/lex.l
index ffb6fd5..21665fb 100644
--- a/crypto/heimdal/lib/asn1/lex.l
+++ b/crypto/heimdal/lib/asn1/lex.l
@@ -1,6 +1,6 @@
 %{
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: lex.l,v 1.15 2000/07/02 04:08:02 assar Exp $ */
+/* $Id: lex.l,v 1.16 2001/04/18 13:08:47 joda Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -80,7 +80,10 @@ EXTERNAL		{ return EXTERNAL; }
 "]"			{ return *yytext; }
 ::=			{ return EEQUAL; }
 --[^\n]*\n		{ ++lineno; }
--?[0-9]+		{ yylval.constant = atoi(yytext); return CONSTANT; }
+-?(0x)?[0-9]+		{ char *e; yylval.constant = strtol(yytext, &e, 0); 
+			  if(e == yytext) 
+			    error_message("malformed constant (%s)", yytext); 
+			  else return CONSTANT; }
 [A-Za-z][-A-Za-z0-9_]*	{ yylval.name =  strdup (yytext); return IDENTIFIER; }
 [ \t]			;
 \n			{ ++lineno; }
diff --git a/crypto/heimdal/lib/asn1/libasn1.h b/crypto/heimdal/lib/asn1/libasn1.h
index 90eda60..8a4994a 100644
--- a/crypto/heimdal/lib/asn1/libasn1.h
+++ b/crypto/heimdal/lib/asn1/libasn1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: libasn1.h,v 1.7 1999/12/02 17:05:02 joda Exp $ */
+/* $Id: libasn1.h,v 1.9 2001/04/18 13:10:24 joda Exp $ */
 
 #ifndef __LIBASN1_H__
 #define __LIBASN1_H__
@@ -41,8 +41,9 @@
 #endif
 
 #include <stdlib.h>
+#include <string.h>
 #include <errno.h>
-#include "asn1.h"
+#include "krb5_asn1.h"
 #include "der.h"
 #include "asn1_err.h"
 #include <parse_units.h>
diff --git a/crypto/heimdal/lib/asn1/main.c b/crypto/heimdal/lib/asn1/main.c
index 538af5a..8b1b409 100644
--- a/crypto/heimdal/lib/asn1/main.c
+++ b/crypto/heimdal/lib/asn1/main.c
@@ -34,7 +34,7 @@
 #include "gen_locl.h"
 #include <getarg.h>
 
-RCSID("$Id: main.c,v 1.10 1999/12/02 17:05:02 joda Exp $");
+RCSID("$Id: main.c,v 1.11 2001/02/20 01:44:52 assar Exp $");
 
 extern FILE *yyin;
 
@@ -61,7 +61,7 @@ main(int argc, char **argv)
     char *name = NULL;
     int optind = 0;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
     if(help_flag)
diff --git a/crypto/heimdal/lib/asn1/parse.y b/crypto/heimdal/lib/asn1/parse.y
index 4b8e590..81b5cb1 100644
--- a/crypto/heimdal/lib/asn1/parse.y
+++ b/crypto/heimdal/lib/asn1/parse.y
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: parse.y,v 1.16 2000/07/08 11:35:47 assar Exp $ */
+/* $Id: parse.y,v 1.17 2001/03/26 04:09:55 assar Exp $ */
 
 %{
 #ifdef HAVE_CONFIG_H
@@ -44,7 +44,7 @@
 #include "lex.h"
 #include "gen_locl.h"
 
-RCSID("$Id: parse.y,v 1.16 2000/07/08 11:35:47 assar Exp $");
+RCSID("$Id: parse.y,v 1.17 2001/03/26 04:09:55 assar Exp $");
 
 static Type *new_type (Typetype t);
 void yyerror (char *);
@@ -232,7 +232,8 @@ new_type (Typetype tt)
 {
   Type *t = malloc(sizeof(*t));
   if (t == NULL) {
-      error_message ("out of memory in malloc(%u)", sizeof(*t));
+      error_message ("out of memory in malloc(%lu)", 
+		     (unsigned long)sizeof(*t));
       exit (1);
   }
   t->type = tt;
diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog
index 79d39e9..fcd790f 100644
--- a/crypto/heimdal/lib/auth/ChangeLog
+++ b/crypto/heimdal/lib/auth/ChangeLog
@@ -1,3 +1,12 @@
+2001-03-06  Assar Westerlund  <assar@sics.se>
+
+	* sia/Makefile.am: make sure of using -rpath and not -R when
+	calling ld
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* pam/pam.c (psyslog): do not log to console
+
 2001-01-29  Assar Westerlund  <assar@sics.se>
 
 	* sia/Makefile.am (libsia_krb5.so): actually run ld in the case
diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in
index 95673ac..95b2a6b 100644
--- a/crypto/heimdal/lib/auth/Makefile.in
+++ b/crypto/heimdal/lib/auth/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 SUBDIRS = @LIB_AUTH_SUBDIRS@
@@ -208,7 +211,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/auth/Makefile
 
@@ -249,11 +252,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
 maintainer-clean-recursive:
 	@set fnord $(MAKEFLAGS); amf=$$2; \
 	dot_seen=no; \
-	rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
-	  rev="$$subdir $$rev"; \
-	  if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
 	done; \
-	test "$$dot_seen" = "no" && rev=". $$rev"; \
+	rev="$$rev ."; \
 	target=`echo $@ | sed s/-recursive//`; \
 	for subdir in $$rev; do \
 	  echo "Making $$target in $$subdir"; \
@@ -299,6 +307,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
index 7ba1c6e..8946cdf 100644
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
+++ b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 DEFS = @DEFS@
@@ -234,7 +237,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .o .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .o
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/auth/afskauthlib/Makefile
 
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in
index 87759de..54ca6e6 100644
--- a/crypto/heimdal/lib/auth/pam/Makefile.in
+++ b/crypto/heimdal/lib/auth/pam/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 subdir = lib/auth/pam
 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
@@ -205,7 +208,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/auth/pam/Makefile
 
diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c
index c207756..eeb2d25 100644
--- a/crypto/heimdal/lib/auth/pam/pam.c
+++ b/crypto/heimdal/lib/auth/pam/pam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include<config.h>
-RCSID("$Id: pam.c,v 1.26 2000/10/04 20:22:15 bg Exp $");
+RCSID("$Id: pam.c,v 1.27 2001/02/15 04:30:05 assar Exp $");
 #endif
 
 #include <stdio.h>
@@ -64,7 +64,7 @@ psyslog(int level, const char *format, ...)
 {
   va_list args;
   va_start(args, format);
-  openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
+  openlog("pam_krb4", LOG_PID, LOG_AUTH);
   vsyslog(level, format, args);
   va_end(args);
   closelog();
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am
index 276da15..ae52155 100644
--- a/crypto/heimdal/lib/auth/sia/Makefile.am
+++ b/crypto/heimdal/lib/auth/sia/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.8 2001/01/29 22:38:36 assar Exp $
+# $Id: Makefile.am,v 1.9 2001/03/06 16:57:09 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -81,10 +81,10 @@ OBJS = sia.o posix_getpw.o
 libsia_krb5.so: $(OBJS)
 	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
 		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L) | sed 's,-R,-rpath,g'`; \
 	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
+		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`"; \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`; \
 	else \
 		echo "missing libraries"; exit 1; \
 	fi
@@ -92,11 +92,11 @@ libsia_krb5.so: $(OBJS)
 
 libsia_krb4.so: $(OBJS)
 	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
+		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L) | sed 's,-R,-rpath,g'`"; \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L) | sed 's,-R,-rpath,g'`; \
 	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
+		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`"; \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`; \
 	else \
 		echo "missing libraries"; exit 1; \
 	fi
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in
index a93d31f..15bfc0a 100644
--- a/crypto/heimdal/lib/auth/sia/Makefile.in
+++ b/crypto/heimdal/lib/auth/sia/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -112,13 +113,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.8 2001/01/29 22:38:36 assar Exp $
+# $Id: Makefile.am,v 1.9 2001/03/06 16:57:09 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -184,6 +185,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
@@ -269,7 +272,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .o .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .o
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/auth/sia/Makefile
 
@@ -514,10 +517,10 @@ check-local::
 libsia_krb5.so: $(OBJS)
 	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
 		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L) | sed 's,-R,-rpath,g'`; \
 	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
+		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`"; \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`; \
 	else \
 		echo "missing libraries"; exit 1; \
 	fi
@@ -525,11 +528,11 @@ libsia_krb5.so: $(OBJS)
 
 libsia_krb4.so: $(OBJS)
 	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
+		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L) | sed 's,-R,-rpath,g'`"; \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L) | sed 's,-R,-rpath,g'`; \
 	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
+		echo "ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`"; \
+		ld -shared -o $@ $(LDFLAGS) $(OBJS) `echo $(L_shared) | sed 's,-R,-rpath,g'`; \
 	else \
 		echo "missing libraries"; exit 1; \
 	fi
diff --git a/crypto/heimdal/lib/auth/sia/sia.c b/crypto/heimdal/lib/auth/sia/sia.c
index 0894591..6092a88 100644
--- a/crypto/heimdal/lib/auth/sia/sia.c
+++ b/crypto/heimdal/lib/auth/sia/sia.c
@@ -33,7 +33,7 @@
 
 #include "sia_locl.h"
 
-RCSID("$Id: sia.c,v 1.34 2000/12/31 07:57:46 assar Exp $");
+RCSID("$Id: sia.c,v 1.35 2001/02/20 01:44:53 assar Exp $");
 
 int 
 siad_init(void)
@@ -493,7 +493,7 @@ siad_chg_password (sia_collect_func_t *collect,
     char new_pw2[MAX_KPW_LEN+1];
     static struct et_list *et_list;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     SIA_DEBUG(("DEBUG", "siad_chg_password"));
     if(collect == NULL)
diff --git a/crypto/heimdal/lib/com_err/ChangeLog b/crypto/heimdal/lib/com_err/ChangeLog
index 1ca005b..8291e78 100644
--- a/crypto/heimdal/lib/com_err/ChangeLog
+++ b/crypto/heimdal/lib/com_err/ChangeLog
@@ -1,3 +1,25 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: bump version to 2:0:1
+
+2001-05-11  Assar Westerlund  <assar@sics.se>
+
+	* com_err.h (add_to_error_table): add prototype
+	* com_err.c (add_to_error_table): new function, from Derrick J
+	Brashear <shadow@dementia.org>
+
+2001-05-06  Assar Westerlund  <assar@sics.se>
+
+	* com_err.h: add printf formats for gcc
+
+2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
+
+	* error.c (initialize_error_table_r): put table at end of the list
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* com_err.c (default_proc): add printf attributes
+
 2000-08-16  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am: bump version to 1:1:0
diff --git a/crypto/heimdal/lib/com_err/Makefile.am b/crypto/heimdal/lib/com_err/Makefile.am
index 8e18108..15fae4e 100644
--- a/crypto/heimdal/lib/com_err/Makefile.am
+++ b/crypto/heimdal/lib/com_err/Makefile.am
@@ -1,11 +1,11 @@
-# $Id: Makefile.am,v 1.24 2000/08/16 11:24:54 assar Exp $
+# $Id: Makefile.am,v 1.25 2001/05/17 00:01:26 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
 YFLAGS = -d
 
 lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 1:1:0
+libcom_err_la_LDFLAGS = -version-info 2:0:1
 
 bin_PROGRAMS = compile_et
 
diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in
index 986e078..88f9ee7 100644
--- a/crypto/heimdal/lib/com_err/Makefile.in
+++ b/crypto/heimdal/lib/com_err/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.24 2000/08/16 11:24:54 assar Exp $
+# $Id: Makefile.am,v 1.25 2001/05/17 00:01:26 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,12 +186,14 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 YFLAGS = -d
 
 lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 1:1:0
+libcom_err_la_LDFLAGS = -version-info 2:0:1
 
 bin_PROGRAMS = compile_et
 
@@ -253,7 +256,7 @@ OBJECTS = $(am_libcom_err_la_OBJECTS) $(am_compile_et_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .l .lo .o .obj .x .y
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .l .lo .o .obj .y
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/com_err/Makefile
 
@@ -401,6 +404,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -434,6 +442,8 @@ check-am: all-am
 check: check-am
 installcheck-am:
 installcheck: installcheck-am
+install-binPROGRAMS: install-libLTLIBRARIES
+
 install-exec-am: install-libLTLIBRARIES install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
diff --git a/crypto/heimdal/lib/com_err/com_err.c b/crypto/heimdal/lib/com_err/com_err.c
index 25c679e..7975739 100644
--- a/crypto/heimdal/lib/com_err/com_err.c
+++ b/crypto/heimdal/lib/com_err/com_err.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: com_err.c,v 1.15 2000/04/04 22:04:55 assar Exp $");
+RCSID("$Id: com_err.c,v 1.17 2001/05/11 20:02:34 assar Exp $");
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -68,6 +68,10 @@ init_error_table(const char **msgs, long base, int count)
 
 static void
 default_proc (const char *whoami, long code, const char *fmt, va_list args)
+    __attribute__((__format__(__printf__, 3, 0)));
+ 
+static void
+default_proc (const char *whoami, long code, const char *fmt, va_list args)
 {
     if (whoami)
       fprintf(stderr, "%s: ", whoami);
@@ -149,3 +153,17 @@ error_table_name(int num)
     *p = '\0';
     return(buf);
 }
+
+void
+add_to_error_table(struct et_list *new_table)
+{
+    struct et_list *et;
+
+    for (et = _et_list; et; et = et->next) {
+	if (et->table->base == new_table->table->base)
+	    return;
+    }
+
+    new_table->next = _et_list;
+    _et_list = new_table;
+}
diff --git a/crypto/heimdal/lib/com_err/com_err.h b/crypto/heimdal/lib/com_err/com_err.h
index 9703336..a76214b 100644
--- a/crypto/heimdal/lib/com_err/com_err.h
+++ b/crypto/heimdal/lib/com_err/com_err.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: com_err.h,v 1.6 2000/01/16 04:51:16 assar Exp $ */
+/* $Id: com_err.h,v 1.9 2001/05/11 20:03:36 assar Exp $ */
 
 /* MIT compatible com_err library */
 
@@ -40,17 +40,26 @@
 
 #include <com_right.h>
 
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(X)
+#endif
+
 typedef void (*errf) __P((const char *, long, const char *, va_list));
 
 const char * error_message __P((long));
 int init_error_table __P((const char**, long, int));
 
-void com_err_va __P((const char *, long, const char *, va_list));
-void com_err __P((const char *, long, const char *, ...));
+void com_err_va __P((const char *, long, const char *, va_list))
+    __attribute__((format(printf, 3, 0)));
+
+void com_err __P((const char *, long, const char *, ...))
+    __attribute__((format(printf, 3, 4)));
 
 errf set_com_err_hook __P((errf));
 errf reset_com_err_hook __P((void));
 
 const char *error_table_name  __P((int num));
 
+void add_to_error_table __P((struct et_list *new_table));
+
 #endif /* __COM_ERR_H__ */
diff --git a/crypto/heimdal/lib/com_err/compile_et.c b/crypto/heimdal/lib/com_err/compile_et.c
index f982dcd..ab7fc2e 100644
--- a/crypto/heimdal/lib/com_err/compile_et.c
+++ b/crypto/heimdal/lib/com_err/compile_et.c
@@ -35,7 +35,7 @@
 #include "compile_et.h"
 #include <getarg.h>
 
-RCSID("$Id: compile_et.c,v 1.13 1999/12/02 16:58:38 joda Exp $");
+RCSID("$Id: compile_et.c,v 1.14 2001/02/20 01:44:53 assar Exp $");
 
 #include <roken.h>
 #include <err.h>
@@ -196,7 +196,7 @@ main(int argc, char **argv)
     char *p;
     int optind = 0;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
     if(help_flag)
diff --git a/crypto/heimdal/lib/com_err/error.c b/crypto/heimdal/lib/com_err/error.c
index d122007..b22f25b 100644
--- a/crypto/heimdal/lib/com_err/error.c
+++ b/crypto/heimdal/lib/com_err/error.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: error.c,v 1.14 1999/12/02 16:58:38 joda Exp $");
+RCSID("$Id: error.c,v 1.15 2001/02/28 20:00:13 joda Exp $");
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -62,9 +62,9 @@ initialize_error_table_r(struct et_list **list,
 			 int num_errors,
 			 long base)
 {
-    struct et_list *et;
+    struct et_list *et, **end;
     struct foobar *f;
-    for (et = *list; et; et = et->next)
+    for (end = list, et = *list; et; end = &et->next, et = et->next)
         if (et->table->msgs == messages)
             return;
     f = malloc(sizeof(*f));
@@ -75,8 +75,8 @@ initialize_error_table_r(struct et_list **list,
     et->table->msgs = messages;
     et->table->n_msgs = num_errors;
     et->table->base = base;
-    et->next = *list;
-    *list = et;
+    et->next = NULL;
+    *end = et;
 }
 			
 
diff --git a/crypto/heimdal/lib/editline/ChangeLog b/crypto/heimdal/lib/editline/ChangeLog
new file mode 100644
index 0000000..be78368
--- /dev/null
+++ b/crypto/heimdal/lib/editline/ChangeLog
@@ -0,0 +1,98 @@
+2000-11-15  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: make libeditline and libel_compat into libtool
+	libraries but always make them static
+
+2000-03-01  Assar Westerlund  <assar@sics.se>
+
+	* edit_compat.c (readline): be more liberal in what we accept from
+	el_gets.  if count == 0 -> interpret it as EOF.  also copy the
+	string first and then cut of the newline, it's cleaner
+
+1999-12-23  Assar Westerlund  <assar@sics.se>
+
+	* editline.c (TTYinfo): add fallback if we fail to find "le" in
+ 	termcap.
+
+1999-08-06  Assar Westerlund  <assar@sics.se>
+
+	* editline.c (TTYinfo): copy backspace string to avoid referencing
+ 	into a local variable.
+
+1999-08-04  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: don't run testit in `make check'
+
+1999-04-11  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: don't run testit as a check
+
+Sat Apr 10 23:01:18 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* complete.c (rl_complete_filename): return if there were no
+ 	matches
+
+Thu Apr  8 15:08:25 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.in: snprintf
+
+	* roken_rename.h: add snprintf, asprintf
+
+	* Makefile.am: build testit
+
+	* complete.c: nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros;
+ 	(rl_complete): call rl_list_possib instead of doing the same
+
+	* editline.h: nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros
+
+	* editline.c: nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros
+
+	* sysunix.c: add some whitespace
+
+Thu Mar 18 11:22:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Tue Mar 16 17:10:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* editline.c: remove protos for read/write
+
+Sat Mar 13 22:23:22 1999  Assar Westerlund  <assar@sics.se>
+
+	* <roken.h>: add
+
+Sun Nov 22 10:40:28 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Tue Sep 29 02:09:15 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (LIB_DEPS): add LIB_tgetent
+
+Thu Jul  2 15:10:08 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* edit_compat.c: support for newer libedit
+
+Tue Jun 30 17:18:09 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (distclean): don't remove roken_rename.h
+
+Fri May 29 19:03:38 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (strdup.c): remove dependency
+
+Mon May 25 05:25:16 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:53:46 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sat Feb  7 07:24:30 1998  Assar Westerlund  <assar@sics.se>
+
+	* editline.h: add prototypes
+
+Tue Feb  3 10:24:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* editline.c: If read returns EINTR, try again.
diff --git a/crypto/heimdal/lib/editline/Makefile.am b/crypto/heimdal/lib/editline/Makefile.am
new file mode 100644
index 0000000..49e4885
--- /dev/null
+++ b/crypto/heimdal/lib/editline/Makefile.am
@@ -0,0 +1,54 @@
+# $Id: Makefile.am,v 1.12 2000/11/14 23:22:29 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+if do_roken_rename
+IS = -DROKEN_RENAME
+ES = snprintf.c strdup.c
+endif
+
+INCLUDES += $(IS)
+
+man_MANS = editline.3
+
+lib_LTLIBRARIES = libeditline.la
+if el_compat
+noinst_LTLIBRARIES = libel_compat.la
+else
+noinst_LTLIBRARIES =
+endif
+
+noinst_PROGRAMS = testit
+
+CHECK_LOCAL =
+
+testit_LDADD = \
+	libeditline.la \
+	$(LIB_tgetent) \
+	$(LIB_roken)
+
+include_HEADERS = editline.h
+
+libeditline_la_SOURCES = \
+	complete.c \
+	editline.c \
+	sysunix.c \
+	editline.h \
+	roken_rename.h \
+	unix.h \
+	$(EXTRA_SOURCE)
+
+libeditline_la_LDFLAGS = -static
+
+EXTRA_SOURCE = $(ES) 
+
+libel_compat_la_SOURCES = edit_compat.c
+
+libel_compat_la_LDFLAGS = -static
+
+EXTRA_DIST = $(man_MANS)
+
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
+strdup.c:
+	$(LN_S) $(srcdir)/../roken/strdup.c .
diff --git a/crypto/heimdal/lib/editline/Makefile.in b/crypto/heimdal/lib/editline/Makefile.in
new file mode 100644
index 0000000..4a06487
--- /dev/null
+++ b/crypto/heimdal/lib/editline/Makefile.in
@@ -0,0 +1,715 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.12 2000/11/14 23:22:29 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(IS)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = 
+
+@do_roken_rename_TRUE@IS = @do_roken_rename_TRUE@-DROKEN_RENAME
+@do_roken_rename_TRUE@ES = @do_roken_rename_TRUE@snprintf.c strdup.c
+
+man_MANS = editline.3
+
+lib_LTLIBRARIES = libeditline.la
+@el_compat_TRUE@noinst_LTLIBRARIES = @el_compat_TRUE@libel_compat.la
+@el_compat_FALSE@noinst_LTLIBRARIES = 
+
+noinst_PROGRAMS = testit
+
+testit_LDADD = \
+	libeditline.la \
+	$(LIB_tgetent) \
+	$(LIB_roken)
+
+
+include_HEADERS = editline.h
+
+libeditline_la_SOURCES = \
+	complete.c \
+	editline.c \
+	sysunix.c \
+	editline.h \
+	roken_rename.h \
+	unix.h \
+	$(EXTRA_SOURCE)
+
+
+libeditline_la_LDFLAGS = -static
+
+EXTRA_SOURCE = $(ES) 
+
+libel_compat_la_SOURCES = edit_compat.c
+
+libel_compat_la_LDFLAGS = -static
+
+EXTRA_DIST = $(man_MANS)
+subdir = lib/editline
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+LTLIBRARIES =  $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+libeditline_la_LIBADD = 
+@do_roken_rename_FALSE@am_libeditline_la_OBJECTS =  complete.lo \
+@do_roken_rename_FALSE@editline.lo sysunix.lo
+@do_roken_rename_TRUE@am_libeditline_la_OBJECTS =  complete.lo \
+@do_roken_rename_TRUE@editline.lo sysunix.lo snprintf.lo strdup.lo
+libeditline_la_OBJECTS =  $(am_libeditline_la_OBJECTS)
+libel_compat_la_LIBADD = 
+am_libel_compat_la_OBJECTS =  edit_compat.lo
+libel_compat_la_OBJECTS =  $(am_libel_compat_la_OBJECTS)
+noinst_PROGRAMS =  testit$(EXEEXT)
+PROGRAMS =  $(noinst_PROGRAMS)
+
+testit_SOURCES = testit.c
+testit_OBJECTS =  testit.$(OBJEXT)
+testit_DEPENDENCIES =  libeditline.la
+testit_LDFLAGS = 
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  $(libeditline_la_SOURCES) $(libel_compat_la_SOURCES) \
+testit.c
+man3dir = $(mandir)/man3
+MANS = $(man_MANS)
+HEADERS =  $(include_HEADERS)
+
+depcomp = 
+DIST_COMMON =  README $(include_HEADERS) ChangeLog Makefile.am \
+Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = $(libeditline_la_SOURCES) $(libel_compat_la_SOURCES) testit.c
+OBJECTS = $(am_libeditline_la_OBJECTS) $(am_libel_compat_la_OBJECTS) testit.$(OBJEXT)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/editline/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-libLTLIBRARIES:
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+
+distclean-libLTLIBRARIES:
+
+maintainer-clean-libLTLIBRARIES:
+
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(libdir)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \
+	  else :; fi; \
+	done
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  echo " $(LIBTOOL)  --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
+	  $(LIBTOOL)  --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
+	done
+
+mostlyclean-noinstLTLIBRARIES:
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+
+distclean-noinstLTLIBRARIES:
+
+maintainer-clean-noinstLTLIBRARIES:
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+libeditline.la: $(libeditline_la_OBJECTS) $(libeditline_la_DEPENDENCIES)
+	$(LINK) -rpath $(libdir) $(libeditline_la_LDFLAGS) $(libeditline_la_OBJECTS) $(libeditline_la_LIBADD) $(LIBS)
+
+libel_compat.la: $(libel_compat_la_OBJECTS) $(libel_compat_la_DEPENDENCIES)
+	$(LINK)  $(libel_compat_la_LDFLAGS) $(libel_compat_la_OBJECTS) $(libel_compat_la_LIBADD) $(LIBS)
+
+mostlyclean-noinstPROGRAMS:
+
+clean-noinstPROGRAMS:
+	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+
+distclean-noinstPROGRAMS:
+
+maintainer-clean-noinstPROGRAMS:
+
+testit$(EXEEXT): $(testit_OBJECTS) $(testit_DEPENDENCIES)
+	@rm -f testit$(EXEEXT)
+	$(LINK) $(testit_LDFLAGS) $(testit_OBJECTS) $(testit_LDADD) $(LIBS)
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+install-man3:
+	$(mkinstalldirs) $(DESTDIR)$(man3dir)
+	@list='$(man3_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.3*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
+	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
+	done
+
+uninstall-man3:
+	@list='$(man3_MANS)'; \
+	l2='$(man_MANS)'; for i in $$l2; do \
+	  case "$$i" in \
+	    *.3*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
+	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
+	done
+install-man: $(MANS)
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-man3
+uninstall-man:
+	@$(NORMAL_UNINSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) uninstall-man3
+
+install-includeHEADERS: $(include_HEADERS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(includedir)
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \
+	  f="`echo $$p | sed -e 's|^.*/||'`"; \
+	  echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
+	  $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f; \
+	done
+
+uninstall-includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  f="`echo $$p | sed -e 's|^.*/||'`"; \
+	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
+	  rm -f $(DESTDIR)$(includedir)/$$f; \
+	done
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-libLTLIBRARIES
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-man install-includeHEADERS install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-libLTLIBRARIES uninstall-man \
+		uninstall-includeHEADERS
+uninstall: uninstall-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(libdir) $(DESTDIR)$(mandir)/man3 \
+		$(DESTDIR)$(includedir)
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-libLTLIBRARIES \
+		mostlyclean-noinstLTLIBRARIES mostlyclean-compile \
+		mostlyclean-libtool mostlyclean-noinstPROGRAMS \
+		mostlyclean-tags mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-libLTLIBRARIES clean-noinstLTLIBRARIES clean-compile \
+		clean-libtool clean-noinstPROGRAMS clean-tags \
+		clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-libLTLIBRARIES distclean-noinstLTLIBRARIES \
+		distclean-compile distclean-libtool \
+		distclean-noinstPROGRAMS distclean-tags \
+		distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-libLTLIBRARIES \
+		maintainer-clean-noinstLTLIBRARIES \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-noinstPROGRAMS maintainer-clean-tags \
+		maintainer-clean-generic distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \
+clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \
+uninstall-libLTLIBRARIES install-libLTLIBRARIES \
+mostlyclean-noinstLTLIBRARIES distclean-noinstLTLIBRARIES \
+clean-noinstLTLIBRARIES maintainer-clean-noinstLTLIBRARIES \
+mostlyclean-compile distclean-compile clean-compile \
+maintainer-clean-compile mostlyclean-libtool distclean-libtool \
+clean-libtool maintainer-clean-libtool mostlyclean-noinstPROGRAMS \
+distclean-noinstPROGRAMS clean-noinstPROGRAMS \
+maintainer-clean-noinstPROGRAMS install-man3 uninstall-man3 install-man \
+uninstall-man uninstall-includeHEADERS install-includeHEADERS tags \
+mostlyclean-tags distclean-tags clean-tags maintainer-clean-tags \
+distdir info-am info dvi-am dvi check-local check check-am \
+installcheck-am installcheck install-exec-am install-exec \
+install-data-local install-data-am install-data install-am install \
+uninstall-am uninstall all-local all-redirect all-am all install-strip \
+installdirs mostlyclean-generic distclean-generic clean-generic \
+maintainer-clean-generic clean mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
+strdup.c:
+	$(LN_S) $(srcdir)/../roken/strdup.c .
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/lib/editline/README b/crypto/heimdal/lib/editline/README
new file mode 100644
index 0000000..829db99
--- /dev/null
+++ b/crypto/heimdal/lib/editline/README
@@ -0,0 +1,45 @@
+$Revision: 1.1 $
+
+This is a line-editing library.  It can be linked into almost any
+program to provide command-line editing and recall.
+
+It is call-compatible with the FSF readline library, but it is a
+fraction of the size (and offers fewer features).  It does not use
+standard I/O.  It is distributed under a "C News-like" copyright.
+
+Configuration is done in the Makefile.  Type "make testit" to get
+a small slow shell for testing.
+
+An earlier version was distributed with Byron's rc.  Principal
+changes over that version include:
+	Faster.
+	Is eight-bit clean (thanks to brendan@cs.widener.edu)
+	Written in K&R C, but ANSI compliant (gcc all warnings)
+	Propagates EOF properly; rc trip test now passes
+	Doesn't need or use or provide memmove.
+	More robust
+	Calling sequence changed to be compatible with readline.
+	Test program, new manpage, better configuration
+	More system-independant; includes Unix and OS-9 support.
+
+Enjoy,
+	Rich $alz
+	<rsalz@osf.org>
+
+ Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved.
+
+ This software is not subject to any license of the American Telephone
+ and Telegraph Company or of the Regents of the University of California.
+
+ Permission is granted to anyone to use this software for any purpose on
+ any computer system, and to alter it and redistribute it freely, subject
+ to the following restrictions:
+ 1. The authors are not responsible for the consequences of use of this
+    software, no matter how awful, even if they arise from flaws in it.
+ 2. The origin of this software must not be misrepresented, either by
+    explicit claim or by omission.  Since few users ever read sources,
+    credits must appear in the documentation.
+ 3. Altered versions must be plainly marked as such, and must not be
+    misrepresented as being the original software.  Since few users
+    ever read sources, credits must appear in the documentation.
+ 4. This notice may not be removed or altered.
diff --git a/crypto/heimdal/lib/editline/complete.c b/crypto/heimdal/lib/editline/complete.c
new file mode 100644
index 0000000..d2a311d
--- /dev/null
+++ b/crypto/heimdal/lib/editline/complete.c
@@ -0,0 +1,243 @@
+/*  Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
+ *
+ *  This software is not subject to any license of the American Telephone 
+ *  and Telegraph Company or of the Regents of the University of California. 
+ *
+ *  Permission is granted to anyone to use this software for any purpose on
+ *  any computer system, and to alter it and redistribute it freely, subject
+ *  to the following restrictions:
+ *  1. The authors are not responsible for the consequences of use of this
+ *     software, no matter how awful, even if they arise from flaws in it.
+ *  2. The origin of this software must not be misrepresented, either by
+ *     explicit claim or by omission.  Since few users ever read sources,
+ *     credits must appear in the documentation.
+ *  3. Altered versions must be plainly marked as such, and must not be
+ *     misrepresented as being the original software.  Since few users
+ *     ever read sources, credits must appear in the documentation.
+ *  4. This notice may not be removed or altered.
+ */
+
+/*
+**  History and file completion functions for editline library.
+*/
+#include <config.h>
+#include "editline.h"
+
+RCSID("$Id: complete.c,v 1.5 1999/04/10 21:01:16 joda Exp $");
+
+/*
+**  strcmp-like sorting predicate for qsort.
+*/
+static int
+compare(const void *p1, const void *p2)
+{
+    const char	**v1;
+    const char	**v2;
+    
+    v1 = (const char **)p1;
+    v2 = (const char **)p2;
+    return strcmp(*v1, *v2);
+}
+
+/*
+**  Fill in *avp with an array of names that match file, up to its length.
+**  Ignore . and .. .
+*/
+static int
+FindMatches(char *dir, char *file, char ***avp)
+{
+    char	**av;
+    char	**new;
+    char	*p;
+    DIR		*dp;
+    DIRENTRY	*ep;
+    size_t	ac;
+    size_t	len;
+
+    if ((dp = opendir(dir)) == NULL)
+	return 0;
+
+    av = NULL;
+    ac = 0;
+    len = strlen(file);
+    while ((ep = readdir(dp)) != NULL) {
+	p = ep->d_name;
+	if (p[0] == '.' && (p[1] == '\0' || (p[1] == '.' && p[2] == '\0')))
+	    continue;
+	if (len && strncmp(p, file, len) != 0)
+	    continue;
+
+	if ((ac % MEM_INC) == 0) {
+	    if ((new = malloc(sizeof(char*) * (ac + MEM_INC))) == NULL)
+		break;
+	    if (ac) {
+		memcpy(new, av, ac * sizeof (char **));
+		free(av);
+	    }
+	    *avp = av = new;
+	}
+
+	if ((av[ac] = strdup(p)) == NULL) {
+	    if (ac == 0)
+		free(av);
+	    break;
+	}
+	ac++;
+    }
+
+    /* Clean up and return. */
+    (void)closedir(dp);
+    if (ac)
+	qsort(av, ac, sizeof (char **), compare);
+    return ac;
+}
+
+/*
+**  Split a pathname into allocated directory and trailing filename parts.
+*/
+static int SplitPath(char *path, char **dirpart, char **filepart)
+{
+    static char	DOT[] = ".";
+    char	*dpart;
+    char	*fpart;
+
+    if ((fpart = strrchr(path, '/')) == NULL) {
+	if ((dpart = strdup(DOT)) == NULL)
+	    return -1;
+	if ((fpart = strdup(path)) == NULL) {
+	    free(dpart);
+	    return -1;
+	}
+    }
+    else {
+	if ((dpart = strdup(path)) == NULL)
+	    return -1;
+	dpart[fpart - path] = '\0';
+	if ((fpart = strdup(++fpart)) == NULL) {
+	    free(dpart);
+	    return -1;
+	}
+    }
+    *dirpart = dpart;
+    *filepart = fpart;
+    return 0;
+}
+
+/*
+**  Attempt to complete the pathname, returning an allocated copy.
+**  Fill in *unique if we completed it, or set it to 0 if ambiguous.
+*/
+
+static char *
+rl_complete_filename(char *pathname, int *unique)
+{
+    char	**av;
+    char	*new;
+    char	*p;
+    size_t	ac;
+    size_t	end;
+    size_t	i;
+    size_t	j;
+    size_t	len;
+    char *s;
+    
+    ac = rl_list_possib(pathname, &av);
+    if(ac == 0)
+	return NULL;
+
+    s = strrchr(pathname, '/');
+    if(s == NULL)
+	len = strlen(pathname);
+    else
+	len = strlen(s + 1);
+
+    p = NULL;
+    if (ac == 1) {
+	/* Exactly one match -- finish it off. */
+	*unique = 1;
+	j = strlen(av[0]) - len + 2;
+	if ((p = malloc(j + 1)) != NULL) {
+	    memcpy(p, av[0] + len, j);
+	    asprintf(&new, "%s%s", pathname, p);
+	    if(new != NULL) {
+		rl_add_slash(new, p);
+		free(new);
+	    }
+	}
+    }
+    else {
+	*unique = 0;
+	if (len) {
+	    /* Find largest matching substring. */
+	    for (i = len, end = strlen(av[0]); i < end; i++)
+		for (j = 1; j < ac; j++)
+		    if (av[0][i] != av[j][i])
+			goto breakout;
+  breakout:
+	    if (i > len) {
+		j = i - len + 1;
+		if ((p = malloc(j)) != NULL) {
+		    memcpy(p, av[0] + len, j);
+		    p[j - 1] = '\0';
+		}
+	    }
+	}
+    }
+
+    /* Clean up and return. */
+    for (i = 0; i < ac; i++)
+	free(av[i]);
+    free(av);
+    return p;
+}
+
+static rl_complete_func_t complete_func = rl_complete_filename;
+
+char *
+rl_complete(char *pathname, int *unique)
+{
+    return (*complete_func)(pathname, unique);
+}
+
+rl_complete_func_t
+rl_set_complete_func(rl_complete_func_t func)
+{
+    rl_complete_func_t old = complete_func;
+    complete_func = func;
+    return old;
+}
+
+
+/*
+**  Return all possible completions.
+*/
+static int
+rl_list_possib_filename(char *pathname, char ***avp)
+{
+    char	*dir;
+    char	*file;
+    int		ac;
+
+    if (SplitPath(pathname, &dir, &file) < 0)
+	return 0;
+    ac = FindMatches(dir, file, avp);
+    free(dir);
+    free(file);
+    return ac;
+}
+
+static rl_list_possib_func_t list_possib_func = rl_list_possib_filename;
+
+int
+rl_list_possib(char *pathname, char ***avp)
+{
+    return (*list_possib_func)(pathname, avp);
+}
+
+rl_list_possib_func_t
+rl_set_list_possib_func(rl_list_possib_func_t func)
+{
+    rl_list_possib_func_t old = list_possib_func;
+    list_possib_func = func;
+    return old;
+}
diff --git a/crypto/heimdal/lib/editline/edit_compat.c b/crypto/heimdal/lib/editline/edit_compat.c
new file mode 100644
index 0000000..9b1863e
--- /dev/null
+++ b/crypto/heimdal/lib/editline/edit_compat.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <histedit.h>
+
+RCSID("$Id: edit_compat.c,v 1.8 2000/03/01 20:53:05 assar Exp $");
+
+void
+rl_reset_terminal(char *p)
+{
+}
+
+void
+rl_initialize()
+{
+}
+
+static const char *pr;
+static const char* ret_prompt(EditLine *e)
+{
+    return pr;
+}
+
+static History *h;
+
+#ifdef H_SETSIZE
+#define EL_INIT_FOUR 1
+#else
+#ifdef H_SETMAXSIZE
+/* backwards compatibility */
+#define H_SETSIZE H_SETMAXSIZE
+#endif
+#endif
+
+char *
+readline(const char* prompt)
+{
+    static EditLine *e;
+#ifdef H_SETSIZE
+    HistEvent ev;
+#endif
+    int count;
+    const char *str;
+
+    if(e == NULL){
+#ifdef EL_INIT_FOUR
+	e = el_init("", stdin, stdout, stderr);
+#else
+	e = el_init("", stdin, stdout);
+#endif
+	el_set(e, EL_PROMPT, ret_prompt);
+	h = history_init();
+#ifdef H_SETSIZE
+	history(h, &ev, H_SETSIZE, 25);
+#else
+	history(h, H_EVENT, 25);
+#endif
+	el_set(e, EL_HIST, history, h);
+	el_set(e, EL_EDITOR, "emacs"); /* XXX? */
+    }
+    pr = prompt ? prompt : "";
+    str = el_gets(e, &count);
+    if (str && count > 0) {
+	char *ret = strdup (str);
+
+	if (ret == NULL)
+	    return NULL;
+
+	if (ret[strlen(ret) - 1] == '\n')
+	    ret[strlen(ret) - 1] = '\0';
+	return ret;
+    } 
+    return NULL;
+}
+
+void
+add_history(char *p)
+{
+#ifdef H_SETSIZE
+    HistEvent ev;
+    history(h, &ev, H_ENTER, p);
+#else
+    history(h, H_ENTER, p);
+#endif
+}
diff --git a/crypto/heimdal/lib/editline/editline.3 b/crypto/heimdal/lib/editline/editline.3
new file mode 100644
index 0000000..6e30a09
--- /dev/null
+++ b/crypto/heimdal/lib/editline/editline.3
@@ -0,0 +1,175 @@
+.\" $Revision: 1.2 $
+.TH EDITLINE 3
+.SH NAME
+editline \- command-line editing library with history
+.SH SYNOPSIS
+.nf
+.B "char *"
+.B "readline(prompt)"
+.B "     char	*prompt;"
+
+.B "void"
+.B "add_history(line)"
+.B "    char	*line;"
+.fi
+.SH DESCRIPTION
+.I Editline
+is a library that provides an line-editing interface with text recall.
+It is intended to be compatible with the
+.I readline
+library provided by the Free Software Foundation, but much smaller.
+The bulk of this manual page describes the user interface.
+.PP
+The
+.I readline
+routine returns a line of text with the trailing newline removed.
+The data is returned in a buffer allocated with
+.IR malloc (3),
+so the space should be released with
+.IR free (3)
+when the calling program is done with it.
+Before accepting input from the user, the specified
+.I prompt
+is displayed on the terminal.
+.PP
+The
+.I add_history
+routine makes a copy of the specified
+.I line
+and adds it to the internal history list.
+.SS "User Interface"
+A program that uses this library provides a simple emacs-like editing
+interface to its users.
+A line may be edited before it is sent to the calling program by typing either
+control characters or escape sequences.
+A control character, shown as a caret followed by a letter, is typed by
+holding down the ``control'' key while the letter is typed.
+For example, ``^A'' is a control-A.
+An escape sequence is entered by typing the ``escape'' key followed by one or
+more characters.
+The escape key is abbreviated as ``ESC.''
+Note that unlike control keys, case matters in escape sequences; ``ESC\ F''
+is not the same as ``ESC\ f''.
+.PP
+An editing command may be typed anywhere on the line, not just at the
+beginning.
+In addition, a return may also be typed anywhere on the line, not just at
+the end.
+.PP
+Most editing commands may be given a repeat count,
+.IR n ,
+where
+.I n
+is a number.
+To enter a repeat count, type the escape key, the number, and then
+the command to execute.
+For example, ``ESC\ 4\ ^f'' moves forward four characters.
+If a command may be given a repeat count then the text ``[n]'' is given at the
+end of its description.
+.PP
+The following control characters are accepted:
+.RS
+.nf
+.ta \w'ESC DEL  'u
+^A	Move to the beginning of the line
+^B	Move left (backwards) [n]
+^D	Delete character [n]
+^E	Move to end of line
+^F	Move right (forwards) [n]
+^G	Ring the bell
+^H	Delete character before cursor (backspace key) [n]
+^I	Complete filename (tab key); see below
+^J	Done with line (return key)
+^K	Kill to end of line (or column [n])
+^L	Redisplay line
+^M	Done with line (alternate return key)
+^N	Get next line from history [n]
+^P	Get previous line from history [n]
+^R	Search backward (forward if [n]) through history for text;
+\&	must start line if text begins with an uparrow
+^T	Transpose characters
+^V	Insert next character, even if it is an edit command
+^W	Wipe to the mark
+^X^X	Exchange current location and mark
+^Y	Yank back last killed text
+^[	Start an escape sequence (escape key)
+^]c	Move forward to next character ``c''
+^?	Delete character before cursor (delete key) [n]
+.fi
+.RE
+.PP
+The following escape sequences are provided.
+.RS
+.nf
+.ta \w'ESC DEL  'u
+ESC\ ^H	Delete previous word (backspace key) [n]
+ESC\ DEL	Delete previous word (delete key) [n]
+ESC\ SP	Set the mark (space key); see ^X^X and ^Y above
+ESC\ \.	Get the last (or [n]'th) word from previous line
+ESC\ ?	Show possible completions; see below
+ESC\ <	Move to start of history
+ESC\ >	Move to end of history
+ESC\ b	Move backward a word [n]
+ESC\ d	Delete word under cursor [n]
+ESC\ f	Move forward a word [n]
+ESC\ l	Make word lowercase [n]
+ESC\ u	Make word uppercase [n]
+ESC\ y	Yank back last killed text
+ESC\ v	Show library version
+ESC\ w	Make area up to mark yankable
+ESC\ nn	Set repeat count to the number nn
+ESC\ C	Read from environment variable ``_C_'', where C is
+\&	an uppercase letter
+.fi
+.RE
+.PP
+The
+.I editline
+library has a small macro facility.
+If you type the escape key followed by an uppercase letter,
+.IR C ,
+then the contents of the environment variable
+.I _C_
+are read in as if you had typed them at the keyboard.
+For example, if the variable
+.I _L_
+contains the following:
+.RS
+^A^Kecho '^V^[[H^V^[[2J'^M
+.RE
+Then typing ``ESC L'' will move to the beginning of the line, kill the
+entire line, enter the echo command needed to clear the terminal (if your
+terminal is like a VT-100), and send the line back to the shell.
+.PP
+The
+.I editline
+library also does filename completion.
+Suppose the root directory has the following files in it:
+.RS
+.nf
+.ta \w'core   'u
+bin	vmunix
+core	vmunix.old
+.fi
+.RE
+If you type ``rm\ /v'' and then the tab key.
+.I Editline
+will then finish off as much of the name as possible by adding ``munix''.
+Because the name is not unique, it will then beep.
+If you type the escape key and a question mark, it will display the
+two choices.
+If you then type a period and a tab, the library will finish off the filename
+for you:
+.RS
+.nf
+.RI "rm /v[TAB]" munix .TAB old
+.fi
+.RE
+The tab key is shown by ``[TAB]'' and the automatically-entered text
+is shown in italics.
+.SH "BUGS AND LIMITATIONS"
+Cannot handle lines more than 80 columns.
+.SH AUTHORS
+Simmule R. Turner <uunet.uu.net!capitol!sysgo!simmy>
+and Rich $alz <rsalz@osf.org>.
+Original manual page by DaviD W. Sanderson <dws@ssec.wisc.edu>.
diff --git a/crypto/heimdal/lib/editline/editline.c b/crypto/heimdal/lib/editline/editline.c
new file mode 100644
index 0000000..43dd58a
--- /dev/null
+++ b/crypto/heimdal/lib/editline/editline.c
@@ -0,0 +1,1376 @@
+/*  Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
+ *
+ *  This software is not subject to any license of the American Telephone 
+ *  and Telegraph Company or of the Regents of the University of California. 
+ *
+ *  Permission is granted to anyone to use this software for any purpose on
+ *  any computer system, and to alter it and redistribute it freely, subject
+ *  to the following restrictions:
+ *  1. The authors are not responsible for the consequences of use of this
+ *     software, no matter how awful, even if they arise from flaws in it.
+ *  2. The origin of this software must not be misrepresented, either by
+ *     explicit claim or by omission.  Since few users ever read sources,
+ *     credits must appear in the documentation.
+ *  3. Altered versions must be plainly marked as such, and must not be
+ *     misrepresented as being the original software.  Since few users
+ *     ever read sources, credits must appear in the documentation.
+ *  4. This notice may not be removed or altered.
+ */
+
+/*
+**  Main editing routines for editline library.
+*/
+#include <config.h>
+#include "editline.h"
+#include <ctype.h>
+#include <errno.h>
+
+RCSID("$Id: editline.c,v 1.9 1999/12/23 21:27:00 assar Exp $");
+
+/*
+**  Manifest constants.
+*/
+#define SCREEN_WIDTH	80
+#define SCREEN_ROWS	24
+#define NO_ARG		(-1)
+#define DEL		127
+#define CTL(x)		((x) & 0x1F)
+#define ISCTL(x)	((x) && (x) < ' ')
+#define UNCTL(x)	((x) + 64)
+#define META(x)		((x) | 0x80)
+#define ISMETA(x)	((x) & 0x80)
+#define UNMETA(x)	((x) & 0x7F)
+#if	!defined(HIST_SIZE)
+#define HIST_SIZE	20
+#endif	/* !defined(HIST_SIZE) */
+
+/*
+**  Command status codes.
+*/
+typedef enum _STATUS {
+    CSdone, CSeof, CSmove, CSdispatch, CSstay
+} STATUS;
+
+/*
+**  The type of case-changing to perform.
+*/
+typedef enum _CASE {
+    TOupper, TOlower
+} CASE;
+
+/*
+**  Key to command mapping.
+*/
+typedef struct _KEYMAP {
+    unsigned char	Key;
+    STATUS	(*Function)();
+} KEYMAP;
+
+/*
+**  Command history structure.
+*/
+typedef struct _HISTORY {
+    int		Size;
+    int		Pos;
+    unsigned char	*Lines[HIST_SIZE];
+} HISTORY;
+
+/*
+**  Globals.
+*/
+int		rl_eof;
+int		rl_erase;
+int		rl_intr;
+int		rl_kill;
+
+static unsigned char		NIL[] = "";
+static const unsigned char	*Input = NIL;
+static unsigned char		*Line;
+static const char	*Prompt;
+static unsigned char		*Yanked;
+static char		*Screen;
+static char		NEWLINE[]= CRLF;
+static HISTORY		H;
+int		rl_quit;
+static int		Repeat;
+static int		End;
+static int		Mark;
+static int		OldPoint;
+static int		Point;
+static int		PushBack;
+static int		Pushed;
+static KEYMAP		Map[33];
+static KEYMAP		MetaMap[16];
+static size_t		Length;
+static size_t		ScreenCount;
+static size_t		ScreenSize;
+static char		*backspace;
+static int		TTYwidth;
+static int		TTYrows;
+
+/* Display print 8-bit chars as `M-x' or as the actual 8-bit char? */
+int		rl_meta_chars = 1;
+
+/*
+**  Declarations.
+*/
+static unsigned char	*editinput(void);
+char	*tgetstr(const char*, char**);
+int	tgetent(char*, const char*);
+int	tgetnum(const char*);
+
+/*
+**  TTY input/output functions.
+*/
+
+static void
+TTYflush()
+{
+    if (ScreenCount) {
+	write(1, Screen, ScreenCount);
+	ScreenCount = 0;
+    }
+}
+
+static void
+TTYput(unsigned char c)
+{
+    Screen[ScreenCount] = c;
+    if (++ScreenCount >= ScreenSize - 1) {
+	ScreenSize += SCREEN_INC;
+	Screen = realloc(Screen, ScreenSize);
+    }
+}
+
+static void
+TTYputs(const char *p)
+{
+    while (*p)
+	TTYput(*p++);
+}
+
+static void
+TTYshow(unsigned char c)
+{
+    if (c == DEL) {
+	TTYput('^');
+	TTYput('?');
+    }
+    else if (ISCTL(c)) {
+	TTYput('^');
+	TTYput(UNCTL(c));
+    }
+    else if (rl_meta_chars && ISMETA(c)) {
+	TTYput('M');
+	TTYput('-');
+	TTYput(UNMETA(c));
+    }
+    else
+	TTYput(c);
+}
+
+static void
+TTYstring(unsigned char *p)
+{
+    while (*p)
+	TTYshow(*p++);
+}
+
+static int
+TTYget()
+{
+    char c;
+    int e;
+
+    TTYflush();
+    if (Pushed) {
+	Pushed = 0;
+	return PushBack;
+    }
+    if (*Input)
+	return *Input++;
+    do {
+	e = read(0, &c, 1);
+    } while(e < 0 && errno == EINTR);
+    if(e == 1)
+	return c;
+    return EOF;
+}
+
+static void
+TTYback(void)
+{
+    if (backspace)
+	TTYputs(backspace);
+    else
+	TTYput('\b');
+}
+
+static void
+TTYbackn(int n)
+{
+    while (--n >= 0)
+	TTYback();
+}
+
+static void
+TTYinfo()
+{
+    static int		init;
+    char		*term;
+    char		buff[2048];
+    char		*bp;
+    char		*tmp;
+#if	defined(TIOCGWINSZ)
+    struct winsize	W;
+#endif	/* defined(TIOCGWINSZ) */
+
+    if (init) {
+#if	defined(TIOCGWINSZ)
+	/* Perhaps we got resized. */
+	if (ioctl(0, TIOCGWINSZ, &W) >= 0
+	 && W.ws_col > 0 && W.ws_row > 0) {
+	    TTYwidth = (int)W.ws_col;
+	    TTYrows = (int)W.ws_row;
+	}
+#endif	/* defined(TIOCGWINSZ) */
+	return;
+    }
+    init++;
+
+    TTYwidth = TTYrows = 0;
+    bp = &buff[0];
+    if ((term = getenv("TERM")) == NULL)
+	term = "dumb";
+    if (tgetent(buff, term) < 0) {
+       TTYwidth = SCREEN_WIDTH;
+       TTYrows = SCREEN_ROWS;
+       return;
+    }
+    tmp = tgetstr("le", &bp);
+    if (tmp != NULL)
+	backspace = strdup(tmp);
+    else
+	backspace = "\b";
+    TTYwidth = tgetnum("co");
+    TTYrows = tgetnum("li");
+
+#if	defined(TIOCGWINSZ)
+    if (ioctl(0, TIOCGWINSZ, &W) >= 0) {
+	TTYwidth = (int)W.ws_col;
+	TTYrows = (int)W.ws_row;
+    }
+#endif	/* defined(TIOCGWINSZ) */
+
+    if (TTYwidth <= 0 || TTYrows <= 0) {
+	TTYwidth = SCREEN_WIDTH;
+	TTYrows = SCREEN_ROWS;
+    }
+}
+
+
+/*
+**  Print an array of words in columns.
+*/
+static void
+columns(int ac, unsigned char **av)
+{
+    unsigned char	*p;
+    int		i;
+    int		j;
+    int		k;
+    int		len;
+    int		skip;
+    int		longest;
+    int		cols;
+
+    /* Find longest name, determine column count from that. */
+    for (longest = 0, i = 0; i < ac; i++)
+	if ((j = strlen((char *)av[i])) > longest)
+	    longest = j;
+    cols = TTYwidth / (longest + 3);
+
+    TTYputs(NEWLINE);
+    for (skip = ac / cols + 1, i = 0; i < skip; i++) {
+	for (j = i; j < ac; j += skip) {
+	    for (p = av[j], len = strlen((char *)p), k = len; --k >= 0; p++)
+		TTYput(*p);
+	    if (j + skip < ac)
+		while (++len < longest + 3)
+		    TTYput(' ');
+	}
+	TTYputs(NEWLINE);
+    }
+}
+
+static void
+reposition()
+{
+    int		i;
+    unsigned char	*p;
+
+    TTYput('\r');
+    TTYputs(Prompt);
+    for (i = Point, p = Line; --i >= 0; p++)
+	TTYshow(*p);
+}
+
+static void
+left(STATUS Change)
+{
+    TTYback();
+    if (Point) {
+	if (ISCTL(Line[Point - 1]))
+	    TTYback();
+        else if (rl_meta_chars && ISMETA(Line[Point - 1])) {
+	    TTYback();
+	    TTYback();
+	}
+    }
+    if (Change == CSmove)
+	Point--;
+}
+
+static void
+right(STATUS Change)
+{
+    TTYshow(Line[Point]);
+    if (Change == CSmove)
+	Point++;
+}
+
+static STATUS
+ring_bell()
+{
+    TTYput('\07');
+    TTYflush();
+    return CSstay;
+}
+
+static STATUS
+do_macro(unsigned char c)
+{
+    unsigned char		name[4];
+
+    name[0] = '_';
+    name[1] = c;
+    name[2] = '_';
+    name[3] = '\0';
+
+    if ((Input = (unsigned char *)getenv((char *)name)) == NULL) {
+	Input = NIL;
+	return ring_bell();
+    }
+    return CSstay;
+}
+
+static STATUS
+do_forward(STATUS move)
+{
+    int		i;
+    unsigned char	*p;
+
+    i = 0;
+    do {
+	p = &Line[Point];
+	for ( ; Point < End && (*p == ' ' || !isalnum(*p)); Point++, p++)
+	    if (move == CSmove)
+		right(CSstay);
+
+	for (; Point < End && isalnum(*p); Point++, p++)
+	    if (move == CSmove)
+		right(CSstay);
+
+	if (Point == End)
+	    break;
+    } while (++i < Repeat);
+
+    return CSstay;
+}
+
+static STATUS
+do_case(CASE type)
+{
+    int		i;
+    int		end;
+    int		count;
+    unsigned char	*p;
+
+    do_forward(CSstay);
+    if (OldPoint != Point) {
+	if ((count = Point - OldPoint) < 0)
+	    count = -count;
+	Point = OldPoint;
+	if ((end = Point + count) > End)
+	    end = End;
+	for (i = Point, p = &Line[i]; i < end; i++, p++) {
+	    if (type == TOupper) {
+		if (islower(*p))
+		    *p = toupper(*p);
+	    }
+	    else if (isupper(*p))
+		*p = tolower(*p);
+	    right(CSmove);
+	}
+    }
+    return CSstay;
+}
+
+static STATUS
+case_down_word()
+{
+    return do_case(TOlower);
+}
+
+static STATUS
+case_up_word()
+{
+    return do_case(TOupper);
+}
+
+static void
+ceol()
+{
+    int		extras;
+    int		i;
+    unsigned char	*p;
+
+    for (extras = 0, i = Point, p = &Line[i]; i <= End; i++, p++) {
+	TTYput(' ');
+	if (ISCTL(*p)) {
+	    TTYput(' ');
+	    extras++;
+	}
+	else if (rl_meta_chars && ISMETA(*p)) {
+	    TTYput(' ');
+	    TTYput(' ');
+	    extras += 2;
+	}
+    }
+
+    for (i += extras; i > Point; i--)
+	TTYback();
+}
+
+static void
+clear_line()
+{
+    Point = -strlen(Prompt);
+    TTYput('\r');
+    ceol();
+    Point = 0;
+    End = 0;
+    Line[0] = '\0';
+}
+
+static STATUS
+insert_string(unsigned char *p)
+{
+    size_t	len;
+    int		i;
+    unsigned char	*new;
+    unsigned char	*q;
+
+    len = strlen((char *)p);
+    if (End + len >= Length) {
+	if ((new = malloc(sizeof(unsigned char) * (Length + len + MEM_INC))) == NULL)
+	    return CSstay;
+	if (Length) {
+	    memcpy(new, Line, Length);
+	    free(Line);
+	}
+	Line = new;
+	Length += len + MEM_INC;
+    }
+
+    for (q = &Line[Point], i = End - Point; --i >= 0; )
+	q[len + i] = q[i];
+    memcpy(&Line[Point], p, len);
+    End += len;
+    Line[End] = '\0';
+    TTYstring(&Line[Point]);
+    Point += len;
+
+    return Point == End ? CSstay : CSmove;
+}
+
+
+static unsigned char *
+next_hist()
+{
+    return H.Pos >= H.Size - 1 ? NULL : H.Lines[++H.Pos];
+}
+
+static unsigned char *
+prev_hist()
+{
+    return H.Pos == 0 ? NULL : H.Lines[--H.Pos];
+}
+
+static STATUS
+do_insert_hist(unsigned char *p)
+{
+    if (p == NULL)
+	return ring_bell();
+    Point = 0;
+    reposition();
+    ceol();
+    End = 0;
+    return insert_string(p);
+}
+
+static STATUS
+do_hist(unsigned char *(*move)())
+{
+    unsigned char	*p;
+    int		i;
+
+    i = 0;
+    do {
+	if ((p = (*move)()) == NULL)
+	    return ring_bell();
+    } while (++i < Repeat);
+    return do_insert_hist(p);
+}
+
+static STATUS
+h_next()
+{
+    return do_hist(next_hist);
+}
+
+static STATUS
+h_prev()
+{
+    return do_hist(prev_hist);
+}
+
+static STATUS
+h_first()
+{
+    return do_insert_hist(H.Lines[H.Pos = 0]);
+}
+
+static STATUS
+h_last()
+{
+    return do_insert_hist(H.Lines[H.Pos = H.Size - 1]);
+}
+
+/*
+**  Return zero if pat appears as a substring in text.
+*/
+static int
+substrcmp(char *text, char *pat, int len)
+{
+    unsigned char	c;
+
+    if ((c = *pat) == '\0')
+        return *text == '\0';
+    for ( ; *text; text++)
+        if (*text == c && strncmp(text, pat, len) == 0)
+            return 0;
+    return 1;
+}
+
+static unsigned char *
+search_hist(unsigned char *search, unsigned char *(*move)())
+{
+    static unsigned char	*old_search;
+    int		len;
+    int		pos;
+    int		(*match)();
+    char	*pat;
+
+    /* Save or get remembered search pattern. */
+    if (search && *search) {
+	if (old_search)
+	    free(old_search);
+	old_search = (unsigned char *)strdup((char *)search);
+    }
+    else {
+	if (old_search == NULL || *old_search == '\0')
+            return NULL;
+	search = old_search;
+    }
+
+    /* Set up pattern-finder. */
+    if (*search == '^') {
+	match = strncmp;
+	pat = (char *)(search + 1);
+    }
+    else {
+	match = substrcmp;
+	pat = (char *)search;
+    }
+    len = strlen(pat);
+
+    for (pos = H.Pos; (*move)() != NULL; )
+	if ((*match)((char *)H.Lines[H.Pos], pat, len) == 0)
+            return H.Lines[H.Pos];
+    H.Pos = pos;
+    return NULL;
+}
+
+static STATUS
+h_search()
+{
+    static int	Searching;
+    const char	*old_prompt;
+    unsigned char	*(*move)();
+    unsigned char	*p;
+
+    if (Searching)
+	return ring_bell();
+    Searching = 1;
+
+    clear_line();
+    old_prompt = Prompt;
+    Prompt = "Search: ";
+    TTYputs(Prompt);
+    move = Repeat == NO_ARG ? prev_hist : next_hist;
+    p = search_hist(editinput(), move);
+    clear_line();
+    Prompt = old_prompt;
+    TTYputs(Prompt);
+
+    Searching = 0;
+    return do_insert_hist(p);
+}
+
+static STATUS
+fd_char()
+{
+    int		i;
+
+    i = 0;
+    do {
+	if (Point >= End)
+	    break;
+	right(CSmove);
+    } while (++i < Repeat);
+    return CSstay;
+}
+
+static void
+save_yank(int begin, int i)
+{
+    if (Yanked) {
+	free(Yanked);
+	Yanked = NULL;
+    }
+
+    if (i < 1)
+	return;
+
+    if ((Yanked = malloc(sizeof(unsigned char) * (i + 1))) != NULL) {
+	memcpy(Yanked, &Line[begin], i);
+	Yanked[i+1] = '\0';
+    }
+}
+
+static STATUS
+delete_string(int count)
+{
+    int		i;
+    unsigned char	*p;
+
+    if (count <= 0 || End == Point)
+	return ring_bell();
+
+    if (count == 1 && Point == End - 1) {
+	/* Optimize common case of delete at end of line. */
+	End--;
+	p = &Line[Point];
+	i = 1;
+	TTYput(' ');
+	if (ISCTL(*p)) {
+	    i = 2;
+	    TTYput(' ');
+	}
+	else if (rl_meta_chars && ISMETA(*p)) {
+	    i = 3;
+	    TTYput(' ');
+	    TTYput(' ');
+	}
+	TTYbackn(i);
+	*p = '\0';
+	return CSmove;
+    }
+    if (Point + count > End && (count = End - Point) <= 0)
+	return CSstay;
+
+    if (count > 1)
+	save_yank(Point, count);
+
+    for (p = &Line[Point], i = End - (Point + count) + 1; --i >= 0; p++)
+	p[0] = p[count];
+    ceol();
+    End -= count;
+    TTYstring(&Line[Point]);
+    return CSmove;
+}
+
+static STATUS
+bk_char()
+{
+    int		i;
+
+    i = 0;
+    do {
+	if (Point == 0)
+	    break;
+	left(CSmove);
+    } while (++i < Repeat);
+
+    return CSstay;
+}
+
+static STATUS
+bk_del_char()
+{
+    int		i;
+
+    i = 0;
+    do {
+	if (Point == 0)
+	    break;
+	left(CSmove);
+    } while (++i < Repeat);
+
+    return delete_string(i);
+}
+
+static STATUS
+redisplay()
+{
+    TTYputs(NEWLINE);
+    TTYputs(Prompt);
+    TTYstring(Line);
+    return CSmove;
+}
+
+static STATUS
+kill_line()
+{
+    int		i;
+
+    if (Repeat != NO_ARG) {
+	if (Repeat < Point) {
+	    i = Point;
+	    Point = Repeat;
+	    reposition();
+	    delete_string(i - Point);
+	}
+	else if (Repeat > Point) {
+	    right(CSmove);
+	    delete_string(Repeat - Point - 1);
+	}
+	return CSmove;
+    }
+
+    save_yank(Point, End - Point);
+    Line[Point] = '\0';
+    ceol();
+    End = Point;
+    return CSstay;
+}
+
+static STATUS
+insert_char(int c)
+{
+    STATUS	s;
+    unsigned char	buff[2];
+    unsigned char	*p;
+    unsigned char	*q;
+    int		i;
+
+    if (Repeat == NO_ARG || Repeat < 2) {
+	buff[0] = c;
+	buff[1] = '\0';
+	return insert_string(buff);
+    }
+
+    if ((p = malloc(Repeat + 1)) == NULL)
+	return CSstay;
+    for (i = Repeat, q = p; --i >= 0; )
+	*q++ = c;
+    *q = '\0';
+    Repeat = 0;
+    s = insert_string(p);
+    free(p);
+    return s;
+}
+
+static STATUS
+meta()
+{
+    unsigned int	c;
+    KEYMAP		*kp;
+
+    if ((c = TTYget()) == EOF)
+	return CSeof;
+    /* Also include VT-100 arrows. */
+    if (c == '[' || c == 'O')
+	switch (c = TTYget()) {
+	default:	return ring_bell();
+	case EOF:	return CSeof;
+	case 'A':	return h_prev();
+	case 'B':	return h_next();
+	case 'C':	return fd_char();
+	case 'D':	return bk_char();
+	}
+
+    if (isdigit(c)) {
+	for (Repeat = c - '0'; (c = TTYget()) != EOF && isdigit(c); )
+	    Repeat = Repeat * 10 + c - '0';
+	Pushed = 1;
+	PushBack = c;
+	return CSstay;
+    }
+
+    if (isupper(c))
+	return do_macro(c);
+    for (OldPoint = Point, kp = MetaMap; kp->Function; kp++)
+	if (kp->Key == c)
+	    return (*kp->Function)();
+
+    return ring_bell();
+}
+
+static STATUS
+emacs(unsigned int c)
+{
+    STATUS		s;
+    KEYMAP		*kp;
+
+    if (ISMETA(c)) {
+	Pushed = 1;
+	PushBack = UNMETA(c);
+	return meta();
+    }
+    for (kp = Map; kp->Function; kp++)
+	if (kp->Key == c)
+	    break;
+    s = kp->Function ? (*kp->Function)() : insert_char((int)c);
+    if (!Pushed)
+	/* No pushback means no repeat count; hacky, but true. */
+	Repeat = NO_ARG;
+    return s;
+}
+
+static STATUS
+TTYspecial(unsigned int c)
+{
+    if (ISMETA(c))
+	return CSdispatch;
+
+    if (c == rl_erase || c == DEL)
+	return bk_del_char();
+    if (c == rl_kill) {
+	if (Point != 0) {
+	    Point = 0;
+	    reposition();
+	}
+	Repeat = NO_ARG;
+	return kill_line();
+    }
+    if (c == rl_intr || c == rl_quit) {
+	Point = End = 0;
+	Line[0] = '\0';
+	return redisplay();
+    }
+    if (c == rl_eof && Point == 0 && End == 0)
+	return CSeof;
+
+    return CSdispatch;
+}
+
+static unsigned char *
+editinput()
+{
+    unsigned int	c;
+
+    Repeat = NO_ARG;
+    OldPoint = Point = Mark = End = 0;
+    Line[0] = '\0';
+
+    while ((c = TTYget()) != EOF)
+	switch (TTYspecial(c)) {
+	case CSdone:
+	    return Line;
+	case CSeof:
+	    return NULL;
+	case CSmove:
+	    reposition();
+	    break;
+	case CSdispatch:
+	    switch (emacs(c)) {
+	    case CSdone:
+		return Line;
+	    case CSeof:
+		return NULL;
+	    case CSmove:
+		reposition();
+		break;
+	    case CSdispatch:
+	    case CSstay:
+		break;
+	    }
+	    break;
+	case CSstay:
+	    break;
+	}
+    return NULL;
+}
+
+static void
+hist_add(unsigned char *p)
+{
+    int		i;
+
+    if ((p = (unsigned char *)strdup((char *)p)) == NULL)
+	return;
+    if (H.Size < HIST_SIZE)
+	H.Lines[H.Size++] = p;
+    else {
+	free(H.Lines[0]);
+	for (i = 0; i < HIST_SIZE - 1; i++)
+	    H.Lines[i] = H.Lines[i + 1];
+	H.Lines[i] = p;
+    }
+    H.Pos = H.Size - 1;
+}
+
+/*
+**  For compatibility with FSF readline.
+*/
+/* ARGSUSED0 */
+void
+rl_reset_terminal(char *p)
+{
+}
+
+void
+rl_initialize(void)
+{
+}
+
+char *
+readline(const char* prompt)
+{
+    unsigned char	*line;
+
+    if (Line == NULL) {
+	Length = MEM_INC;
+	if ((Line = malloc(Length)) == NULL)
+	    return NULL;
+    }
+
+    TTYinfo();
+    rl_ttyset(0);
+    hist_add(NIL);
+    ScreenSize = SCREEN_INC;
+    Screen = malloc(ScreenSize);
+    Prompt = prompt ? prompt : (char *)NIL;
+    TTYputs(Prompt);
+    if ((line = editinput()) != NULL) {
+	line = (unsigned char *)strdup((char *)line);
+	TTYputs(NEWLINE);
+	TTYflush();
+    }
+    rl_ttyset(1);
+    free(Screen);
+    free(H.Lines[--H.Size]);
+    return (char *)line;
+}
+
+void
+add_history(char *p)
+{
+    if (p == NULL || *p == '\0')
+	return;
+
+#if	defined(UNIQUE_HISTORY)
+    if (H.Pos && strcmp(p, H.Lines[H.Pos - 1]) == 0)
+        return;
+#endif	/* defined(UNIQUE_HISTORY) */
+    hist_add((unsigned char *)p);
+}
+
+
+static STATUS
+beg_line()
+{
+    if (Point) {
+	Point = 0;
+	return CSmove;
+    }
+    return CSstay;
+}
+
+static STATUS
+del_char()
+{
+    return delete_string(Repeat == NO_ARG ? 1 : Repeat);
+}
+
+static STATUS
+end_line()
+{
+    if (Point != End) {
+	Point = End;
+	return CSmove;
+    }
+    return CSstay;
+}
+
+/*
+**  Move back to the beginning of the current word and return an
+**  allocated copy of it.
+*/
+static unsigned char *
+find_word()
+{
+    static char	SEPS[] = "#;&|^$=`'{}()<>\n\t ";
+    unsigned char	*p;
+    unsigned char	*new;
+    size_t	len;
+
+    for (p = &Line[Point]; p > Line && strchr(SEPS, (char)p[-1]) == NULL; p--)
+	continue;
+    len = Point - (p - Line) + 1;
+    if ((new = malloc(len)) == NULL)
+	return NULL;
+    memcpy(new, p, len);
+    new[len - 1] = '\0';
+    return new;
+}
+
+static STATUS
+c_complete()
+{
+    unsigned char	*p;
+    unsigned char	*word;
+    int		unique;
+    STATUS	s;
+
+    word = find_word();
+    p = (unsigned char *)rl_complete((char *)word, &unique);
+    if (word)
+	free(word);
+    if (p && *p) {
+	s = insert_string(p);
+	if (!unique)
+	    ring_bell();
+	free(p);
+	return s;
+    }
+    return ring_bell();
+}
+
+static STATUS
+c_possible()
+{
+    unsigned char	**av;
+    unsigned char	*word;
+    int		ac;
+
+    word = find_word();
+    ac = rl_list_possib((char *)word, (char ***)&av);
+    if (word)
+	free(word);
+    if (ac) {
+	columns(ac, av);
+	while (--ac >= 0)
+	    free(av[ac]);
+	free(av);
+	return CSmove;
+    }
+    return ring_bell();
+}
+
+static STATUS
+accept_line()
+{
+    Line[End] = '\0';
+    return CSdone;
+}
+
+static STATUS
+transpose()
+{
+    unsigned char	c;
+
+    if (Point) {
+	if (Point == End)
+	    left(CSmove);
+	c = Line[Point - 1];
+	left(CSstay);
+	Line[Point - 1] = Line[Point];
+	TTYshow(Line[Point - 1]);
+	Line[Point++] = c;
+	TTYshow(c);
+    }
+    return CSstay;
+}
+
+static STATUS
+quote()
+{
+    unsigned int	c;
+
+    return (c = TTYget()) == EOF ? CSeof : insert_char((int)c);
+}
+
+static STATUS
+wipe()
+{
+    int		i;
+
+    if (Mark > End)
+	return ring_bell();
+
+    if (Point > Mark) {
+	i = Point;
+	Point = Mark;
+	Mark = i;
+	reposition();
+    }
+
+    return delete_string(Mark - Point);
+}
+
+static STATUS
+mk_set()
+{
+    Mark = Point;
+    return CSstay;
+}
+
+static STATUS
+exchange()
+{
+    unsigned int	c;
+
+    if ((c = TTYget()) != CTL('X'))
+	return c == EOF ? CSeof : ring_bell();
+
+    if ((c = Mark) <= End) {
+	Mark = Point;
+	Point = c;
+	return CSmove;
+    }
+    return CSstay;
+}
+
+static STATUS
+yank()
+{
+    if (Yanked && *Yanked)
+	return insert_string(Yanked);
+    return CSstay;
+}
+
+static STATUS
+copy_region()
+{
+    if (Mark > End)
+	return ring_bell();
+
+    if (Point > Mark)
+	save_yank(Mark, Point - Mark);
+    else
+	save_yank(Point, Mark - Point);
+
+    return CSstay;
+}
+
+static STATUS
+move_to_char()
+{
+    unsigned int	c;
+    int			i;
+    unsigned char		*p;
+
+    if ((c = TTYget()) == EOF)
+	return CSeof;
+    for (i = Point + 1, p = &Line[i]; i < End; i++, p++)
+	if (*p == c) {
+	    Point = i;
+	    return CSmove;
+	}
+    return CSstay;
+}
+
+static STATUS
+fd_word()
+{
+    return do_forward(CSmove);
+}
+
+static STATUS
+fd_kill_word()
+{
+    int		i;
+
+    do_forward(CSstay);
+    if (OldPoint != Point) {
+	i = Point - OldPoint;
+	Point = OldPoint;
+	return delete_string(i);
+    }
+    return CSstay;
+}
+
+static STATUS
+bk_word()
+{
+    int		i;
+    unsigned char	*p;
+
+    i = 0;
+    do {
+	for (p = &Line[Point]; p > Line && !isalnum(p[-1]); p--)
+	    left(CSmove);
+
+	for (; p > Line && p[-1] != ' ' && isalnum(p[-1]); p--)
+	    left(CSmove);
+
+	if (Point == 0)
+	    break;
+    } while (++i < Repeat);
+
+    return CSstay;
+}
+
+static STATUS
+bk_kill_word()
+{
+    bk_word();
+    if (OldPoint != Point)
+	return delete_string(OldPoint - Point);
+    return CSstay;
+}
+
+static int
+argify(unsigned char *line, unsigned char ***avp)
+{
+    unsigned char	*c;
+    unsigned char	**p;
+    unsigned char	**new;
+    int		ac;
+    int		i;
+
+    i = MEM_INC;
+    if ((*avp = p = malloc(sizeof(unsigned char*) * i))== NULL)
+	 return 0;
+
+    for (c = line; isspace(*c); c++)
+	continue;
+    if (*c == '\n' || *c == '\0')
+	return 0;
+
+    for (ac = 0, p[ac++] = c; *c && *c != '\n'; ) {
+	if (isspace(*c)) {
+	    *c++ = '\0';
+	    if (*c && *c != '\n') {
+		if (ac + 1 == i) {
+		    new = malloc(sizeof(unsigned char*) * (i + MEM_INC));
+		    if (new == NULL) {
+			p[ac] = NULL;
+			return ac;
+		    }
+		    memcpy(new, p, i * sizeof (char **));
+		    i += MEM_INC;
+		    free(p);
+		    *avp = p = new;
+		}
+		p[ac++] = c;
+	    }
+	}
+	else
+	    c++;
+    }
+    *c = '\0';
+    p[ac] = NULL;
+    return ac;
+}
+
+static STATUS
+last_argument()
+{
+    unsigned char	**av;
+    unsigned char	*p;
+    STATUS	s;
+    int		ac;
+
+    if (H.Size == 1 || (p = H.Lines[H.Size - 2]) == NULL)
+	return ring_bell();
+
+    if ((p = (unsigned char *)strdup((char *)p)) == NULL)
+	return CSstay;
+    ac = argify(p, &av);
+
+    if (Repeat != NO_ARG)
+	s = Repeat < ac ? insert_string(av[Repeat]) : ring_bell();
+    else
+	s = ac ? insert_string(av[ac - 1]) : CSstay;
+
+    if (ac)
+	free(av);
+    free(p);
+    return s;
+}
+
+static KEYMAP	Map[33] = {
+    {	CTL('@'),	ring_bell	},
+    {	CTL('A'),	beg_line	},
+    {	CTL('B'),	bk_char		},
+    {	CTL('D'),	del_char	},
+    {	CTL('E'),	end_line	},
+    {	CTL('F'),	fd_char		},
+    {	CTL('G'),	ring_bell	},
+    {	CTL('H'),	bk_del_char	},
+    {	CTL('I'),	c_complete	},
+    {	CTL('J'),	accept_line	},
+    {	CTL('K'),	kill_line	},
+    {	CTL('L'),	redisplay	},
+    {	CTL('M'),	accept_line	},
+    {	CTL('N'),	h_next		},
+    {	CTL('O'),	ring_bell	},
+    {	CTL('P'),	h_prev		},
+    {	CTL('Q'),	ring_bell	},
+    {	CTL('R'),	h_search	},
+    {	CTL('S'),	ring_bell	},
+    {	CTL('T'),	transpose	},
+    {	CTL('U'),	ring_bell	},
+    {	CTL('V'),	quote		},
+    {	CTL('W'),	wipe		},
+    {	CTL('X'),	exchange	},
+    {	CTL('Y'),	yank		},
+    {	CTL('Z'),	ring_bell	},
+    {	CTL('['),	meta		},
+    {	CTL(']'),	move_to_char	},
+    {	CTL('^'),	ring_bell	},
+    {	CTL('_'),	ring_bell	},
+    {	0,		NULL		}
+};
+
+static KEYMAP	MetaMap[16]= {
+    {	CTL('H'),	bk_kill_word	},
+    {	DEL,		bk_kill_word	},
+    {	' ',		mk_set	},
+    {	'.',		last_argument	},
+    {	'<',		h_first		},
+    {	'>',		h_last		},
+    {	'?',		c_possible	},
+    {	'b',		bk_word		},
+    {	'd',		fd_kill_word	},
+    {	'f',		fd_word		},
+    {	'l',		case_down_word	},
+    {	'u',		case_up_word	},
+    {	'y',		yank		},
+    {	'w',		copy_region	},
+    {	0,		NULL		}
+};
diff --git a/crypto/heimdal/lib/editline/editline.cat3 b/crypto/heimdal/lib/editline/editline.cat3
new file mode 100644
index 0000000..6e7e63e
--- /dev/null
+++ b/crypto/heimdal/lib/editline/editline.cat3
@@ -0,0 +1,198 @@
+
+
+
+EDITLINE(3)                                                       EDITLINE(3)
+
+
+
+NAME
+  editline - command-line editing library with history
+
+SYNOPSIS
+  cchhaarr **
+  rreeaaddlliinnee((pprroommpptt))
+       cchhaarr       **pprroommpptt;;
+
+  vvooiidd
+  aadddd__hhiissttoorryy((lliinnee))
+      cchhaarr        **lliinnee;;
+
+DESCRIPTION
+  _E_d_i_t_l_i_n_e is a library that provides an line-editing interface with text
+  recall.  It is intended to be compatible with the _r_e_a_d_l_i_n_e library provided
+  by the Free Software Foundation, but much smaller.  The bulk of this manual
+  page describes the user interface.
+
+  The _r_e_a_d_l_i_n_e routine returns a line of text with the trailing newline
+  removed.  The data is returned in a buffer allocated with _m_a_l_l_o_c(3), so the
+  space should be released with _f_r_e_e(3) when the calling program is done with
+  it.  Before accepting input from the user, the specified _p_r_o_m_p_t is dis-
+  played on the terminal.
+
+  The _a_d_d___h_i_s_t_o_r_y routine makes a copy of the specified _l_i_n_e and adds it to
+  the internal history list.
+
+  User Interface
+
+  A program that uses this library provides a simple emacs-like editing
+  interface to its users.  A line may be edited before it is sent to the
+  calling program by typing either control characters or escape sequences.  A
+  control character, shown as a caret followed by a letter, is typed by hold-
+  ing down the ``control'' key while the letter is typed.  For example,
+  ``^A'' is a control-A.  An escape sequence is entered by typing the
+  ``escape'' key followed by one or more characters.  The escape key is
+  abbreviated as ``ESC.''  Note that unlike control keys, case matters in
+  escape sequences; ``ESC F'' is not the same as ``ESC f''.
+
+  An editing command may be typed anywhere on the line, not just at the
+  beginning.  In addition, a return may also be typed anywhere on the line,
+  not just at the end.
+
+  Most editing commands may be given a repeat count, _n, where _n is a number.
+  To enter a repeat count, type the escape key, the number, and then the com-
+  mand to execute.  For example, ``ESC 4 ^f'' moves forward four characters.
+  If a command may be given a repeat count then the text ``[n]'' is given at
+  the end of its description.
+
+  The following control characters are accepted:
+       ^A       Move to the beginning of the line
+       ^B       Move left (backwards) [n]
+       ^D       Delete character [n]
+       ^E       Move to end of line
+       ^F       Move right (forwards) [n]
+       ^G       Ring the bell
+       ^H       Delete character before cursor (backspace key) [n]
+       ^I       Complete filename (tab key); see below
+       ^J       Done with line (return key)
+       ^K       Kill to end of line (or column [n])
+       ^L       Redisplay line
+       ^M       Done with line (alternate return key)
+       ^N       Get next line from history [n]
+       ^P       Get previous line from history [n]
+       ^R       Search backward (forward if [n]) through history for text;
+                must start line if text begins with an uparrow
+       ^T       Transpose characters
+       ^V       Insert next character, even if it is an edit command
+       ^W       Wipe to the mark
+       ^X^X     Exchange current location and mark
+       ^Y       Yank back last killed text
+       ^[       Start an escape sequence (escape key)
+       ^]c      Move forward to next character ``c''
+       ^?       Delete character before cursor (delete key) [n]
+
+  The following escape sequences are provided.
+       ESC ^H   Delete previous word (backspace key) [n]
+       ESC DEL  Delete previous word (delete key) [n]
+       ESC SP   Set the mark (space key); see ^X^X and ^Y above
+       ESC .    Get the last (or [n]'th) word from previous line
+       ESC ?    Show possible completions; see below
+       ESC <    Move to start of history
+       ESC >    Move to end of history
+       ESC b    Move backward a word [n]
+       ESC d    Delete word under cursor [n]
+       ESC f    Move forward a word [n]
+       ESC l    Make word lowercase [n]
+       ESC u    Make word uppercase [n]
+       ESC y    Yank back last killed text
+       ESC v    Show library version
+       ESC w    Make area up to mark yankable
+       ESC nn   Set repeat count to the number nn
+       ESC C    Read from environment variable ``_C_'', where C is
+                an uppercase letter
+
+  The _e_d_i_t_l_i_n_e library has a small macro facility.  If you type the escape
+  key followed by an uppercase letter, _C, then the contents of the environ-
+  ment variable ___C__ are read in as if you had typed them at the keyboard.
+  For example, if the variable ___L__ contains the following:
+       ^A^Kecho '^V^[[H^V^[[2J'^M
+  Then typing ``ESC L'' will move to the beginning of the line, kill the
+  entire line, enter the echo command needed to clear the terminal (if your
+  terminal is like a VT-100), and send the line back to the shell.
+
+  The _e_d_i_t_l_i_n_e library also does filename completion.  Suppose the root
+  directory has the following files in it:
+       bin    vmunix
+       core   vmunix.old
+  If you type ``rm /v'' and then the tab key.  _E_d_i_t_l_i_n_e will then finish off
+  as much of the name as possible by adding ``munix''.  Because the name is
+  not unique, it will then beep.  If you type the escape key and a question
+  mark, it will display the two choices.  If you then type a period and a
+  tab, the library will finish off the filename for you:
+       rm /v[TAB]_m_u_n_i_x.TAB_o_l_d
+  The tab key is shown by ``[TAB]'' and the automatically-entered text is
+  shown in italics.
+
+
+
+BUGS AND LIMITATIONS
+  Cannot handle lines more than 80 columns.
+
+
+
+
+AUTHORS
+  Simmule R. Turner <uunet.uu.net!capitol!sysgo!simmy> and Rich $alz
+  <rsalz@osf.org>.  Original manual page by DaviD W. Sanderson
+  <dws@ssec.wisc.edu>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/crypto/heimdal/lib/editline/editline.h b/crypto/heimdal/lib/editline/editline.h
new file mode 100644
index 0000000..a948ddc
--- /dev/null
+++ b/crypto/heimdal/lib/editline/editline.h
@@ -0,0 +1,64 @@
+/*  $Revision: 1.4 $
+**
+**  Internal header file for editline library.
+*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define CRLF		"\r\n"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+typedef struct dirent	DIRENTRY;
+#else
+#include <sys/dir.h>
+typedef struct direct	DIRENTRY;
+#endif
+
+#include <roken.h>
+
+#if	!defined(S_ISDIR)
+#define S_ISDIR(m)		(((m) & S_IFMT) == S_IFDIR)
+#endif	/* !defined(S_ISDIR) */
+
+typedef unsigned char	CHAR;
+
+#define MEM_INC		64
+#define SCREEN_INC	256
+
+/*
+**  Variables and routines internal to this package.
+*/
+extern int	rl_eof;
+extern int	rl_erase;
+extern int	rl_intr;
+extern int	rl_kill;
+extern int	rl_quit;
+
+typedef char* (*rl_complete_func_t)(char*, int*);
+
+typedef int (*rl_list_possib_func_t)(char*, char***);
+
+void	add_history (char*);
+char*	readline (const char* prompt);
+void	rl_add_slash (char*, char*);
+char*	rl_complete (char*, int*);
+void	rl_initialize (void);
+int	rl_list_possib (char*, char***);
+void	rl_reset_terminal (char*);
+void	rl_ttyset (int);
+rl_complete_func_t	rl_set_complete_func (rl_complete_func_t);
+rl_list_possib_func_t	rl_set_list_possib_func (rl_list_possib_func_t);
+ 
diff --git a/crypto/heimdal/lib/editline/roken_rename.h b/crypto/heimdal/lib/editline/roken_rename.h
new file mode 100644
index 0000000..9ea278d
--- /dev/null
+++ b/crypto/heimdal/lib/editline/roken_rename.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.4 1999/12/02 16:58:39 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#ifndef HAVE_STRDUP
+#define strdup _editline_strdup
+#endif
+#ifndef HAVE_SNPRINTF
+#define snprintf _editline_snprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _editline_vsnprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _editline_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _editline_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _editline_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _editline_vasnprintf
+#endif
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/editline/sysunix.c b/crypto/heimdal/lib/editline/sysunix.c
new file mode 100644
index 0000000..bcd6def
--- /dev/null
+++ b/crypto/heimdal/lib/editline/sysunix.c
@@ -0,0 +1,92 @@
+/*  Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
+ *
+ *  This software is not subject to any license of the American Telephone 
+ *  and Telegraph Company or of the Regents of the University of California. 
+ *
+ *  Permission is granted to anyone to use this software for any purpose on
+ *  any computer system, and to alter it and redistribute it freely, subject
+ *  to the following restrictions:
+ *  1. The authors are not responsible for the consequences of use of this
+ *     software, no matter how awful, even if they arise from flaws in it.
+ *  2. The origin of this software must not be misrepresented, either by
+ *     explicit claim or by omission.  Since few users ever read sources,
+ *     credits must appear in the documentation.
+ *  3. Altered versions must be plainly marked as such, and must not be
+ *     misrepresented as being the original software.  Since few users
+ *     ever read sources, credits must appear in the documentation.
+ *  4. This notice may not be removed or altered.
+ */
+
+/*
+**  Unix system-dependant routines for editline library.
+*/
+#include <config.h>
+#include "editline.h"
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#else
+#include <sgtty.h>
+#endif
+
+RCSID("$Id: sysunix.c,v 1.4 1999/04/08 13:08:24 joda Exp $");
+
+#ifdef HAVE_TERMIOS_H
+
+void
+rl_ttyset(int Reset)
+{
+    static struct termios	old;
+    struct termios		new;
+    
+    if (Reset == 0) {
+	tcgetattr(0, &old);
+	rl_erase = old.c_cc[VERASE];
+	rl_kill = old.c_cc[VKILL];
+	rl_eof = old.c_cc[VEOF];
+	rl_intr = old.c_cc[VINTR];
+	rl_quit = old.c_cc[VQUIT];
+
+	new = old;
+	new.c_cc[VINTR] = -1;
+	new.c_cc[VQUIT] = -1;
+	new.c_lflag &= ~(ECHO | ICANON);
+	new.c_iflag &= ~(ISTRIP | INPCK);
+	new.c_cc[VMIN] = 1;
+	new.c_cc[VTIME] = 0;
+	tcsetattr(0, TCSANOW, &new);
+    }
+    else
+	tcsetattr(0, TCSANOW, &old);
+}
+
+#else /* !HAVE_TERMIOS_H */
+
+void
+rl_ttyset(int Reset)
+{
+       static struct sgttyb old;
+       struct sgttyb new;
+
+       if (Reset == 0) {
+               ioctl(0, TIOCGETP, &old);
+               rl_erase = old.sg_erase;
+               rl_kill = old.sg_kill;
+               new = old;
+               new.sg_flags &= ~(ECHO | ICANON);
+               new.sg_flags &= ~(ISTRIP | INPCK);
+               ioctl(0, TIOCSETP, &new);
+       } else {
+               ioctl(0, TIOCSETP, &old);
+       }
+}
+#endif /* HAVE_TERMIOS_H */
+
+void
+rl_add_slash(char *path, char *p)
+{
+    struct stat	Sb;
+    
+    if (stat(path, &Sb) >= 0)
+	strcat(p, S_ISDIR(Sb.st_mode) ? "/" : " ");
+}
diff --git a/crypto/heimdal/lib/editline/testit.c b/crypto/heimdal/lib/editline/testit.c
new file mode 100644
index 0000000..4635e36
--- /dev/null
+++ b/crypto/heimdal/lib/editline/testit.c
@@ -0,0 +1,38 @@
+/*  $Revision: 1.2 $
+**
+**  A "micro-shell" to test editline library.
+**  If given any arguments, commands aren't executed.
+*/
+#if defined(HAVE_CONFIG_H)
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+
+#include "editline.h"
+
+int
+main(int ac, char **av)
+{
+    char	*p;
+    int		doit;
+
+    doit = ac == 1;
+    while ((p = readline("testit> ")) != NULL) {
+	(void)printf("\t\t\t|%s|\n", p);
+	if (doit)
+	    if (strncmp(p, "cd ", 3) == 0) {
+		if (chdir(&p[3]) < 0)
+		    perror(&p[3]);
+	    } else if (system(p) != 0) {
+		perror(p);
+	    }
+	add_history(p);
+	free(p);
+    }
+    exit(0);
+    /* NOTREACHED */
+}
diff --git a/crypto/heimdal/lib/editline/unix.h b/crypto/heimdal/lib/editline/unix.h
new file mode 100644
index 0000000..fe6beed
--- /dev/null
+++ b/crypto/heimdal/lib/editline/unix.h
@@ -0,0 +1,22 @@
+/*  $Revision: 1.1 $
+**
+**  Editline system header file for Unix.
+*/
+
+#define CRLF		"\r\n"
+#define FORWARD		STATIC
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#if	defined(USE_DIRENT)
+#include <dirent.h>
+typedef struct dirent	DIRENTRY;
+#else
+#include <sys/dir.h>
+typedef struct direct	DIRENTRY;
+#endif	/* defined(USE_DIRENT) */
+
+#if	!defined(S_ISDIR)
+#define S_ISDIR(m)		(((m) & S_IFMT) == S_IFDIR)
+#endif	/* !defined(S_ISDIR) */
diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog
index e335d4db..99ab271 100644
--- a/crypto/heimdal/lib/gssapi/ChangeLog
+++ b/crypto/heimdal/lib/gssapi/ChangeLog
@@ -1,3 +1,43 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: bump version to 3:1:2
+
+2001-05-14  Assar Westerlund  <assar@sics.se>
+
+	* address_to_krb5addr.c: adapt to new address functions
+
+2001-05-11  Assar Westerlund  <assar@sics.se>
+
+	* try to return the error string from libkrb5 where applicable
+
+2001-05-08  Assar Westerlund  <assar@sics.se>
+
+	* delete_sec_context.c (gss_delete_sec_context): remember to free
+	the memory used by the ticket itself. from <tmartin@mirapoint.com>
+
+2001-05-04  Assar Westerlund  <assar@sics.se>
+
+	* gssapi_locl.h: add config.h for completeness
+	* gssapi.h: remove config.h, this is an installed header file
+	sys/types.h is not needed either
+	
+2001-03-12  Assar Westerlund  <assar@sics.se>
+
+	* acquire_cred.c (gss_acquire_cred): remove memory leaks.  from
+	Jason R Thorpe <thorpej@zembu.com>
+
+2001-02-18  Assar Westerlund  <assar@sics.se>
+
+	* accept_sec_context.c (gss_accept_sec_context): either return
+	gss_name NULL-ed or set
+
+	* import_name.c: set minor_status in some cases where it was not
+	done
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* wrap.c: use krb5_generate_random_block for the confounders
+
 2001-01-30  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am
index a086e29..3132040 100644
--- a/crypto/heimdal/lib/gssapi/Makefile.am
+++ b/crypto/heimdal/lib/gssapi/Makefile.am
@@ -1,11 +1,11 @@
-# $Id: Makefile.am,v 1.30 2001/01/30 01:51:53 assar Exp $
+# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
 INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_krb4)
 
 lib_LTLIBRARIES = libgssapi.la
-libgssapi_la_LDFLAGS = -version-info 3:0:2
+libgssapi_la_LDFLAGS = -version-info 3:1:2
 
 include_HEADERS = gssapi.h
 
diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in
index 4173934..a71a183 100644
--- a/crypto/heimdal/lib/gssapi/Makefile.in
+++ b/crypto/heimdal/lib/gssapi/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.30 2001/01/30 01:51:53 assar Exp $
+# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,10 +186,12 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 lib_LTLIBRARIES = libgssapi.la
-libgssapi_la_LDFLAGS = -version-info 3:0:2
+libgssapi_la_LDFLAGS = -version-info 3:1:2
 
 include_HEADERS = gssapi.h
 
@@ -278,7 +281,7 @@ OBJECTS = $(am_libgssapi_la_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/gssapi/Makefile
 
@@ -385,6 +388,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c
index a606c55..4cb2427 100644
--- a/crypto/heimdal/lib/gssapi/accept_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/accept_sec_context.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: accept_sec_context.c,v 1.21 2001/01/09 18:47:11 assar Exp $");
+RCSID("$Id: accept_sec_context.c,v 1.24 2001/05/11 09:16:45 assar Exp $");
 
 static krb5_keytab gss_keytab;
 
@@ -76,6 +76,7 @@ gss_accept_sec_context
   krb5_ticket *ticket = NULL;
   krb5_keytab keytab = NULL;
   krb5_data fwd_data;
+  OM_uint32 minor;
 
   gssapi_krb5_init ();
 
@@ -98,10 +99,15 @@ gss_accept_sec_context
   (*context_handle)->more_flags = 0;
   (*context_handle)->ticket = NULL;
 
+  if (src_name != NULL)
+      *src_name = NULL;
+
   kret = krb5_auth_con_init (gssapi_krb5_context,
 			     &(*context_handle)->auth_context);
   if (kret) {
     ret = GSS_S_FAILURE;
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
     goto failure;
   }
 
@@ -131,6 +137,7 @@ gss_accept_sec_context
                                &acceptor_addr); 
      if (kret) {
         *minor_status = kret;
+	gssapi_krb5_set_error_string ();
         ret = GSS_S_BAD_BINDINGS;
         goto failure;
      }
@@ -142,6 +149,7 @@ gss_accept_sec_context
      if (kret) {
         krb5_free_address (gssapi_krb5_context, &acceptor_addr);
         *minor_status = kret;
+	gssapi_krb5_set_error_string ();
         ret = GSS_S_BAD_BINDINGS;
         goto failure;
      }
@@ -162,6 +170,7 @@ gss_accept_sec_context
      
      if (kret) {
         *minor_status = kret;
+	gssapi_krb5_set_error_string ();
         ret = GSS_S_BAD_BINDINGS;
         goto failure;
      }
@@ -207,6 +216,8 @@ gss_accept_sec_context
 		      &ticket);
   if (kret) {
     ret = GSS_S_FAILURE;
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
     goto failure;
   }
 
@@ -215,6 +226,8 @@ gss_accept_sec_context
 			      &(*context_handle)->source);
   if (kret) {
     ret = GSS_S_FAILURE;
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
     goto failure;
   }
 
@@ -223,15 +236,19 @@ gss_accept_sec_context
 			      &(*context_handle)->target);
   if (kret) {
     ret = GSS_S_FAILURE;
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
     goto failure;
   }
 
-  if (src_name) {
+  if (src_name != NULL) {
     kret = krb5_copy_principal (gssapi_krb5_context,
 				ticket->client,
 				src_name);
     if (kret) {
       ret = GSS_S_FAILURE;
+      *minor_status = kret;
+      gssapi_krb5_set_error_string ();
       goto failure;
     }
   }
@@ -244,6 +261,8 @@ gss_accept_sec_context
 					&authenticator);
       if(kret) {
 	  ret = GSS_S_FAILURE;
+	  *minor_status = kret;
+	  gssapi_krb5_set_error_string ();
 	  goto failure;
       }
 
@@ -254,6 +273,8 @@ gss_accept_sec_context
       krb5_free_authenticator(gssapi_krb5_context, &authenticator);
       if (kret) {
 	  ret = GSS_S_FAILURE;
+	  *minor_status = kret;
+	  gssapi_krb5_set_error_string ();
 	  goto failure;
       }
   }
@@ -322,6 +343,8 @@ end_fwd:
 			&outbuf);
     if (kret) {
       ret = GSS_S_FAILURE;
+      *minor_status = kret;
+      gssapi_krb5_set_error_string ();
       goto failure;
     }
     ret = gssapi_krb5_encapsulate (&outbuf,
@@ -359,6 +382,10 @@ failure:
     krb5_free_principal (gssapi_krb5_context,
 			 (*context_handle)->target);
   free (*context_handle);
+  if (src_name != NULL) {
+      gss_release_name (&minor, src_name);
+      *src_name = NULL;
+  }
   *context_handle = GSS_C_NO_CONTEXT;
   *minor_status = kret;
   return GSS_S_FAILURE;
diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c
index 341d06d..acc60a2 100644
--- a/crypto/heimdal/lib/gssapi/acquire_cred.c
+++ b/crypto/heimdal/lib/gssapi/acquire_cred.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: acquire_cred.c,v 1.4 2001/01/30 00:49:05 assar Exp $");
+RCSID("$Id: acquire_cred.c,v 1.6 2001/05/11 09:16:45 assar Exp $");
 
 OM_uint32 gss_acquire_cred
            (OM_uint32 * minor_status,
@@ -48,95 +48,115 @@ OM_uint32 gss_acquire_cred
 {
     gss_cred_id_t handle;
     OM_uint32 ret;
-    krb5_principal def_princ;
+    krb5_error_code kret = 0;
     krb5_ccache ccache;
-    krb5_error_code pret = -1, kret = 0;
-    krb5_keytab kt;
-    krb5_creds cred;
-    krb5_get_init_creds_opt opt;
 
     handle = (gss_cred_id_t)malloc(sizeof(*handle));
-    if (handle == GSS_C_NO_CREDENTIAL) {
+    if (handle == GSS_C_NO_CREDENTIAL)
         return GSS_S_FAILURE;
-    }
+
     memset(handle, 0, sizeof (*handle));
 
     ret = gss_duplicate_name(minor_status, desired_name, &handle->principal);
     if (ret) {
+	free(handle);
         return ret;
     }
 
-    if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0 &&
-      (pret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
-					 &def_princ)) == 0 &&
-      krb5_principal_compare(gssapi_krb5_context, handle->principal,
-				 def_princ) == TRUE) {
+    if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0) {
+	krb5_principal def_princ;
+
+	if (krb5_cc_get_principal(gssapi_krb5_context, ccache,
+				  &def_princ) != 0) {
+	    krb5_cc_close(gssapi_krb5_context, ccache);
+	    goto try_keytab;
+	}
+	if (krb5_principal_compare(gssapi_krb5_context, handle->principal,
+				   def_princ) == FALSE) {
+	    krb5_free_principal(gssapi_krb5_context, def_princ);
+	    krb5_cc_close(gssapi_krb5_context, ccache);
+	    goto try_keytab;
+	}
 	handle->ccache = ccache;
 	handle->keytab = NULL;
+	krb5_free_principal(gssapi_krb5_context, def_princ);
     } else {
-	kret = krb5_kt_default(gssapi_krb5_context, &kt);
+    	krb5_creds cred;
+    	krb5_get_init_creds_opt opt;
+
+ try_keytab:
+	kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab);
 	if (kret != 0)
-	    goto out;
+	    goto krb5_bad;
+
 	krb5_get_init_creds_opt_init(&opt);
 	memset(&cred, 0, sizeof(cred));
+
 	kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
-	  handle->principal, kt, 0, NULL, &opt);
+					  handle->principal, handle->keytab,
+					  0, NULL, &opt);
+	if (kret != 0)
+	    goto krb5_bad;
+
+	kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
+			       &handle->ccache);
 	if (kret != 0) {
-	    krb5_kt_close(gssapi_krb5_context, kt);
-	    goto out;
+	    krb5_free_creds_contents(gssapi_krb5_context, &cred);
+	    goto krb5_bad;
 	}
-	kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, &ccache);
+
+	kret = krb5_cc_initialize(gssapi_krb5_context, handle->ccache,
+				  cred.client);
 	if (kret != 0) {
-	    krb5_kt_close(gssapi_krb5_context, kt);
-	    goto out;
+	    krb5_free_creds_contents(gssapi_krb5_context, &cred);
+	    goto krb5_bad;
 	}
-	kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
+
+	kret = krb5_cc_store_cred(gssapi_krb5_context, handle->ccache, &cred);
 	if (kret != 0) {
-	    krb5_kt_close(gssapi_krb5_context, kt);
-	    krb5_cc_close(gssapi_krb5_context, ccache);
-	    goto out;
+	    krb5_free_creds_contents(gssapi_krb5_context, &cred);
+	    goto krb5_bad;
 	}
-	kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
-	if (kret != 0) {
-	    krb5_kt_close(gssapi_krb5_context, kt);
-	    krb5_cc_close(gssapi_krb5_context, ccache);
-	    goto out;
-	}
-	handle->ccache = ccache;
-	handle->keytab = kt;
-    }
 
+	krb5_free_creds_contents(gssapi_krb5_context, &cred);
+    }
 
     /* XXX */
     handle->lifetime = time_req;
     handle->usage = cred_usage;
 
     ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-    if (ret) {
-        return ret;
-    }
+    if (ret)
+	goto gssapi_bad;
+
     ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
 				 &handle->mechanisms);
-    if (ret) {
-        return ret;
-    }
+    if (ret)
+	goto gssapi_bad;
 
     ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
 			   actual_mechs);
-    if (ret) {
-        return ret;
-    }
+    if (ret)
+	goto gssapi_bad;
 
     *output_cred_handle = handle;
+    return (GSS_S_COMPLETE);
 
-out:
-    if (pret == 0)
-	krb5_free_principal(gssapi_krb5_context, def_princ);
+ krb5_bad:
+    ret = GSS_S_FAILURE;
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
 
-    if (kret != 0) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
+ gssapi_bad:
+    krb5_free_principal(gssapi_krb5_context, handle->principal);
+    if (handle->ccache != NULL)
+	krb5_cc_close(gssapi_krb5_context, handle->ccache);
+    if (handle->keytab != NULL)
+	krb5_kt_close(gssapi_krb5_context, handle->keytab);
+    if (handle->mechanisms != NULL)
+	gss_release_oid_set(NULL, &handle->mechanisms);
+
+    free(handle);
 
-    return GSS_S_COMPLETE;
+    return (ret);
 }
diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c
index b8144ff..baf70c5 100644
--- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c
+++ b/crypto/heimdal/lib/gssapi/add_oid_set_member.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: add_oid_set_member.c,v 1.6 2000/07/02 04:44:11 assar Exp $");
+RCSID("$Id: add_oid_set_member.c,v 1.7 2001/02/18 03:39:08 assar Exp $");
 
 OM_uint32 gss_add_oid_set_member (
             OM_uint32 * minor_status,
@@ -55,8 +55,10 @@ OM_uint32 gss_add_oid_set_member (
 
   n = (*oid_set)->count + 1;
   tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
-  if (tmp == NULL)
+  if (tmp == NULL) {
+    *minor_status = ENOMEM;
     return GSS_S_FAILURE;
+  }
   (*oid_set)->elements = tmp;
   (*oid_set)->count = n;
   (*oid_set)->elements[n-1] = *member_oid;
diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
index 1d8c1b6..c8041aa 100644
--- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
+++ b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -61,7 +61,8 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type,
                            return GSS_S_FAILURE;
    }
                       
-   problem = krb5_h_addr2sockaddr (addr_type,
+   problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
+				   addr_type,
                                    gss_addr->value, 
                                    &sa, 
                                    &sa_size, 
@@ -69,7 +70,7 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type,
    if (problem)
       return GSS_S_FAILURE;
 
-   problem = krb5_sockaddr2address (&sa, address);
+   problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
 
    return problem;  
 }
diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c
index 1882eb3..f933f9e 100644
--- a/crypto/heimdal/lib/gssapi/context_time.c
+++ b/crypto/heimdal/lib/gssapi/context_time.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: context_time.c,v 1.3 2000/02/06 08:14:16 assar Exp $");
+RCSID("$Id: context_time.c,v 1.5 2001/05/11 09:16:45 assar Exp $");
 
 OM_uint32 gss_context_time
            (OM_uint32 * minor_status,
@@ -56,6 +56,8 @@ OM_uint32 gss_context_time
 
     kret = krb5_timeofday(gssapi_krb5_context, &timeret);
     if (kret) {
+	*minor_status = kret;
+	gssapi_krb5_set_error_string ();
         return GSS_S_FAILURE;
     }
 
diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c
index f91acab..a6f53df 100644
--- a/crypto/heimdal/lib/gssapi/copy_ccache.c
+++ b/crypto/heimdal/lib/gssapi/copy_ccache.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: copy_ccache.c,v 1.1 2001/01/30 00:35:47 assar Exp $");
+RCSID("$Id: copy_ccache.c,v 1.2 2001/05/11 09:16:45 assar Exp $");
 
 OM_uint32
 gss_krb5_copy_ccache(OM_uint32 *minor,
@@ -50,6 +50,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor,
     kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out);
     if (kret) {
 	*minor = kret;
+	gssapi_krb5_set_error_string ();
 	return GSS_S_FAILURE;
     }
     return GSS_S_COMPLETE;
diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
index acec30e..de71749 100644
--- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
+++ b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: create_emtpy_oid_set.c,v 1.3 1999/12/02 17:05:03 joda Exp $");
+RCSID("$Id: create_emtpy_oid_set.c,v 1.4 2001/02/18 03:39:08 assar Exp $");
 
 OM_uint32 gss_create_empty_oid_set (
             OM_uint32 * minor_status,
@@ -42,6 +42,7 @@ OM_uint32 gss_create_empty_oid_set (
 {
   *oid_set = malloc(sizeof(**oid_set));
   if (*oid_set == NULL) {
+    *minor_status = ENOMEM;
     return GSS_S_FAILURE;
   }
   (*oid_set)->count = 0;
diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c
index 15e3cfa..06f44e3 100644
--- a/crypto/heimdal/lib/gssapi/delete_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/delete_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: delete_sec_context.c,v 1.7 2000/02/11 23:00:48 assar Exp $");
+RCSID("$Id: delete_sec_context.c,v 1.9 2001/05/10 15:23:04 assar Exp $");
 
 OM_uint32 gss_delete_sec_context
            (OM_uint32 * minor_status,
@@ -56,9 +56,12 @@ OM_uint32 gss_delete_sec_context
   if((*context_handle)->target)
     krb5_free_principal (gssapi_krb5_context,
 			 (*context_handle)->target);
-  if ((*context_handle)->ticket)
+  if ((*context_handle)->ticket) {
     krb5_free_ticket (gssapi_krb5_context,
 		      (*context_handle)->ticket);
+    free((*context_handle)->ticket);
+  }
+
   free (*context_handle);
   *context_handle = GSS_C_NO_CONTEXT;
   return GSS_S_COMPLETE;
diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c
index 4efed14..1c25e67 100644
--- a/crypto/heimdal/lib/gssapi/display_name.c
+++ b/crypto/heimdal/lib/gssapi/display_name.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: display_name.c,v 1.5 1999/12/02 17:05:03 joda Exp $");
+RCSID("$Id: display_name.c,v 1.7 2001/05/11 09:16:46 assar Exp $");
 
 OM_uint32 gss_display_name
            (OM_uint32 * minor_status,
@@ -50,13 +50,17 @@ OM_uint32 gss_display_name
   kret = krb5_unparse_name (gssapi_krb5_context,
 			    input_name,
 			    &buf);
-  if (kret)
+  if (kret) {
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
     return GSS_S_FAILURE;
+  }
   len = strlen (buf);
   output_name_buffer->length = len;
   output_name_buffer->value  = malloc(len + 1);
   if (output_name_buffer->value == NULL) {
     free (buf);
+    *minor_status = ENOMEM;
     return GSS_S_FAILURE;
   }
   memcpy (output_name_buffer->value, buf, len);
diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c
index f08c47e..1fa0531 100644
--- a/crypto/heimdal/lib/gssapi/display_status.c
+++ b/crypto/heimdal/lib/gssapi/display_status.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,9 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: display_status.c,v 1.5 1999/12/02 17:05:03 joda Exp $");
+RCSID("$Id: display_status.c,v 1.6 2001/05/11 09:16:46 assar Exp $");
+
+static char *krb5_error_string;
 
 static char *
 calling_error(OM_uint32 v)
@@ -91,6 +93,20 @@ routine_error(OM_uint32 v)
 	return msgs[v];
 }
 
+void
+gssapi_krb5_set_error_string (void)
+{
+    krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
+}
+
+char *
+gssapi_krb5_get_error_string (void)
+{
+    char *ret = krb5_error_string;
+    krb5_error_string = NULL;
+    return ret;
+}
+
 OM_uint32 gss_display_status
            (OM_uint32		*minor_status,
 	    OM_uint32		 status_value,
@@ -118,7 +134,9 @@ OM_uint32 gss_display_status
 	  return GSS_S_FAILURE;
       }
   } else if (status_type == GSS_C_MECH_CODE) {
-      buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value));
+      buf = gssapi_krb5_get_error_string ();
+      if (buf == NULL)
+	  buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value));
       if (buf == NULL) {
 	  *minor_status = ENOMEM;
 	  return GSS_S_FAILURE;
diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c
index a3118d3..b0ecdf2 100644
--- a/crypto/heimdal/lib/gssapi/duplicate_name.c
+++ b/crypto/heimdal/lib/gssapi/duplicate_name.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: duplicate_name.c,v 1.3 1999/12/02 17:05:03 joda Exp $");
+RCSID("$Id: duplicate_name.c,v 1.5 2001/05/11 09:16:46 assar Exp $");
 
 OM_uint32 gss_duplicate_name (
             OM_uint32 * minor_status,
@@ -48,8 +48,11 @@ OM_uint32 gss_duplicate_name (
   kret = krb5_copy_principal (gssapi_krb5_context,
 			      src_name,
 			      dest_name);
-  if (kret)
+  if (kret) {
+    *minor_status = kret;
+    gssapi_krb5_set_error_string ();
     return GSS_S_FAILURE;
-  else
+  } else {
     return GSS_S_COMPLETE;
+  }
 }
diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c
index 7116f95..30c5a11 100644
--- a/crypto/heimdal/lib/gssapi/export_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/export_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: export_sec_context.c,v 1.3 2000/07/08 11:42:22 assar Exp $");
+RCSID("$Id: export_sec_context.c,v 1.4 2001/02/18 03:39:09 assar Exp $");
 
 OM_uint32
 gss_export_sec_context (
@@ -44,10 +44,12 @@ gss_export_sec_context (
 {
     krb5_storage *sp;
     krb5_auth_context ac;
-    int ret;
+    OM_uint32 ret = GSS_S_COMPLETE;
     krb5_data data;
     gss_buffer_desc buffer;
     int flags;
+    OM_uint32 minor;
+    krb5_error_code kret;
 
     gssapi_krb5_init ();
     if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
@@ -74,25 +76,74 @@ gss_export_sec_context (
     if (ac->remote_subkey)
 	flags |= SC_REMOTE_SUBKEY;
 
-    krb5_store_int32 (sp, flags);
+    kret = krb5_store_int32 (sp, flags);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
 
     /* marshall auth context */
 
-    krb5_store_int32 (sp, ac->flags);
-    if (ac->local_address)
-	krb5_store_address (sp, *ac->local_address);
-    if (ac->remote_address)
-	krb5_store_address (sp, *ac->remote_address);
-    krb5_store_int16 (sp, ac->local_port);
-    krb5_store_int16 (sp, ac->remote_port);
-    if (ac->keyblock)
-	krb5_store_keyblock (sp, *ac->keyblock);
-    if (ac->local_subkey)
-	krb5_store_keyblock (sp, *ac->local_subkey);
-    if (ac->remote_subkey)
-	krb5_store_keyblock (sp, *ac->remote_subkey);
-    krb5_store_int32 (sp, ac->local_seqnumber);
-    krb5_store_int32 (sp, ac->remote_seqnumber);
+    kret = krb5_store_int32 (sp, ac->flags);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
+    if (ac->local_address) {
+	kret = krb5_store_address (sp, *ac->local_address);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
+    }
+    if (ac->remote_address) {
+	kret = krb5_store_address (sp, *ac->remote_address);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
+    }
+    kret = krb5_store_int16 (sp, ac->local_port);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
+    kret = krb5_store_int16 (sp, ac->remote_port);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
+    if (ac->keyblock) {
+	kret = krb5_store_keyblock (sp, *ac->keyblock);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
+    }
+    if (ac->local_subkey) {
+	kret = krb5_store_keyblock (sp, *ac->local_subkey);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
+    }
+    if (ac->remote_subkey) {
+	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
+    }
+    kret = krb5_store_int32 (sp, ac->local_seqnumber);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
+    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
 
 #if 0
     {
@@ -108,31 +159,65 @@ gss_export_sec_context (
 	}
 	data.data   = auth_buf;
 	data.length = sz;
-	krb5_store_data (sp, data);
+	kret = krb5_store_data (sp, data);
+	if (kret) {
+	    *minor_status = kret;
+	    goto failure;
+	}
     }
 #endif
-    krb5_store_int32 (sp, ac->keytype);
-    krb5_store_int32 (sp, ac->cksumtype);
+    kret = krb5_store_int32 (sp, ac->keytype);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
+    kret = krb5_store_int32 (sp, ac->cksumtype);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
 
     /* names */
 
-    gss_export_name (minor_status, (*context_handle)->source, &buffer);
+    ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
+    if (ret)
+	goto failure;
     data.data   = buffer.value;
     data.length = buffer.length;
-    krb5_store_data (sp, data);
+    kret = krb5_store_data (sp, data);
+    gss_release_buffer (&minor, &buffer);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
 
-    gss_export_name (minor_status, (*context_handle)->target, &buffer);
+    ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
+    if (ret)
+	goto failure;
     data.data   = buffer.value;
     data.length = buffer.length;
-    krb5_store_data (sp, data);
+    kret = krb5_store_data (sp, data);
+    gss_release_buffer (&minor, &buffer);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
 
-    krb5_store_int32 (sp, (*context_handle)->flags);
-    krb5_store_int32 (sp, (*context_handle)->more_flags);
+    kret = krb5_store_int32 (sp, (*context_handle)->flags);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
+    kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
+    if (kret) {
+	*minor_status = kret;
+	goto failure;
+    }
 
-    ret = krb5_storage_to_data (sp, &data);
+    kret = krb5_storage_to_data (sp, &data);
     krb5_storage_free (sp);
-    if (ret) {
-	*minor_status = ret;
+    if (kret) {
+	*minor_status = kret;
 	return GSS_S_FAILURE;
     }
     interprocess_token->length = data.length;
@@ -142,4 +227,7 @@ gss_export_sec_context (
     if (ret != GSS_S_COMPLETE)
 	gss_release_buffer (NULL, interprocess_token);
     return ret;
+ failure:
+    krb5_storage_free (sp);
+    return ret;
 }
diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c
index a211004..751f56c 100644
--- a/crypto/heimdal/lib/gssapi/get_mic.c
+++ b/crypto/heimdal/lib/gssapi/get_mic.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: get_mic.c,v 1.15 2001/01/29 02:08:58 assar Exp $");
+RCSID("$Id: get_mic.c,v 1.17 2001/05/11 09:16:46 assar Exp $");
 
 static OM_uint32
 mic_des
@@ -174,6 +174,7 @@ mic_des3
   if (kret) {
       free (message_token->value);
       free (tmp);
+      gssapi_krb5_set_error_string ();
       *minor_status = kret;
       return GSS_S_FAILURE;
   }
@@ -181,6 +182,7 @@ mic_des3
   kret = krb5_create_checksum (gssapi_krb5_context,
 			       crypto,
 			       KRB5_KU_USAGE_SIGN,
+			       0,
 			       tmp,
 			       message_buffer->length + 8,
 			       &cksum);
@@ -188,6 +190,7 @@ mic_des3
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (kret) {
       free (message_token->value);
+      gssapi_krb5_set_error_string ();
       *minor_status = kret;
       return GSS_S_FAILURE;
   }
@@ -211,6 +214,7 @@ mic_des3
 			  ETYPE_DES3_CBC_NONE, &crypto);
   if (kret) {
       free (message_token->value);
+      gssapi_krb5_set_error_string ();
       *minor_status = kret;
       return GSS_S_FAILURE;
   }
@@ -222,6 +226,7 @@ mic_des3
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (kret) {
       free (message_token->value);
+      gssapi_krb5_set_error_string ();
       *minor_status = kret;
       return GSS_S_FAILURE;
   }
@@ -257,6 +262,7 @@ OM_uint32 gss_get_mic
 
   ret = gss_krb5_getsomekey(context_handle, &key);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h
index 156a511..82d4056 100644
--- a/crypto/heimdal/lib/gssapi/gssapi.h
+++ b/crypto/heimdal/lib/gssapi/gssapi.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: gssapi.h,v 1.20 2001/01/30 00:35:48 assar Exp $ */
+/* $Id: gssapi.h,v 1.21 2001/05/04 13:52:02 assar Exp $ */
 
 #ifndef GSSAPI_H_
 #define GSSAPI_H_
@@ -41,12 +41,6 @@
  */
 #include <stddef.h>
 
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <sys/types.h>
-
 #include <krb5-types.h>
 
 /*
diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h
index d8d0624..e7450d4 100644
--- a/crypto/heimdal/lib/gssapi/gssapi_locl.h
+++ b/crypto/heimdal/lib/gssapi/gssapi_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,11 +31,15 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: gssapi_locl.h,v 1.14 2000/08/27 04:19:00 assar Exp $ */
+/* $Id: gssapi_locl.h,v 1.16 2001/05/11 09:16:46 assar Exp $ */
 
 #ifndef GSSAPI_LOCL_H
 #define GSSAPI_LOCL_H
 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
 #include <krb5_locl.h>
 #include <gssapi.h>
 #include <assert.h>
@@ -103,4 +107,10 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type,
 #define SC_LOCAL_SUBKEY	  0x08
 #define SC_REMOTE_SUBKEY  0x10
 
+void
+gssapi_krb5_set_error_string (void);
+
+char *
+gssapi_krb5_get_error_string (void);
+
 #endif
diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c
index 6cb94c4..8ed55f1 100644
--- a/crypto/heimdal/lib/gssapi/import_name.c
+++ b/crypto/heimdal/lib/gssapi/import_name.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: import_name.c,v 1.8 1999/12/02 17:05:03 joda Exp $");
+RCSID("$Id: import_name.c,v 1.10 2001/05/11 09:16:46 assar Exp $");
 
 static OM_uint32
 import_krb5_name (OM_uint32 *minor_status,
@@ -44,8 +44,10 @@ import_krb5_name (OM_uint32 *minor_status,
     char *tmp;
 
     tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL)
+    if (tmp == NULL) {
+	*minor_status = ENOMEM;
 	return GSS_S_FAILURE;
+    }
     memcpy (tmp,
 	    input_name_buffer->value,
 	    input_name_buffer->length);
@@ -57,10 +59,15 @@ import_krb5_name (OM_uint32 *minor_status,
     free (tmp);
     if (kerr == 0)
 	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
+    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
+	gssapi_krb5_set_error_string ();
+	*minor_status = kerr;
 	return GSS_S_BAD_NAME;
-    else
+    } else {
+	gssapi_krb5_set_error_string ();
+	*minor_status = kerr;
 	return GSS_S_FAILURE;
+    }
 }
 
 static OM_uint32
@@ -106,10 +113,15 @@ import_hostbased_name (OM_uint32 *minor_status,
     *minor_status = kerr;
     if (kerr == 0)
 	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) 
+    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
+	gssapi_krb5_set_error_string ();
+	*minor_status = kerr;
 	return GSS_S_BAD_NAME;
-    else
+    } else {
+	gssapi_krb5_set_error_string ();
+	*minor_status = kerr;
 	return GSS_S_FAILURE;
+    }
 }
 
 OM_uint32 gss_import_name
@@ -132,6 +144,8 @@ OM_uint32 gss_import_name
 	return import_krb5_name (minor_status,
 				 input_name_buffer,
 				 output_name);
-    else
+    else {
+	*minor_status = 0;
 	return GSS_S_BAD_NAMETYPE;
+    }
 }
diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c
index 7d177a8..c84f3b6 100644
--- a/crypto/heimdal/lib/gssapi/import_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/import_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: import_sec_context.c,v 1.3 2000/07/08 11:56:03 assar Exp $");
+RCSID("$Id: import_sec_context.c,v 1.5 2001/05/11 09:16:46 assar Exp $");
 
 OM_uint32
 gss_import_sec_context (
@@ -53,6 +53,7 @@ gss_import_sec_context (
     krb5_keyblock keyblock;
     int32_t tmp;
     int32_t flags;
+    OM_uint32 minor;
 
     gssapi_krb5_init ();
 
@@ -69,10 +70,12 @@ gss_import_sec_context (
 	krb5_storage_free (sp);
 	return GSS_S_FAILURE;
     }
+    memset (*context_handle, 0, sizeof(**context_handle));
 
     kret = krb5_auth_con_init (gssapi_krb5_context,
 			       &(*context_handle)->auth_context);
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -153,30 +156,36 @@ gss_import_sec_context (
     buffer.value  = data.data;
     buffer.length = data.length;
 
-    gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-		     &(*context_handle)->source);
+    ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
+			   &(*context_handle)->source);
     krb5_data_free (&data);
+    if (ret)
+	goto failure;
 
     krb5_ret_data (sp, &data);
     buffer.value  = data.data;
     buffer.length = data.length;
 
-    gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-		     &(*context_handle)->target);
+    ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
+			   &(*context_handle)->target);
     krb5_data_free (&data);
+    if (ret)
+	goto failure;
 
     krb5_ret_int32 (sp, &tmp);
     (*context_handle)->flags = tmp;
     krb5_ret_int32 (sp, &tmp);
     (*context_handle)->more_flags = tmp;
 
-    (*context_handle)->ticket = NULL;
-
     return GSS_S_COMPLETE;
 
 failure:
     krb5_auth_con_free (gssapi_krb5_context,
 			(*context_handle)->auth_context);
+    if ((*context_handle)->source != NULL)
+	gss_release_name(&minor, &(*context_handle)->source);
+    if ((*context_handle)->target != NULL)
+	gss_release_name(&minor, &(*context_handle)->target);
     free (*context_handle);
     *context_handle = GSS_C_NO_CONTEXT;
     return ret;
diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c
index 26e018e..c77d177 100644
--- a/crypto/heimdal/lib/gssapi/indicate_mechs.c
+++ b/crypto/heimdal/lib/gssapi/indicate_mechs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: indicate_mechs.c,v 1.3 1999/12/02 17:05:04 joda Exp $");
+RCSID("$Id: indicate_mechs.c,v 1.4 2001/02/18 03:39:09 assar Exp $");
 
 OM_uint32 gss_indicate_mechs
            (OM_uint32 * minor_status,
@@ -42,12 +42,14 @@ OM_uint32 gss_indicate_mechs
 {
   *mech_set = malloc(sizeof(**mech_set));
   if (*mech_set == NULL) {
+    *minor_status = ENOMEM;
     return GSS_S_FAILURE;
   }
   (*mech_set)->count = 1;
   (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc));
   if ((*mech_set)->elements == NULL) {
     free (*mech_set);
+    *minor_status = ENOMEM;
     return GSS_S_FAILURE;
   }
   (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM;
diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
index 7b05d91..3928143 100644
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/init_sec_context.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: init_sec_context.c,v 1.25 2001/01/30 22:49:56 assar Exp $");
+RCSID("$Id: init_sec_context.c,v 1.27 2001/05/11 09:16:46 assar Exp $");
 
 /*
  * copy the addresses from `input_chan_bindings' (if any) to
@@ -228,6 +228,7 @@ init_auth
     kret = krb5_auth_con_init (gssapi_krb5_context,
 			       &(*context_handle)->auth_context);
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -259,6 +260,7 @@ init_auth
     if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
 	kret = krb5_cc_default (gssapi_krb5_context, &ccache);
 	if (kret) {
+	    gssapi_krb5_set_error_string ();
 	    *minor_status = kret;
 	    ret = GSS_S_FAILURE;
 	    goto failure;
@@ -270,6 +272,7 @@ init_auth
 				  ccache,
 				  &(*context_handle)->source);
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -279,6 +282,7 @@ init_auth
 				target_name,
 				&(*context_handle)->target);
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -303,6 +307,7 @@ init_auth
 				 &cred);
 
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -345,6 +350,7 @@ init_auth
 					     &cksum);
     krb5_data_free (&fwd_data);
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -374,6 +380,7 @@ init_auth
 				     KRB5_KU_AP_REQ_AUTH);
 
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -387,6 +394,7 @@ init_auth
 			      &outbuf);
 
     if (kret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = kret;
 	ret = GSS_S_FAILURE;
 	goto failure;
@@ -447,6 +455,7 @@ repl_mutual
     ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00");
     if (ret) {
 				/* XXX - Handle AP_ERROR */
+	*minor_status = 0;
 	return GSS_S_FAILURE;
     }
 
@@ -454,8 +463,11 @@ repl_mutual
 			(*context_handle)->auth_context,
 			&indata,
 			&repl);
-    if (kret)
+    if (kret) {
+	gssapi_krb5_set_error_string ();
+	*minor_status = kret;
 	return GSS_S_FAILURE;
+    }
     krb5_free_ap_rep_enc_part (gssapi_krb5_context,
 			       repl);
 
diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c
index 588517e..95f8e21 100644
--- a/crypto/heimdal/lib/gssapi/unwrap.c
+++ b/crypto/heimdal/lib/gssapi/unwrap.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: unwrap.c,v 1.15 2001/01/29 02:08:58 assar Exp $");
+RCSID("$Id: unwrap.c,v 1.17 2001/05/11 09:16:47 assar Exp $");
 
 OM_uint32
 gss_krb5_getsomekey(const gss_ctx_id_t context_handle,
@@ -86,8 +86,10 @@ unwrap_des
   ret = gssapi_krb5_verify_header (&p,
 				   input_message_buffer->length,
 				   "\x02\x01");
-  if (ret)
+  if (ret) {
+      *minor_status = 0;
       return ret;
+  }
 
   if (memcmp (p, "\x00\x00", 2) != 0)
     return GSS_S_BAD_SIG;
@@ -249,6 +251,7 @@ unwrap_des3
       ret = krb5_crypto_init(gssapi_krb5_context, key,
 			     ETYPE_DES3_CBC_NONE, &crypto);
       if (ret) {
+	  gssapi_krb5_set_error_string ();
 	  *minor_status = ret;
 	  return GSS_S_FAILURE;
       }
@@ -256,6 +259,7 @@ unwrap_des3
 			 p, input_message_buffer->length - len, &tmp);
       krb5_crypto_destroy(gssapi_krb5_context, crypto);
       if (ret) {
+	  gssapi_krb5_set_error_string ();
 	  *minor_status = ret;
 	  return GSS_S_FAILURE;
       }
@@ -292,6 +296,7 @@ unwrap_des3
   ret = krb5_crypto_init(gssapi_krb5_context, key,
 			 ETYPE_DES3_CBC_NONE_IVEC, &crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
@@ -307,6 +312,7 @@ unwrap_des3
   }
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
@@ -337,6 +343,7 @@ unwrap_des3
 
   ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
@@ -348,6 +355,7 @@ unwrap_des3
 			      &csum);
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
@@ -380,6 +388,7 @@ OM_uint32 gss_unwrap
 
   ret = gss_krb5_getsomekey(context_handle, &key);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c
index 608de67..b39ae73 100644
--- a/crypto/heimdal/lib/gssapi/verify_mic.c
+++ b/crypto/heimdal/lib/gssapi/verify_mic.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: verify_mic.c,v 1.12 2001/01/29 02:08:59 assar Exp $");
+RCSID("$Id: verify_mic.c,v 1.13 2001/05/11 09:16:47 assar Exp $");
 
 static OM_uint32
 verify_mic_des
@@ -157,6 +157,7 @@ verify_mic_des3
   ret = krb5_crypto_init(gssapi_krb5_context, key,
 			 ETYPE_DES3_CBC_NONE, &crypto);
   if (ret){
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
@@ -168,6 +169,7 @@ verify_mic_des3
 		      KRB5_KU_USAGE_SEQ,
 		      p, 8, &seq_data);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       krb5_crypto_destroy (gssapi_krb5_context, crypto);
       *minor_status = ret;
       return GSS_S_FAILURE;
@@ -218,6 +220,7 @@ verify_mic_des3
 			      &csum);
   free (tmp);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       krb5_crypto_destroy (gssapi_krb5_context, crypto);
       *minor_status = ret;
       return GSS_S_BAD_MIC;
@@ -248,6 +251,7 @@ gss_verify_mic
 					 context_handle->auth_context,
 					 &key);
     if (ret) {
+	gssapi_krb5_set_error_string ();
 	*minor_status = ret;
 	return GSS_S_FAILURE;
     }
diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c
index 1d9f51d..3d282fd 100644
--- a/crypto/heimdal/lib/gssapi/wrap.c
+++ b/crypto/heimdal/lib/gssapi/wrap.c
@@ -33,7 +33,7 @@
 
 #include "gssapi_locl.h"
 
-RCSID("$Id: wrap.c,v 1.15 2001/01/29 02:08:59 assar Exp $");
+RCSID("$Id: wrap.c,v 1.18 2001/05/11 09:16:47 assar Exp $");
 
 static OM_uint32
 sub_wrap_size (
@@ -67,6 +67,7 @@ gss_wrap_size_limit (
 
   ret = gss_krb5_getsomekey(context_handle, &key);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
@@ -142,7 +143,7 @@ wrap_des
   p += 16;
 
   /* confounder + data + pad */
-  des_new_random_key((des_cblock*)p);
+  krb5_generate_random_block(p, 8);
   memcpy (p + 8, input_message_buffer->value,
 	  input_message_buffer->length);
   memset (p + 8 + input_message_buffer->length, padlength, padlength);
@@ -258,13 +259,14 @@ wrap_des3
   /* calculate checksum (the above + confounder + data + pad) */
 
   memcpy (p + 20, p - 8, 8);
-  des_new_random_key((des_cblock*)(p + 28));
+  krb5_generate_random_block(p + 28, 8);
   memcpy (p + 28 + 8, input_message_buffer->value,
 	  input_message_buffer->length);
   memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
 
   ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       free (output_message_buffer->value);
       *minor_status = ret;
       return GSS_S_FAILURE;
@@ -273,11 +275,13 @@ wrap_des3
   ret = krb5_create_checksum (gssapi_krb5_context,
 			      crypto,
 			      KRB5_KU_USAGE_SIGN,
+			      0,
 			      p + 20,
 			      datalen + 8,
 			      &cksum);
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       free (output_message_buffer->value);
       *minor_status = ret;
       return GSS_S_FAILURE;
@@ -323,6 +327,7 @@ wrap_des3
   }
   krb5_crypto_destroy (gssapi_krb5_context, crypto);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       free (output_message_buffer->value);
       *minor_status = ret;
       return GSS_S_FAILURE;
@@ -346,6 +351,7 @@ wrap_des3
       ret = krb5_crypto_init(gssapi_krb5_context, key,
 			     ETYPE_DES3_CBC_NONE, &crypto);
       if (ret) {
+	  gssapi_krb5_set_error_string ();
 	  free (output_message_buffer->value);
 	  *minor_status = ret;
 	  return GSS_S_FAILURE;
@@ -354,6 +360,7 @@ wrap_des3
 			 p, datalen, &tmp);
       krb5_crypto_destroy(gssapi_krb5_context, crypto);
       if (ret) {
+	  gssapi_krb5_set_error_string ();
 	  free (output_message_buffer->value);
 	  *minor_status = ret;
 	  return GSS_S_FAILURE;
@@ -384,6 +391,7 @@ OM_uint32 gss_wrap
 
   ret = gss_krb5_getsomekey(context_handle, &key);
   if (ret) {
+      gssapi_krb5_set_error_string ();
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am
index f3aba3b..b860260 100644
--- a/crypto/heimdal/lib/hdb/Makefile.am
+++ b/crypto/heimdal/lib/hdb/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.43 2001/01/30 01:49:16 assar Exp $
+# $Id: Makefile.am,v 1.44 2001/05/16 23:50:57 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -21,7 +21,7 @@ LDADD = libhdb.la \
 	$(DBLIB)
 
 lib_LTLIBRARIES = libhdb.la
-libhdb_la_LDFLAGS = -version-info 7:0:0
+libhdb_la_LDFLAGS = -version-info 7:1:0
 
 libhdb_la_SOURCES =				\
 	common.c				\
diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in
index ad12e78..4fbaf27 100644
--- a/crypto/heimdal/lib/hdb/Makefile.in
+++ b/crypto/heimdal/lib/hdb/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.43 2001/01/30 01:49:16 assar Exp $
+# $Id: Makefile.am,v 1.44 2001/05/16 23:50:57 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 BUILT_SOURCES = asn1_Key.c asn1_Event.c asn1_HDBFlags.c asn1_hdb_entry.c \
@@ -206,7 +209,7 @@ LDADD = libhdb.la \
 
 
 lib_LTLIBRARIES = libhdb.la
-libhdb_la_LDFLAGS = -version-info 7:0:0
+libhdb_la_LDFLAGS = -version-info 7:1:0
 
 libhdb_la_SOURCES = \
 	common.c				\
@@ -272,7 +275,7 @@ OBJECTS = $(am_libhdb_la_OBJECTS) convert_db.$(OBJEXT)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/hdb/Makefile
 
@@ -392,6 +395,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -425,6 +433,9 @@ check-am: all-am
 check: check-am
 installcheck-am:
 installcheck: installcheck-am
+all-recursive-am: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
 install-exec-am: install-libLTLIBRARIES
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
@@ -496,11 +507,12 @@ distclean-noinstPROGRAMS clean-noinstPROGRAMS \
 maintainer-clean-noinstPROGRAMS uninstall-includeHEADERS \
 install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \
 maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \
-check-am installcheck-am installcheck install-exec-am install-exec \
-install-data-local install-data-am install-data install-am install \
-uninstall-am uninstall all-local all-redirect all-am all install-strip \
-installdirs mostlyclean-generic distclean-generic clean-generic \
-maintainer-clean-generic clean mostlyclean distclean maintainer-clean
+check-am installcheck-am installcheck all-recursive-am install-exec-am \
+install-exec install-data-local install-data-am install-data install-am \
+install uninstall-am uninstall all-local all-redirect all-am all \
+install-strip installdirs mostlyclean-generic distclean-generic \
+clean-generic maintainer-clean-generic clean mostlyclean distclean \
+maintainer-clean
 
 
 install-suid-programs:
diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c
index 1a7ebb4..0b300a5 100644
--- a/crypto/heimdal/lib/hdb/convert_db.c
+++ b/crypto/heimdal/lib/hdb/convert_db.c
@@ -41,7 +41,7 @@
 #include <getarg.h>
 #include <err.h>
 
-RCSID("$Id: convert_db.c,v 1.11 2001/01/25 12:45:01 assar Exp $");
+RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
 
 static krb5_error_code
 update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
@@ -136,7 +136,7 @@ main(int argc, char **argv)
     int optind = 0;
     int master_key_set = 0;
     
-    set_progname(argv[0]);
+    setprogname(argv[0]);
 
     if(getarg(args, num_args, argc, argv, &optind))
 	krb5_std_usage(1, args, num_args);
diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c
index 6d264b4..db321cb 100644
--- a/crypto/heimdal/lib/hdb/hdb-ldap.c
+++ b/crypto/heimdal/lib/hdb/hdb-ldap.c
@@ -32,12 +32,12 @@
 
 #include "hdb_locl.h"
 
-RCSID("$Id: hdb-ldap.c,v 1.7 2001/01/30 16:59:08 assar Exp $");
+RCSID("$Id: hdb-ldap.c,v 1.8 2001/03/26 00:59:37 assar Exp $");
 
 #ifdef OPENLDAP
 
-#include <ldap.h>
 #include <lber.h>
+#include <ldap.h>
 #include <ctype.h>
 #include <sys/un.h>
 
diff --git a/crypto/heimdal/lib/hdb/libasn1.h b/crypto/heimdal/lib/hdb/libasn1.h
index 03d951a..ef02d7c 100644
--- a/crypto/heimdal/lib/hdb/libasn1.h
+++ b/crypto/heimdal/lib/hdb/libasn1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: libasn1.h,v 1.4 1999/12/02 17:05:05 joda Exp $ */
+/* $Id: libasn1.h,v 1.5 2001/04/18 16:21:33 joda Exp $ */
 
 #ifndef __LIBASN1_H__
 #define __LIBASN1_H__
@@ -42,7 +42,7 @@
 
 #include <stdlib.h>
 #include <errno.h>
-#include <asn1.h>
+#include <krb5_asn1.h>
 #include <der.h>
 #include "hdb_asn1.h"
 #include <asn1_err.h>
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog
index 0d2699d..605a970 100644
--- a/crypto/heimdal/lib/kadm5/ChangeLog
+++ b/crypto/heimdal/lib/kadm5/ChangeLog
@@ -1,3 +1,13 @@
+2001-02-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* replay_log.c: add --{start-end}-version flags to replay just
+	part of the log
+
+2001-02-15  Assar Westerlund  <assar@sics.se>
+
+	* ipropd_master.c (main): fix select-loop to decrement ret
+	correctly.  from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
+
 2001-01-30  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am: bump versions
diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in
index a281b23..16f82a3 100644
--- a/crypto/heimdal/lib/kadm5/Makefile.in
+++ b/crypto/heimdal/lib/kadm5/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
@@ -372,7 +375,7 @@ OBJECTS = $(am_libkadm5clnt_la_OBJECTS) $(am_libkadm5srv_la_OBJECTS) $(am_dump_l
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kadm5/Makefile
 
@@ -558,6 +561,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c
index 99cddc4..0eadf0b 100644
--- a/crypto/heimdal/lib/kadm5/ipropd_master.c
+++ b/crypto/heimdal/lib/kadm5/ipropd_master.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "iprop.h"
 
-RCSID("$Id: ipropd_master.c,v 1.21 2000/11/15 23:12:45 assar Exp $");
+RCSID("$Id: ipropd_master.c,v 1.22 2001/02/14 23:00:16 assar Exp $");
 
 static krb5_log_facility *log_facility;
 
@@ -472,8 +472,9 @@ main(int argc, char **argv)
 		send_diffs (context, p, log_fd, database, current_version);
 	}
 
-	for(p = slaves; p != NULL && ret--; p = p->next)
+	for(p = slaves; p != NULL; p = p->next)
 	    if (FD_ISSET(p->fd, &readset)) {
+		--ret;
 		if(process_msg (context, p, log_fd, database, current_version))
 		    remove_slave (context, p, &slaves);
 	    }
diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c
index c0e05ee..8e5c31d 100644
--- a/crypto/heimdal/lib/kadm5/replay_log.c
+++ b/crypto/heimdal/lib/kadm5/replay_log.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998, 1999, 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,10 @@
 
 #include "iprop.h"
 
-RCSID("$Id: replay_log.c,v 1.7 1999/12/04 19:51:11 assar Exp $");
+RCSID("$Id: replay_log.c,v 1.8 2001/02/19 18:10:43 joda Exp $");
+
+int start_version = -1;
+int end_version = -1;
 
 static void
 apply_entry(kadm5_server_context *server_context,
@@ -45,6 +48,12 @@ apply_entry(kadm5_server_context *server_context,
 {
     krb5_error_code ret;
 
+    if((start_version != -1 && ver < start_version) ||
+       (end_version != -1 && ver > end_version)) {
+	/* XXX skip this entry */
+	(*sp->seek)(sp, len, SEEK_CUR);
+	return;
+    }
     printf ("ver %u... ", ver);
     fflush (stdout);
 
@@ -60,6 +69,8 @@ apply_entry(kadm5_server_context *server_context,
 int version_flag;
 int help_flag;
 struct getargs args[] = {
+    { "start-version", 0, arg_integer, &start_version, "start replay with this version" },
+    { "end-version", 0, arg_integer, &end_version, "end replay with this version" },
     { "version", 0, arg_flag, &version_flag },
     { "help", 0, arg_flag, &help_flag }
 };
diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog
index 180f2c4..32b7728 100644
--- a/crypto/heimdal/lib/kafs/ChangeLog
+++ b/crypto/heimdal/lib/kafs/ChangeLog
@@ -1,3 +1,11 @@
+2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* Makefile.am: only build resolve.c if doing renaming
+
+2001-02-12  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am, roken_rename.h: add rename of dns functions
+
 2000-12-11  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am (libkafs_la_LDFLAGS): set version to 2:3:2
diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am
index 9557588..5eda566 100644
--- a/crypto/heimdal/lib/kafs/Makefile.am
+++ b/crypto/heimdal/lib/kafs/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.23 2000/12/11 00:44:50 assar Exp $
+# $Id: Makefile.am,v 1.25 2001/05/18 16:11:39 joda Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -46,7 +46,7 @@ foodir = $(libdir)
 foo_DATA = $(AFS_EXTRA_LIBS)
 # EXTRA_DATA = afslib.so
 
-CLEANFILES= $(AFS_EXTRA_LIBS)
+CLEANFILES= $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
 
 include_HEADERS = kafs.h
 
@@ -54,7 +54,20 @@ if KRB5
 afskrb5_c = afskrb5.c
 endif
 
-libkafs_la_SOURCES = afssys.c afskrb.c $(afskrb5_c) common.c $(AIX_SRC) kafs_locl.h afssysdefs.h
+if do_roken_rename
+ROKEN_SRCS = resolve.c
+endif
+
+libkafs_la_SOURCES =				\
+	afssys.c				\
+	afskrb.c				\
+	$(afskrb5_c)				\
+	common.c				\
+	$(AIX_SRC)				\
+	kafs_locl.h				\
+	afssysdefs.h				\
+	$(ROKEN_SRCS)
+
 #afslib_so_SOURCES = afslib.c
 
 EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h
@@ -69,3 +82,6 @@ afslib.so: afslib.o
 	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
 
 $(OBJECTS): ../../include/config.h
+
+resolve.c:
+	$(LN_S) $(srcdir)/../roken/resolve.c .
diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in
index 147f327..be72b73 100644
--- a/crypto/heimdal/lib/kafs/Makefile.in
+++ b/crypto/heimdal/lib/kafs/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.23 2000/12/11 00:44:50 assar Exp $
+# $Id: Makefile.am,v 1.25 2001/05/18 16:11:39 joda Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 @KRB4_TRUE@AFSLIBS = @KRB4_TRUE@libkafs.la
@@ -209,13 +212,25 @@ foodir = $(libdir)
 foo_DATA = $(AFS_EXTRA_LIBS)
 # EXTRA_DATA = afslib.so
 
-CLEANFILES = $(AFS_EXTRA_LIBS)
+CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
 
 include_HEADERS = kafs.h
 
 @KRB5_TRUE@afskrb5_c = @KRB5_TRUE@afskrb5.c
 
-libkafs_la_SOURCES = afssys.c afskrb.c $(afskrb5_c) common.c $(AIX_SRC) kafs_locl.h afssysdefs.h
+@do_roken_rename_TRUE@ROKEN_SRCS = @do_roken_rename_TRUE@resolve.c
+
+libkafs_la_SOURCES = \
+	afssys.c				\
+	afskrb.c				\
+	$(afskrb5_c)				\
+	common.c				\
+	$(AIX_SRC)				\
+	kafs_locl.h				\
+	afssysdefs.h				\
+	$(ROKEN_SRCS)
+
+
 #afslib_so_SOURCES = afslib.c
 
 EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h
@@ -238,156 +253,338 @@ X_LIBS = @X_LIBS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 libkafs_la_LIBADD = 
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@common.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afslib.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@common.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afslib.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@common.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afslib.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@common.lo \
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afslib.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@common.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@dlfcn.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@common.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@dlfcn.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@common.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@am_libkafs_la_OBJECTS =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afssys.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@afskrb5.lo \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afslib.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afslib.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afslib.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afslib.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afslib.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afslib.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afslib.lo
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afslib.lo \
+@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_FALSE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@dlfcn.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@dlfcn.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@dlfcn.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@dlfcn.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_FALSE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_FALSE@@do_roken_rename_TRUE@resolve.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_FALSE@common.lo
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@am_libkafs_la_OBJECTS =  \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afssys.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@afskrb5.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@common.lo \
+@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@@KRB5_TRUE@@do_roken_rename_TRUE@resolve.lo
 libkafs_la_OBJECTS =  $(am_libkafs_la_OBJECTS)
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -413,7 +610,7 @@ OBJECTS = $(am_libkafs_la_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kafs/Makefile
 
@@ -579,6 +776,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -826,6 +1028,9 @@ afslib.so: afslib.o
 
 $(OBJECTS): ../../include/config.h
 
+resolve.c:
+	$(LN_S) $(srcdir)/../roken/resolve.c .
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/crypto/heimdal/lib/kafs/kafs.cat3 b/crypto/heimdal/lib/kafs/kafs.cat3
new file mode 100644
index 0000000..78f5bd5
--- /dev/null
+++ b/crypto/heimdal/lib/kafs/kafs.cat3
@@ -0,0 +1,95 @@
+
+KAFS(3)                    UNIX Programmer's Manual                    KAFS(3)
+
+NNAAMMEE
+     kk__hhaassaaffss, kk__ppiiooccttll, kk__uunnlloogg, kk__sseettppaagg, kk__aaffss__cceellll__ooff__ffiillee, kkrrbb__aaffsslloogg,
+     kkrrbb__aaffsslloogg__uuiidd - AFS library
+
+SSYYNNOOPPSSIISS
+     ##iinncclluuddee <<kkaaffss..hh>>
+
+     _i_n_t
+     kk__aaffss__cceellll__ooff__ffiillee(_c_o_n_s_t _c_h_a_r _*_p_a_t_h, _c_h_a_r _*_c_e_l_l, _i_n_t _l_e_n)
+
+     _i_n_t
+     kk__hhaassaaffss()
+
+     _i_n_t
+     kk__ppiiooccttll(_c_h_a_r _*_a___p_a_t_h, _i_n_t _o___o_p_c_o_d_e, _s_t_r_u_c_t _V_i_c_e_I_o_c_t_l _*_a___p_a_r_a_m_s_P,
+             _i_n_t _a___f_o_l_l_o_w_S_y_m_l_i_n_k_s)
+
+     _i_n_t
+     kk__sseettppaagg()
+
+     _i_n_t
+     kk__uunnlloogg()
+
+     _i_n_t
+     kkrrbb__aaffsslloogg(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m)
+
+     _i_n_t
+     kkrrbb__aaffsslloogg__uuiidd(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m, _u_i_d___t _u_i_d)
+
+DDEESSCCRRIIPPTTIIOONN
+     kk__hhaassaaffss() initializes some library internal structures, and tests for
+     the presense of AFS in the kernel, none of the other functions should be
+     called before kk__hhaassaaffss() is called, or if it fails.
+
+     kkrrbb__aaffsslloogg(), and kkrrbb__aaffsslloogg__uuiidd() obtains new tokens (and possibly tick-
+     ets) for the specified _c_e_l_l and _r_e_a_l_m. If _c_e_l_l is NULL, the local cell is
+     used. If _r_e_a_l_m is NULL, the function tries to guess what realm to use.
+     Unless you  have some good knowledge of what cell or realm to use, you
+     should pass NULL. kkrrbb__aaffsslloogg() will use the real user-id for the ViceId
+     field in the token, kkrrbb__aaffsslloogg__uuiidd() will use _u_i_d.
+
+     kk__aaffss__cceellll__ooff__ffiillee() will in _c_e_l_l return the cell of a specified file, no
+     more than _l_e_n characters is put in _c_e_l_l.
+
+     kk__ppiiooccttll() does a ppiiooccttll() syscall with the specified arguments. This
+     function is equivalent to llppiiooccttll().
+
+     kk__sseettppaagg() initializes a new PAG.
+
+     kk__uunnlloogg() removes destroys all tokens in the current PAG.
+
+EENNVVIIRROONNMMEENNTT
+     The following environment variable affect the mode of operation of kkaaffss:
+
+     AFS_SYSCALL  Normally, kkaaffss will try to figure out the correct system
+                  call(s) that are used by AFS by itself.  If it does not man-
+                  age to do that, or does it incorrectly, you can set this
+                  variable to the system call number or list of system call
+                  numbers that should be used.
+
+RREETTUURRNN VVAALLUUEESS
+     kk__hhaassaaffss() returns 1 if AFS is present in the kernel, 0 otherwise.
+     kkrrbb__aaffsslloogg() and kkrrbb__aaffsslloogg__uuiidd() returns 0 on success, or a kerberos er-
+     ror number on failure.  kk__aaffss__cceellll__ooff__ffiillee(), kk__ppiiooccttll(), kk__sseettppaagg(), and
+     kk__uunnlloogg() all return the value of the underlaying system call, 0 on suc-
+     cess.
+
+EEXXAAMMPPLLEESS
+     The following code from llooggiinn will obtain a new PAG and tokens for the
+     local cell and the cell of the users home directory.
+
+     if (k_hasafs()) {
+             char cell[64];
+             k_setpag();
+             if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+                     krb_afslog(cell, NULL);
+             krb_afslog(NULL, NULL);
+     }
+
+EERRRROORRSS
+     If any of these functions (appart from kk__hhaassaaffss()) is called without AFS
+     beeing present in the kernel, the process will usually (depending on the
+     operating system) receive a SIGSYS signal.
+
+SSEEEE AALLSSOO
+     Transarc Corporation, "File Server/Cache Manager Interface", _A_F_S_-_3
+     _P_r_o_g_r_a_m_m_e_r_'_s _R_e_f_e_r_e_n_c_e, 1991.
+
+BBUUGGSS
+     AFS_SYSCALL has no effect under AIX.
+
+ KTH-KRB                          May 7, 1997                                2
diff --git a/crypto/heimdal/lib/kafs/roken_rename.h b/crypto/heimdal/lib/kafs/roken_rename.h
new file mode 100644
index 0000000..4a7fb1d
--- /dev/null
+++ b/crypto/heimdal/lib/kafs/roken_rename.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.1 2001/02/12 22:01:27 assar Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+/*
+ * Libroken routines that are added libkafs
+ */
+
+#define _resolve_debug _roken_resolve_debug
+
+#define dns_free_data _kafs_dns_free_data
+#define dns_lookup _kafs_dns_lookup
+#define dns_string_to_type _kafs_dns_string_to_type
+#define dns_type_to_string _kafs_dns_type_to_string
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
index 395f29d..bc3dd6e 100644
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ b/crypto/heimdal/lib/krb5/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.119 2001/01/30 01:50:52 assar Exp $
+# $Id: Makefile.am,v 1.125 2001/05/16 23:51:50 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -6,8 +6,8 @@ bin_PROGRAMS = verify_krb5_conf
 
 noinst_PROGRAMS = dump_config test_get_addrs
 
-check_PROGRAMS = n-fold-test string-to-key-test
-TESTS = n-fold-test string-to-key-test
+check_PROGRAMS = n-fold-test string-to-key-test derived-key-test store-test
+TESTS = n-fold-test string-to-key-test derived-key-test store-test
 
 LDADD = libkrb5.la \
 	$(LIB_des) \
@@ -24,102 +24,104 @@ lib_LTLIBRARIES = libkrb5.la
 
 ERR_FILES = krb5_err.c heim_err.c
 
-libkrb5_la_SOURCES = \
-	acl.c \
-	add_et_list.c \
-	addr_families.c \
-	address.c \
-	aname_to_localname.c \
-	appdefault.c \
-	asn1_glue.c \
-	auth_context.c \
-	build_ap_req.c \
-	build_auth.c \
-	cache.c \
-	changepw.c \
-	codec.c \
-	config_file.c \
-	config_file_netinfo.c \
-	convert_creds.c \
-	constants.c \
-	context.c \
-	copy_host_realm.c \
-	crc.c \
-	creds.c \
-	crypto.c \
-	data.c \
-	eai_to_heim_errno.c \
-	expand_hostname.c \
-	fcache.c \
-	free.c \
-	free_host_realm.c \
-	generate_seq_number.c \
-	generate_subkey.c \
-	get_addrs.c \
-	get_cred.c \
-	get_default_principal.c \
-	get_default_realm.c \
-	get_for_creds.c \
-	get_host_realm.c \
-	get_in_tkt.c \
-	get_in_tkt_pw.c \
-	get_in_tkt_with_keytab.c \
-	get_in_tkt_with_skey.c \
-	get_port.c \
-	init_creds.c \
-	init_creds_pw.c \
-	keyblock.c \
-	keytab.c \
-	keytab_file.c \
-	keytab_memory.c \
-	keytab_keyfile.c \
-	keytab_krb4.c \
-	krbhst.c \
-	kuserok.c \
-	log.c \
-	mcache.c \
-	misc.c \
-	mk_error.c \
-	mk_priv.c \
-	mk_rep.c \
-	mk_req.c \
-	mk_req_ext.c \
-	mk_safe.c \
-	net_read.c \
-	net_write.c \
-	n-fold.c \
-	padata.c \
-	principal.c \
-	prog_setup.c \
-	prompter_posix.c \
-	rd_cred.c \
-	rd_error.c \
-	rd_priv.c \
-	rd_rep.c \
-	rd_req.c \
-	rd_safe.c \
-	read_message.c \
-	recvauth.c \
-	replay.c \
-	send_to_kdc.c \
-	sendauth.c \
-	set_default_realm.c \
-	sock_principal.c \
-	store.c \
-	store_emem.c \
-	store_fd.c \
-	store_mem.c \
-	ticket.c \
-	time.c \
-	transited.c \
-	verify_init.c \
-	verify_user.c \
-	version.c \
-	warn.c \
-	write_message.c \
+libkrb5_la_SOURCES =				\
+	acl.c					\
+	add_et_list.c				\
+	addr_families.c				\
+	address.c				\
+	aname_to_localname.c			\
+	appdefault.c				\
+	asn1_glue.c				\
+	auth_context.c				\
+	build_ap_req.c				\
+	build_auth.c				\
+	cache.c					\
+	changepw.c				\
+	codec.c					\
+	config_file.c				\
+	config_file_netinfo.c			\
+	convert_creds.c				\
+	constants.c				\
+	context.c				\
+	copy_host_realm.c			\
+	crc.c					\
+	creds.c					\
+	crypto.c				\
+	data.c					\
+	eai_to_heim_errno.c			\
+	error_string.c				\
+	expand_hostname.c			\
+	fcache.c				\
+	free.c					\
+	free_host_realm.c			\
+	generate_seq_number.c			\
+	generate_subkey.c			\
+	get_addrs.c				\
+	get_cred.c				\
+	get_default_principal.c			\
+	get_default_realm.c			\
+	get_for_creds.c				\
+	get_host_realm.c			\
+	get_in_tkt.c				\
+	get_in_tkt_pw.c				\
+	get_in_tkt_with_keytab.c		\
+	get_in_tkt_with_skey.c			\
+	get_port.c				\
+	init_creds.c				\
+	init_creds_pw.c				\
+	keyblock.c				\
+	keytab.c				\
+	keytab_any.c				\
+	keytab_file.c				\
+	keytab_memory.c				\
+	keytab_keyfile.c			\
+	keytab_krb4.c				\
+	krbhst.c				\
+	kuserok.c				\
+	log.c					\
+	mcache.c				\
+	misc.c					\
+	mk_error.c				\
+	mk_priv.c				\
+	mk_rep.c				\
+	mk_req.c				\
+	mk_req_ext.c				\
+	mk_safe.c				\
+	net_read.c				\
+	net_write.c				\
+	n-fold.c				\
+	padata.c				\
+	principal.c				\
+	prog_setup.c				\
+	prompter_posix.c			\
+	rd_cred.c				\
+	rd_error.c				\
+	rd_priv.c				\
+	rd_rep.c				\
+	rd_req.c				\
+	rd_safe.c				\
+	read_message.c				\
+	recvauth.c				\
+	replay.c				\
+	send_to_kdc.c				\
+	sendauth.c				\
+	set_default_realm.c			\
+	sock_principal.c			\
+	store.c					\
+	store_emem.c				\
+	store_fd.c				\
+	store_mem.c				\
+	ticket.c				\
+	time.c					\
+	transited.c				\
+	verify_init.c				\
+	verify_user.c				\
+	version.c				\
+	warn.c					\
+	write_message.c				\
 	$(ERR_FILES)
 
-libkrb5_la_LDFLAGS = -version-info 15:0:0
+libkrb5_la_LDFLAGS = -version-info 16:0:0
 
 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
 
@@ -147,7 +149,8 @@ man_MANS =					\
 	verify_krb5_conf.8			\
 	krb5_auth_context.3			\
 	krb5_context.3				\
-	krb5_init_context.3
+	krb5_init_context.3			\
+	krb5_keytab.3
 
 include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h
 
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
index be103d2..52925bb 100644
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ b/crypto/heimdal/lib/krb5/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.119 2001/01/30 01:50:52 assar Exp $
+# $Id: Makefile.am,v 1.125 2001/05/16 23:51:50 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,14 +186,16 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 bin_PROGRAMS = verify_krb5_conf
 
 noinst_PROGRAMS = dump_config test_get_addrs
 
-check_PROGRAMS = n-fold-test string-to-key-test
-TESTS = n-fold-test string-to-key-test
+check_PROGRAMS = n-fold-test string-to-key-test derived-key-test store-test
+TESTS = n-fold-test string-to-key-test derived-key-test store-test
 
 LDADD = libkrb5.la \
 	$(LIB_des) \
@@ -212,102 +215,104 @@ lib_LTLIBRARIES = libkrb5.la
 ERR_FILES = krb5_err.c heim_err.c
 
 libkrb5_la_SOURCES = \
-	acl.c \
-	add_et_list.c \
-	addr_families.c \
-	address.c \
-	aname_to_localname.c \
-	appdefault.c \
-	asn1_glue.c \
-	auth_context.c \
-	build_ap_req.c \
-	build_auth.c \
-	cache.c \
-	changepw.c \
-	codec.c \
-	config_file.c \
-	config_file_netinfo.c \
-	convert_creds.c \
-	constants.c \
-	context.c \
-	copy_host_realm.c \
-	crc.c \
-	creds.c \
-	crypto.c \
-	data.c \
-	eai_to_heim_errno.c \
-	expand_hostname.c \
-	fcache.c \
-	free.c \
-	free_host_realm.c \
-	generate_seq_number.c \
-	generate_subkey.c \
-	get_addrs.c \
-	get_cred.c \
-	get_default_principal.c \
-	get_default_realm.c \
-	get_for_creds.c \
-	get_host_realm.c \
-	get_in_tkt.c \
-	get_in_tkt_pw.c \
-	get_in_tkt_with_keytab.c \
-	get_in_tkt_with_skey.c \
-	get_port.c \
-	init_creds.c \
-	init_creds_pw.c \
-	keyblock.c \
-	keytab.c \
-	keytab_file.c \
-	keytab_memory.c \
-	keytab_keyfile.c \
-	keytab_krb4.c \
-	krbhst.c \
-	kuserok.c \
-	log.c \
-	mcache.c \
-	misc.c \
-	mk_error.c \
-	mk_priv.c \
-	mk_rep.c \
-	mk_req.c \
-	mk_req_ext.c \
-	mk_safe.c \
-	net_read.c \
-	net_write.c \
-	n-fold.c \
-	padata.c \
-	principal.c \
-	prog_setup.c \
-	prompter_posix.c \
-	rd_cred.c \
-	rd_error.c \
-	rd_priv.c \
-	rd_rep.c \
-	rd_req.c \
-	rd_safe.c \
-	read_message.c \
-	recvauth.c \
-	replay.c \
-	send_to_kdc.c \
-	sendauth.c \
-	set_default_realm.c \
-	sock_principal.c \
-	store.c \
-	store_emem.c \
-	store_fd.c \
-	store_mem.c \
-	ticket.c \
-	time.c \
-	transited.c \
-	verify_init.c \
-	verify_user.c \
-	version.c \
-	warn.c \
-	write_message.c \
+	acl.c					\
+	add_et_list.c				\
+	addr_families.c				\
+	address.c				\
+	aname_to_localname.c			\
+	appdefault.c				\
+	asn1_glue.c				\
+	auth_context.c				\
+	build_ap_req.c				\
+	build_auth.c				\
+	cache.c					\
+	changepw.c				\
+	codec.c					\
+	config_file.c				\
+	config_file_netinfo.c			\
+	convert_creds.c				\
+	constants.c				\
+	context.c				\
+	copy_host_realm.c			\
+	crc.c					\
+	creds.c					\
+	crypto.c				\
+	data.c					\
+	eai_to_heim_errno.c			\
+	error_string.c				\
+	expand_hostname.c			\
+	fcache.c				\
+	free.c					\
+	free_host_realm.c			\
+	generate_seq_number.c			\
+	generate_subkey.c			\
+	get_addrs.c				\
+	get_cred.c				\
+	get_default_principal.c			\
+	get_default_realm.c			\
+	get_for_creds.c				\
+	get_host_realm.c			\
+	get_in_tkt.c				\
+	get_in_tkt_pw.c				\
+	get_in_tkt_with_keytab.c		\
+	get_in_tkt_with_skey.c			\
+	get_port.c				\
+	init_creds.c				\
+	init_creds_pw.c				\
+	keyblock.c				\
+	keytab.c				\
+	keytab_any.c				\
+	keytab_file.c				\
+	keytab_memory.c				\
+	keytab_keyfile.c			\
+	keytab_krb4.c				\
+	krbhst.c				\
+	kuserok.c				\
+	log.c					\
+	mcache.c				\
+	misc.c					\
+	mk_error.c				\
+	mk_priv.c				\
+	mk_rep.c				\
+	mk_req.c				\
+	mk_req_ext.c				\
+	mk_safe.c				\
+	net_read.c				\
+	net_write.c				\
+	n-fold.c				\
+	padata.c				\
+	principal.c				\
+	prog_setup.c				\
+	prompter_posix.c			\
+	rd_cred.c				\
+	rd_error.c				\
+	rd_priv.c				\
+	rd_rep.c				\
+	rd_req.c				\
+	rd_safe.c				\
+	read_message.c				\
+	recvauth.c				\
+	replay.c				\
+	send_to_kdc.c				\
+	sendauth.c				\
+	set_default_realm.c			\
+	sock_principal.c			\
+	store.c					\
+	store_emem.c				\
+	store_fd.c				\
+	store_mem.c				\
+	ticket.c				\
+	time.c					\
+	transited.c				\
+	verify_init.c				\
+	verify_user.c				\
+	version.c				\
+	warn.c					\
+	write_message.c				\
 	$(ERR_FILES)
 
 
-libkrb5_la_LDFLAGS = -version-info 15:0:0
+libkrb5_la_LDFLAGS = -version-info 16:0:0
 
 #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
 
@@ -327,7 +332,8 @@ man_MANS = \
 	verify_krb5_conf.8			\
 	krb5_auth_context.3			\
 	krb5_context.3				\
-	krb5_init_context.3
+	krb5_init_context.3			\
+	krb5_keytab.3
 
 
 include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h
@@ -354,27 +360,35 @@ address.lo aname_to_localname.lo appdefault.lo asn1_glue.lo \
 auth_context.lo build_ap_req.lo build_auth.lo cache.lo changepw.lo \
 codec.lo config_file.lo config_file_netinfo.lo convert_creds.lo \
 constants.lo context.lo copy_host_realm.lo crc.lo creds.lo crypto.lo \
-data.lo eai_to_heim_errno.lo expand_hostname.lo fcache.lo free.lo \
-free_host_realm.lo generate_seq_number.lo generate_subkey.lo \
-get_addrs.lo get_cred.lo get_default_principal.lo get_default_realm.lo \
-get_for_creds.lo get_host_realm.lo get_in_tkt.lo get_in_tkt_pw.lo \
-get_in_tkt_with_keytab.lo get_in_tkt_with_skey.lo get_port.lo \
-init_creds.lo init_creds_pw.lo keyblock.lo keytab.lo keytab_file.lo \
-keytab_memory.lo keytab_keyfile.lo keytab_krb4.lo krbhst.lo kuserok.lo \
-log.lo mcache.lo misc.lo mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo \
-mk_req_ext.lo mk_safe.lo net_read.lo net_write.lo n-fold.lo padata.lo \
-principal.lo prog_setup.lo prompter_posix.lo rd_cred.lo rd_error.lo \
-rd_priv.lo rd_rep.lo rd_req.lo rd_safe.lo read_message.lo recvauth.lo \
-replay.lo send_to_kdc.lo sendauth.lo set_default_realm.lo \
-sock_principal.lo store.lo store_emem.lo store_fd.lo store_mem.lo \
-ticket.lo time.lo transited.lo verify_init.lo verify_user.lo version.lo \
-warn.lo write_message.lo krb5_err.lo heim_err.lo
+data.lo eai_to_heim_errno.lo error_string.lo expand_hostname.lo \
+fcache.lo free.lo free_host_realm.lo generate_seq_number.lo \
+generate_subkey.lo get_addrs.lo get_cred.lo get_default_principal.lo \
+get_default_realm.lo get_for_creds.lo get_host_realm.lo get_in_tkt.lo \
+get_in_tkt_pw.lo get_in_tkt_with_keytab.lo get_in_tkt_with_skey.lo \
+get_port.lo init_creds.lo init_creds_pw.lo keyblock.lo keytab.lo \
+keytab_any.lo keytab_file.lo keytab_memory.lo keytab_keyfile.lo \
+keytab_krb4.lo krbhst.lo kuserok.lo log.lo mcache.lo misc.lo \
+mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo mk_req_ext.lo mk_safe.lo \
+net_read.lo net_write.lo n-fold.lo padata.lo principal.lo prog_setup.lo \
+prompter_posix.lo rd_cred.lo rd_error.lo rd_priv.lo rd_rep.lo rd_req.lo \
+rd_safe.lo read_message.lo recvauth.lo replay.lo send_to_kdc.lo \
+sendauth.lo set_default_realm.lo sock_principal.lo store.lo \
+store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo transited.lo \
+verify_init.lo verify_user.lo version.lo warn.lo write_message.lo \
+krb5_err.lo heim_err.lo
 libkrb5_la_OBJECTS =  $(am_libkrb5_la_OBJECTS)
 bin_PROGRAMS =  verify_krb5_conf$(EXEEXT)
-check_PROGRAMS =  n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT)
+check_PROGRAMS =  n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \
+derived-key-test$(EXEEXT) store-test$(EXEEXT)
 noinst_PROGRAMS =  dump_config$(EXEEXT) test_get_addrs$(EXEEXT)
 PROGRAMS =  $(bin_PROGRAMS) $(noinst_PROGRAMS)
 
+derived_key_test_SOURCES = derived-key-test.c
+derived_key_test_OBJECTS =  derived-key-test.$(OBJEXT)
+derived_key_test_LDADD = $(LDADD)
+derived_key_test_DEPENDENCIES =  libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
+derived_key_test_LDFLAGS = 
 dump_config_SOURCES = dump_config.c
 dump_config_OBJECTS =  dump_config.$(OBJEXT)
 dump_config_LDADD = $(LDADD)
@@ -387,6 +401,12 @@ n_fold_test_LDADD = $(LDADD)
 n_fold_test_DEPENDENCIES =  libkrb5.la \
 $(top_builddir)/lib/asn1/libasn1.la
 n_fold_test_LDFLAGS = 
+store_test_SOURCES = store-test.c
+store_test_OBJECTS =  store-test.$(OBJEXT)
+store_test_LDADD = $(LDADD)
+store_test_DEPENDENCIES =  libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
+store_test_LDFLAGS = 
 string_to_key_test_SOURCES = string-to-key-test.c
 string_to_key_test_OBJECTS =  string-to-key-test.$(OBJEXT)
 string_to_key_test_LDADD = $(LDADD)
@@ -410,8 +430,9 @@ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $
 CFLAGS = @CFLAGS@
 CCLD = $(CC)
 LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =  $(libkrb5_la_SOURCES) dump_config.c n-fold-test.c \
-string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
+DIST_SOURCES =  $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \
+n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c \
+verify_krb5_conf.c
 man3dir = $(mandir)/man3
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
@@ -425,12 +446,12 @@ DIST_COMMON =  $(include_HEADERS) Makefile.am Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 
 GZIP_ENV = --best
-SOURCES = $(libkrb5_la_SOURCES) dump_config.c n-fold-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
-OBJECTS = $(am_libkrb5_la_OBJECTS) dump_config.$(OBJEXT) n-fold-test.$(OBJEXT) string-to-key-test.$(OBJEXT) test_get_addrs.$(OBJEXT) verify_krb5_conf.$(OBJEXT)
+SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
+OBJECTS = $(am_libkrb5_la_OBJECTS) derived-key-test.$(OBJEXT) dump_config.$(OBJEXT) n-fold-test.$(OBJEXT) store-test.$(OBJEXT) string-to-key-test.$(OBJEXT) test_get_addrs.$(OBJEXT) verify_krb5_conf.$(OBJEXT)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/krb5/Makefile
 
@@ -535,6 +556,10 @@ distclean-noinstPROGRAMS:
 
 maintainer-clean-noinstPROGRAMS:
 
+derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES)
+	@rm -f derived-key-test$(EXEEXT)
+	$(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS)
+
 dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES)
 	@rm -f dump_config$(EXEEXT)
 	$(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS)
@@ -543,6 +568,10 @@ n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES)
 	@rm -f n-fold-test$(EXEEXT)
 	$(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
 
+store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES)
+	@rm -f store-test$(EXEEXT)
+	$(LINK) $(store_test_LDFLAGS) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS)
+
 string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES)
 	@rm -f string-to-key-test$(EXEEXT)
 	$(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
@@ -714,6 +743,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -802,6 +836,8 @@ check-am: all-am
 check: check-am
 installcheck-am:
 installcheck: installcheck-am
+install-binPROGRAMS: install-libLTLIBRARIES
+
 install-exec-am: install-libLTLIBRARIES install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c
index 0106251..fb22fbb 100644
--- a/crypto/heimdal/lib/krb5/acl.c
+++ b/crypto/heimdal/lib/krb5/acl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -34,7 +34,7 @@
 #include "krb5_locl.h"
 #include <fnmatch.h>
 
-RCSID("$Id: acl.c,v 1.1 2000/06/12 11:17:52 joda Exp $");
+RCSID("$Id: acl.c,v 1.2 2001/05/14 06:14:43 assar Exp $");
 
 struct acl_field {
     enum { acl_string, acl_fnmatch, acl_retval } type;
@@ -68,6 +68,7 @@ acl_parse_format(krb5_context context,
     for(p = format; *p != '\0'; p++) {
 	tmp = malloc(sizeof(*tmp));
 	if(tmp == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    acl_free_list(acl);
 	    return ENOMEM;
 	}
@@ -133,6 +134,7 @@ krb5_acl_match_string(krb5_context context,
 		      ...)
 {
     krb5_error_code ret;
+    krb5_boolean found;
     struct acl_field *acl;
 
     va_list ap;
@@ -142,10 +144,14 @@ krb5_acl_match_string(krb5_context context,
     if(ret)
 	return ret;
 
-    ret = acl_match_acl(context, acl, acl_string);
-
+    found = acl_match_acl(context, acl, acl_string);
     acl_free_list(acl);
-    return ret ? 0 : EACCES;
+    if (found) {
+	return 0;
+    } else {
+	krb5_set_error_string(context, "ACL did not match");
+	return EACCES;
+    }
 }
 	       
 krb5_error_code
@@ -159,10 +165,16 @@ krb5_acl_match_file(krb5_context context,
     char buf[256];
     va_list ap;
     FILE *f;
+    krb5_boolean found;
 
     f = fopen(file, "r");
-    if(f == NULL)
-	return errno;
+    if(f == NULL) {
+	int save_errno = errno;
+
+	krb5_set_error_string(context, "open(%s): %s", file,
+			      strerror(save_errno));
+	return save_errno;
+    }
 
     va_start(ap, format);
     ret = acl_parse_format(context, &acl, format, ap);
@@ -172,18 +184,22 @@ krb5_acl_match_file(krb5_context context,
 	return ret;
     }
 
-    ret = EACCES; /* XXX */
+    found = FALSE;
     while(fgets(buf, sizeof(buf), f)) {
 	if(buf[0] == '#')
 	    continue;
 	if(acl_match_acl(context, acl, buf)) {
-	    ret = 0;
-	    goto out;
+	    found = TRUE;
+	    break;
 	}
     }
 
-  out:
     fclose(f);
     acl_free_list(acl);
-    return ret;
+    if (found) {
+	return 0;
+    } else {
+	krb5_set_error_string(context, "ACL did not match");
+	return EACCES;
+    }
 }
diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c
index 339d23b..430fd1e 100644
--- a/crypto/heimdal/lib/krb5/addr_families.c
+++ b/crypto/heimdal/lib/krb5/addr_families.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: addr_families.c,v 1.24 2000/07/08 13:05:43 joda Exp $");
+RCSID("$Id: addr_families.c,v 1.26 2001/05/14 22:49:55 assar Exp $");
 
 struct addr_operations {
     int af;
@@ -386,33 +386,45 @@ find_atype(int atype)
 }
 
 krb5_error_code
-krb5_sockaddr2address (const struct sockaddr *sa, krb5_address *addr)
+krb5_sockaddr2address (krb5_context context,
+		       const struct sockaddr *sa, krb5_address *addr)
 {
     struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string (context, "Address family %d not supported",
+			       sa->sa_family);
 	return KRB5_PROG_ATYPE_NOSUPP;
+    }
     return (*a->sockaddr2addr)(sa, addr);
 }
 
 krb5_error_code
-krb5_sockaddr2port (const struct sockaddr *sa, int16_t *port)
+krb5_sockaddr2port (krb5_context context,
+		    const struct sockaddr *sa, int16_t *port)
 {
     struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string (context, "Address family %d not supported",
+			       sa->sa_family);
 	return KRB5_PROG_ATYPE_NOSUPP;
+    }
     return (*a->sockaddr2port)(sa, port);
 }
 
 krb5_error_code
-krb5_addr2sockaddr (const krb5_address *addr,
+krb5_addr2sockaddr (krb5_context context,
+		    const krb5_address *addr,
 		    struct sockaddr *sa,
 		    int *sa_size,
 		    int port)
 {
     struct addr_operations *a = find_atype(addr->addr_type);
 
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string (context, "Address type %d not supported",
+			       addr->addr_type);
 	return KRB5_PROG_ATYPE_NOSUPP;
+    }
     (*a->addr2sockaddr)(addr, sa, sa_size, port);
     return 0;
 }
@@ -439,37 +451,46 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
 }
 
 krb5_error_code
-krb5_h_addr2sockaddr (int af,
+krb5_h_addr2sockaddr (krb5_context context,
+		      int af,
 		      const char *addr, struct sockaddr *sa, int *sa_size,
 		      int port)
 {
     struct addr_operations *a = find_af(af);
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string (context, "Address family %d not supported", af);
 	return KRB5_PROG_ATYPE_NOSUPP;
+    }
     (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
     return 0;
 }
 
 krb5_error_code
-krb5_h_addr2addr (int af,
+krb5_h_addr2addr (krb5_context context,
+		  int af,
 		  const char *haddr, krb5_address *addr)
 {
     struct addr_operations *a = find_af(af);
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string (context, "Address family %d not supported", af);
 	return KRB5_PROG_ATYPE_NOSUPP;
+    }
     return (*a->h_addr2addr)(haddr, addr);
 }
 
 krb5_error_code
-krb5_anyaddr (int af,
+krb5_anyaddr (krb5_context context,
+	      int af,
 	      struct sockaddr *sa,
 	      int *sa_size,
 	      int port)
 {
     struct addr_operations *a = find_af (af);
 
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string (context, "Address family %d not supported", af);
 	return KRB5_PROG_ATYPE_NOSUPP;
+    }
 
     (*a->anyaddr)(sa, sa_size, port);
     return 0;
@@ -509,6 +530,7 @@ krb5_parse_address(krb5_context context,
     int i, n;
     struct addrinfo *ai, *a;
     int error;
+    int save_errno;
 
     for(i = 0; i < num_addrs; i++) {
 	if(at[i].parse_addr) {
@@ -522,8 +544,11 @@ krb5_parse_address(krb5_context context,
     }
 
     error = getaddrinfo (string, NULL, NULL, &ai);
-    if (error)
-	return krb5_eai_to_heim_errno(error);
+    if (error) {
+	save_errno = errno;
+	krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
+	return krb5_eai_to_heim_errno(error, save_errno);
+    }
     
     n = 0;
     for (a = ai; a != NULL; a = a->ai_next)
@@ -532,7 +557,7 @@ krb5_parse_address(krb5_context context,
     ALLOC_SEQ(addresses, n);
 
     for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) {
-	krb5_sockaddr2address (ai->ai_addr, &addresses->val[i]);
+	krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]);
     }
     freeaddrinfo (ai);
     return 0;
diff --git a/crypto/heimdal/lib/krb5/address.c b/crypto/heimdal/lib/krb5/address.c
index 8b0704f..5dc756a 100644
--- a/crypto/heimdal/lib/krb5/address.c
+++ b/crypto/heimdal/lib/krb5/address.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: address.c,v 1.14 1999/12/02 17:05:07 joda Exp $");
+RCSID("$Id: address.c,v 1.15 2001/05/14 06:14:44 assar Exp $");
 
 #if 0
 /* This is the supposedly MIT-api version */
@@ -128,8 +128,10 @@ krb5_append_addresses(krb5_context context,
     int i;
     if(source->len > 0) {
 	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
-	if(tmp == NULL)
+	if(tmp == NULL) {
+	    krb5_set_error_string(context, "realloc: out of memory");
 	    return ENOMEM;
+	}
 	dest->val = tmp;
 	for(i = 0; i < source->len; i++) {
 	    /* skip duplicates */
@@ -151,18 +153,22 @@ krb5_append_addresses(krb5_context context,
  */
 
 krb5_error_code
-krb5_make_addrport (krb5_address **res, const krb5_address *addr, int16_t port)
+krb5_make_addrport (krb5_context context,
+		    krb5_address **res, const krb5_address *addr, int16_t port)
 {
     krb5_error_code ret;
     size_t len = addr->address.length + 2 + 4 * 4;
     u_char *p;
 
     *res = malloc (sizeof(**res));
-    if (*res == NULL)
+    if (*res == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
     ret = krb5_data_alloc (&(*res)->address, len);
     if (ret) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	free (*res);
 	return ret;
     }
diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c
index 081dec0..12de150 100644
--- a/crypto/heimdal/lib/krb5/appdefault.c
+++ b/crypto/heimdal/lib/krb5/appdefault.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: appdefault.c,v 1.3 2001/01/10 00:19:58 assar Exp $");
+RCSID("$Id: appdefault.c,v 1.5 2001/05/14 06:14:44 assar Exp $");
 
 void
 krb5_appdefault_boolean(krb5_context context, const char *appname, 
@@ -42,7 +42,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
 {
     
     if(appname == NULL)
-	appname = __progname;
+	appname = getprogname();
     def_val = krb5_config_get_bool_default(context, NULL, def_val, 
 					   "appdefaults", 
 					   option, 
@@ -76,7 +76,7 @@ krb5_appdefault_string(krb5_context context, const char *appname,
 		       const char *def_val, char **ret_val)
 {
     if(appname == NULL)
-	appname = __progname;
+	appname = getprogname();
     def_val = krb5_config_get_string_default(context, NULL, def_val, 
 					     "appdefaults", 
 					     option, 
diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c
index a37c4dd..eca2e87 100644
--- a/crypto/heimdal/lib/krb5/auth_context.c
+++ b/crypto/heimdal/lib/krb5/auth_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: auth_context.c,v 1.55 2000/12/10 20:01:05 assar Exp $");
+RCSID("$Id: auth_context.c,v 1.56 2001/05/14 06:14:44 assar Exp $");
 
 krb5_error_code
 krb5_auth_con_init(krb5_context context,
@@ -42,11 +42,14 @@ krb5_auth_con_init(krb5_context context,
     krb5_auth_context p;
 
     ALLOC(p, 1);
-    if(!p)
+    if(!p) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memset(p, 0, sizeof(*p));
     ALLOC(p->authenticator, 1);
     if (!p->authenticator) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	free(p);
 	return ENOMEM;
     }
@@ -146,11 +149,13 @@ krb5_auth_con_genaddrs(krb5_context context,
 	    len = sizeof(ss_local);
 	    if(getsockname(fd, local, &len) < 0) {
 		ret = errno;
+		krb5_set_error_string (context, "getsockname: %s",
+				       strerror(ret));
 		goto out;
 	    }
-	    krb5_sockaddr2address (local, &local_k_address);
+	    krb5_sockaddr2address (context, local, &local_k_address);
 	    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
-		krb5_sockaddr2port (local, &auth_context->local_port);
+		krb5_sockaddr2port (context, local, &auth_context->local_port);
 	    } else
 		auth_context->local_port = 0;
 	    lptr = &local_k_address;
@@ -160,11 +165,12 @@ krb5_auth_con_genaddrs(krb5_context context,
 	len = sizeof(ss_remote);
 	if(getpeername(fd, remote, &len) < 0) {
 	    ret = errno;
+	    krb5_set_error_string (context, "getpeername: %s", strerror(ret));
 	    goto out;
 	}
-	krb5_sockaddr2address (remote, &remote_k_address);
+	krb5_sockaddr2address (context, remote, &remote_k_address);
 	if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
-	    krb5_sockaddr2port (remote, &auth_context->remote_port);
+	    krb5_sockaddr2port (context, remote, &auth_context->remote_port);
 	} else
 	    auth_context->remote_port = 0;
 	rptr = &remote_k_address;
@@ -205,8 +211,10 @@ krb5_auth_con_getaddrs(krb5_context context,
     if(*local_addr)
 	krb5_free_address (context, *local_addr);
     *local_addr = malloc (sizeof(**local_addr));
-    if (*local_addr == NULL)
+    if (*local_addr == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     krb5_copy_address(context,
 		      auth_context->local_address,
 		      *local_addr);
@@ -214,8 +222,12 @@ krb5_auth_con_getaddrs(krb5_context context,
     if(*remote_addr)
 	krb5_free_address (context, *remote_addr);
     *remote_addr = malloc (sizeof(**remote_addr));
-    if (*remote_addr == NULL)
+    if (*remote_addr == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
+	krb5_free_address (context, *local_addr);
+	*local_addr = NULL;
 	return ENOMEM;
+    }
     krb5_copy_address(context,
 		      auth_context->remote_address,
 		      *remote_addr);
@@ -390,8 +402,10 @@ krb5_auth_getauthenticator(krb5_context context,
 			   krb5_authenticator *authenticator)
 {
     *authenticator = malloc(sizeof(**authenticator));
-    if (*authenticator == NULL)
+    if (*authenticator == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     copy_Authenticator(auth_context->authenticator,
 		       *authenticator);
diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c
index c8a89ca..e4f7d4e 100644
--- a/crypto/heimdal/lib/krb5/build_ap_req.c
+++ b/crypto/heimdal/lib/krb5/build_ap_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: build_ap_req.c,v 1.16 1999/12/02 17:05:07 joda Exp $");
+RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $");
 
 krb5_error_code
 krb5_build_ap_req (krb5_context context,
@@ -68,9 +68,10 @@ krb5_build_ap_req (krb5_context context,
 
   retdata->length = length_AP_REQ(&ap);
   retdata->data   = malloc(retdata->length);
-  if(retdata->data == NULL)
+  if(retdata->data == NULL) {
+      krb5_set_error_string(context, "malloc: out of memory");
       ret = ENOMEM;
-  else
+  } else
       encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1,
 		    retdata->length, &ap, &len);
   free_AP_REQ(&ap);
diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c
index c75b2f1..b1650fd 100644
--- a/crypto/heimdal/lib/krb5/build_auth.c
+++ b/crypto/heimdal/lib/krb5/build_auth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: build_auth.c,v 1.34 2000/11/15 06:58:51 assar Exp $");
+RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $");
 
 krb5_error_code
 krb5_build_authenticator (krb5_context context,
@@ -53,8 +53,10 @@ krb5_build_authenticator (krb5_context context,
   krb5_crypto crypto;
 
   auth = malloc(sizeof(*auth));
-  if (auth == NULL)
+  if (auth == NULL) {
+      krb5_set_error_string(context, "malloc: out of memory");
       return ENOMEM;
+  }
 
   memset (auth, 0, sizeof(*auth));
   auth->authenticator_vno = 5;
@@ -100,6 +102,7 @@ krb5_build_authenticator (krb5_context context,
   buf_size = 1024;
   buf = malloc (buf_size);
   if (buf == NULL) {
+      krb5_set_error_string(context, "malloc: out of memory");
       ret = ENOMEM;
       goto fail;
   }
@@ -116,6 +119,7 @@ krb5_build_authenticator (krb5_context context,
 	      buf_size *= 2;
 	      tmp = realloc (buf, buf_size);
 	      if (tmp == NULL) {
+		  krb5_set_error_string(context, "malloc: out of memory");
 		  ret = ENOMEM;
 		  goto fail;
 	      }
diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c
index 121f44f..141eb61 100644
--- a/crypto/heimdal/lib/krb5/cache.c
+++ b/crypto/heimdal/lib/krb5/cache.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: cache.c,v 1.45 2000/12/05 09:18:29 joda Exp $");
+RCSID("$Id: cache.c,v 1.47 2001/05/14 06:14:45 assar Exp $");
 
 /*
  * Add a new ccache type with operations `ops', overwriting any
@@ -46,32 +46,42 @@ krb5_cc_register(krb5_context context,
 		 const krb5_cc_ops *ops, 
 		 krb5_boolean override)
 {
+    char *prefix_copy;
     int i;
 
     for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
 	if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
 	    if(override)
 		free(context->cc_ops[i].prefix);
-	    else
+	    else {
+		krb5_set_error_string(context,
+				      "ccache type %s already exists",
+				      ops->prefix);
 		return KRB5_CC_TYPE_EXISTS;
+	    }
 	}
     }
+    prefix_copy = strdup(ops->prefix);
+    if (prefix_copy == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
+	return KRB5_CC_NOMEM;
+    }
     if(i == context->num_cc_ops) {
 	krb5_cc_ops *o = realloc(context->cc_ops,
 				 (context->num_cc_ops + 1) *
 				 sizeof(*context->cc_ops));
-	if(o == NULL)
+	if(o == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
+	    free(prefix_copy);
 	    return KRB5_CC_NOMEM;
+	}
 	context->num_cc_ops++;
 	context->cc_ops = o;
 	memset(context->cc_ops + i, 0, 
 	       (context->num_cc_ops - i) * sizeof(*context->cc_ops));
     }
     memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
-    context->cc_ops[i].prefix = strdup(ops->prefix);
-    if(context->cc_ops[i].prefix == NULL)
-	return KRB5_CC_NOMEM;
-    
+    context->cc_ops[i].prefix = prefix_copy;
     return 0;
 }
 
@@ -91,8 +101,10 @@ allocate_ccache (krb5_context context,
     krb5_ccache p;
 
     p = malloc(sizeof(*p));
-    if(p == NULL)
+    if(p == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
     p->ops = ops;
     *id = p;
     ret = p->ops->resolve(context, id, residual);
@@ -126,8 +138,10 @@ krb5_cc_resolve(krb5_context context,
     }
     if (strchr (name, ':') == NULL)
 	return allocate_ccache (context, &krb5_fcc_ops, name, id);
-    else
+    else {
+	krb5_set_error_string(context, "unknown ccache type %s", name);
 	return KRB5_CC_UNKNOWN_TYPE;
+    }
 }
 
 /*
@@ -143,8 +157,10 @@ krb5_cc_gen_new(krb5_context context,
     krb5_ccache p;
 
     p = malloc (sizeof(*p));
-    if (p == NULL)
+    if (p == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
     p->ops = ops;
     *id = p;
     return p->ops->gen_new(context, id);
@@ -281,7 +297,7 @@ krb5_cc_retrieve_cred(krb5_context context,
     krb5_error_code ret;
     krb5_cc_cursor cursor;
     krb5_cc_start_seq_get(context, id, &cursor);
-    while((ret = krb5_cc_next_cred(context, id, creds, &cursor)) == 0){
+    while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
 	if(krb5_compare_creds(context, whichfields, mcreds, creds)){
 	    ret = 0;
 	    break;
@@ -328,8 +344,8 @@ krb5_cc_start_seq_get (krb5_context context,
 krb5_error_code
 krb5_cc_next_cred (krb5_context context,
 		   const krb5_ccache id,
-		   krb5_creds *creds,
-		   krb5_cc_cursor *cursor)
+		   krb5_cc_cursor *cursor,
+		   krb5_creds *creds)
 {
     return id->ops->get_next(context, id, cursor, creds);
 }
@@ -356,8 +372,12 @@ krb5_cc_remove_cred(krb5_context context,
 		    krb5_flags which,
 		    krb5_creds *cred)
 {
-    if(id->ops->remove_cred == NULL)
+    if(id->ops->remove_cred == NULL) {
+	krb5_set_error_string(context,
+			      "ccache %s does not support remove_cred",
+			      id->ops->prefix);
 	return EACCES; /* XXX */
+    }
     return (*id->ops->remove_cred)(context, id, which, cred);
 }
 
@@ -400,7 +420,7 @@ krb5_cc_copy_cache(krb5_context context,
 	krb5_free_principal(context, princ);
 	return ret;
     }
-    while(ret == 0 && krb5_cc_next_cred(context, from, &cred, &cursor) == 0){
+    while(ret == 0 && krb5_cc_next_cred(context, from, &cursor, &cred) == 0){
 	ret = krb5_cc_store_cred(context, to, &cred);
 	krb5_free_creds_contents (context, &cred);
     }
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
index 407abf0..309e972 100644
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ b/crypto/heimdal/lib/krb5/changepw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,17 +33,20 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: changepw.c,v 1.30 2000/12/10 23:10:10 assar Exp $");
+RCSID("$Id: changepw.c,v 1.32 2001/05/14 22:49:55 assar Exp $");
 
 static krb5_error_code
 get_kdc_address (krb5_context context,
 		 krb5_realm realm,
-		 struct addrinfo **ai)
+		 struct addrinfo **ai,
+		 char **ret_host)
 {
     krb5_error_code ret;
     char **hostlist;
     int port = 0;
     int error;
+    char *host;
+    int save_errno;
 
     ret = krb5_get_krb_changepw_hst (context,
 				     &realm,
@@ -51,12 +54,23 @@ get_kdc_address (krb5_context context,
     if (ret)
 	return ret;
 
+    host = strdup(*hostlist);
+    krb5_free_krbhst(context, hostlist);
+    if (host == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
+	return ENOMEM;
+    }
+
     port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
-    error = roken_getaddrinfo_hostspec2(*hostlist, SOCK_DGRAM, port, ai);
+    error = roken_getaddrinfo_hostspec2(host, SOCK_DGRAM, port, ai);
 
-    krb5_free_krbhst (context, hostlist);
-    if(error)
-	return krb5_eai_to_heim_errno(error);
+    if(error) {
+	save_errno = errno;
+	krb5_set_error_string(context, "resolving %s: %s",
+			      host, gai_strerror(error));
+	return krb5_eai_to_heim_errno(error, save_errno);
+    }
+    *ret_host = host;
     return 0;
 }
 
@@ -67,7 +81,8 @@ send_request (krb5_context context,
 	      int sock,
 	      struct sockaddr *sa,
 	      int sa_size,
-	      char *passwd)
+	      char *passwd,
+	      const char *host)
 {
     krb5_error_code ret;
     krb5_data ap_req_data;
@@ -129,8 +144,10 @@ send_request (krb5_context context,
     iov[2].iov_base    = krb_priv_data.data;
     iov[2].iov_len     = krb_priv_data.length;
 
-    if (sendmsg (sock, &msghdr, 0) < 0)
+    if (sendmsg (sock, &msghdr, 0) < 0) {
 	ret = errno;
+	krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
+    }
 
     krb5_data_free (&krb_priv_data);
 out2:
@@ -161,17 +178,23 @@ process_reply (krb5_context context,
 	       int sock,
 	       int *result_code,
 	       krb5_data *result_code_string,
-	       krb5_data *result_string)
+	       krb5_data *result_string,
+	       const char *host)
 {
     krb5_error_code ret;
     u_char reply[BUFSIZ];
     size_t len;
     u_int16_t pkt_len, pkt_ver;
     krb5_data ap_rep_data;
+    int save_errno;
 
     ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
-    if (ret < 0)
-	return errno;
+    if (ret < 0) {
+	save_errno = errno;
+	krb5_set_error_string(context, "recvfrom %s: %s",
+			      host, strerror(save_errno));
+	return save_errno;
+    }
 
     len = ret;
     pkt_len = (reply[0] << 8) | (reply[1]);
@@ -243,7 +266,7 @@ process_reply (krb5_context context,
 	}
 	if (error.e_data->length < 2) {
 	    krb5_warnx (context, "too short e_data to print anything usable");
-	    return 1;
+	    return 1;		/* XXX */
 	}
 
 	p = error.e_data->data;
@@ -255,6 +278,12 @@ process_reply (krb5_context context,
     }
 }
 
+/*
+ * change the password using the credentials in `creds' (for the
+ * principal indicated in them) to `newpw', storing the result of
+ * the operation in `result_*' and an error code or 0.
+ */
+
 krb5_error_code
 krb5_change_password (krb5_context	context,
 		      krb5_creds	*creds,
@@ -269,12 +298,13 @@ krb5_change_password (krb5_context	context,
     int i;
     struct addrinfo *ai, *a;
     int done = 0;
+    char *host = NULL;
 
     ret = krb5_auth_con_init (context, &auth_context);
     if (ret)
 	return ret;
 
-    ret = get_kdc_address (context, creds->client->realm, &ai);
+    ret = get_kdc_address (context, creds->client->realm, &ai, &host);
     if (ret)
 	goto out;
 
@@ -297,7 +327,8 @@ krb5_change_password (krb5_context	context,
 				    sock,
 				    a->ai_addr,
 				    a->ai_addrlen,
-				    newpw);
+				    newpw,
+				    host);
 		if (ret) {
 		    close(sock);
 		    goto out;
@@ -305,6 +336,7 @@ krb5_change_password (krb5_context	context,
 	    }
 	    
 	    if (sock >= FD_SETSIZE) {
+		krb5_set_error_string(context, "fd %d too large", sock);
 		ret = ERANGE;
 		close (sock);
 		goto out;
@@ -326,7 +358,8 @@ krb5_change_password (krb5_context	context,
 				     sock,
 				     result_code,
 				     result_code_string,
-				     result_string);
+				     result_string,
+				     host);
 		if (ret == 0)
 		    done = 1;
 		else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
@@ -341,8 +374,16 @@ krb5_change_password (krb5_context	context,
 
 out:
     krb5_auth_con_free (context, auth_context);
+    free (host);
     if (done)
 	return 0;
-    else
+    else {
+	if (ret == KRB5_KDC_UNREACH)
+	    krb5_set_error_string(context,
+				  "failed to reach kpasswd server %s "
+				  "in realm %s",
+				  host, creds->client->realm);
+
 	return ret;
+    }
 }
diff --git a/crypto/heimdal/lib/krb5/codec.c b/crypto/heimdal/lib/krb5/codec.c
index 1d94613..6a49e68 100644
--- a/crypto/heimdal/lib/krb5/codec.c
+++ b/crypto/heimdal/lib/krb5/codec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,36 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: codec.c,v 1.6 1999/12/02 17:05:08 joda Exp $");
-
-/* these functions does what the normal asn.1-functions does, but
-   converts the keytype to/from the on-the-wire enctypes */
-
-#if 1
-#define DECODE(T, K) return decode_ ## T(data, length, t, len)
-#define ENCODE(T, K) return encode_ ## T(data, length, t, len)
-#else
-#define DECODE(T, K)					\
-{							\
-    krb5_error_code ret;				\
-    ret = decode_ ## T((void*)data, length, t, len);	\
-    if(ret)						\
-	return ret;					\
-    if(K)						\
-	ret = krb5_decode_keyblock(context, (K), 1);	\
-    return ret;						\
-}
-
-#define ENCODE(T, K)					\
-{							\
-    krb5_error_code ret = 0;				\
-    if(K)						\
-	ret = krb5_decode_keyblock(context, (K), 0);	\
-    if(ret)						\
-	return ret;					\
-    return encode_ ## T(data, length, t, len);		\
-}
-#endif
+RCSID("$Id: codec.c,v 1.7 2001/05/16 22:08:08 assar Exp $");
 
 krb5_error_code
 krb5_decode_EncTicketPart (krb5_context context,
@@ -71,7 +42,7 @@ krb5_decode_EncTicketPart (krb5_context context,
 			   EncTicketPart *t,
 			   size_t *len)
 {
-    DECODE(EncTicketPart, &t->key);
+    return decode_EncTicketPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -81,7 +52,7 @@ krb5_encode_EncTicketPart (krb5_context context,
 			   EncTicketPart *t,
 			   size_t *len)
 {
-    ENCODE(EncTicketPart, &t->key);
+    return encode_EncTicketPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -91,7 +62,7 @@ krb5_decode_EncASRepPart (krb5_context context,
 			  EncASRepPart *t,
 			  size_t *len)
 {
-    DECODE(EncASRepPart, &t->key);
+    return decode_EncASRepPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -101,7 +72,7 @@ krb5_encode_EncASRepPart (krb5_context context,
 			  EncASRepPart *t,
 			  size_t *len)
 {
-    ENCODE(EncASRepPart, &t->key);
+    return encode_EncASRepPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -111,7 +82,7 @@ krb5_decode_EncTGSRepPart (krb5_context context,
 			   EncTGSRepPart *t,
 			   size_t *len)
 {
-    DECODE(EncTGSRepPart, &t->key);
+    return decode_EncTGSRepPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -121,7 +92,7 @@ krb5_encode_EncTGSRepPart (krb5_context context,
 			   EncTGSRepPart *t,
 			   size_t *len)
 {
-    ENCODE(EncTGSRepPart, &t->key);
+    return encode_EncTGSRepPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -131,7 +102,7 @@ krb5_decode_EncAPRepPart (krb5_context context,
 			  EncAPRepPart *t,
 			  size_t *len)
 {
-    DECODE(EncAPRepPart, t->subkey);
+    return decode_EncAPRepPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -141,7 +112,7 @@ krb5_encode_EncAPRepPart (krb5_context context,
 			  EncAPRepPart *t,
 			  size_t *len)
 {
-    ENCODE(EncAPRepPart, t->subkey);
+    return encode_EncAPRepPart(data, length, t, len);
 }
 
 krb5_error_code
@@ -151,7 +122,7 @@ krb5_decode_Authenticator (krb5_context context,
 			   Authenticator *t,
 			   size_t *len)
 {
-    DECODE(Authenticator, t->subkey);
+    return decode_Authenticator(data, length, t, len);
 }
 
 krb5_error_code
@@ -161,7 +132,7 @@ krb5_encode_Authenticator (krb5_context context,
 			   Authenticator *t,
 			   size_t *len)
 {
-    ENCODE(Authenticator, t->subkey);
+    return encode_Authenticator(data, length, t, len);
 }
 
 krb5_error_code
@@ -171,19 +142,7 @@ krb5_decode_EncKrbCredPart (krb5_context context,
 			    EncKrbCredPart *t,
 			    size_t *len)
 {
-#if 1
     return decode_EncKrbCredPart(data, length, t, len);
-#else
-    krb5_error_code ret;
-    int i;
-    ret = decode_EncKrbCredPart((void*)data, length, t, len);
-    if(ret)
-	return ret;
-    for(i = 0; i < t->ticket_info.len; i++)
-	if((ret = krb5_decode_keyblock(context, &t->ticket_info.val[i].key, 1)))
-	    break;
-    return ret;
-#endif
 }
 
 krb5_error_code
@@ -193,15 +152,6 @@ krb5_encode_EncKrbCredPart (krb5_context context,
 			    EncKrbCredPart *t,
 			    size_t *len)
 {
-#if 0
-    krb5_error_code ret = 0;
-    int i;
-
-    for(i = 0; i < t->ticket_info.len; i++)
-	if((ret = krb5_decode_keyblock(context, &t->ticket_info.val[i].key, 0)))
-	    break;
-    if(ret) return ret;
-#endif
     return encode_EncKrbCredPart (data, length, t, len);
 }
 
@@ -212,21 +162,7 @@ krb5_decode_ETYPE_INFO (krb5_context context,
 			ETYPE_INFO *t,
 			size_t *len)
 {
-#if 1
     return decode_ETYPE_INFO(data, length, t, len);
-#else
-    krb5_error_code ret;
-    int i;
-
-    ret = decode_ETYPE_INFO((void*)data, length, t, len);
-    if(ret)
-	return ret;
-    for(i = 0; i < t->len; i++) {
-	if((ret = krb5_decode_keytype(context, &t->val[i].etype, 1)))
-	    break;
-    }
-    return ret;
-#endif
 }
 
 krb5_error_code
@@ -236,16 +172,5 @@ krb5_encode_ETYPE_INFO (krb5_context context,
 			ETYPE_INFO *t,
 			size_t *len)
 {
-#if 0
-    krb5_error_code ret = 0;
-
-    int i;
-    /* XXX this will break, since we need one key-info for each enctype */
-    /* XXX or do we? */
-    for(i = 0; i < t->len; i++)
-	if((ret = krb5_decode_keytype(context, &t->val[i].etype, 0)))
-	    break;
-    if(ret) return ret;
-#endif
     return encode_ETYPE_INFO (data, length, t, len);
 }
diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c
index d5d8a42..b53b69c 100644
--- a/crypto/heimdal/lib/krb5/config_file.c
+++ b/crypto/heimdal/lib/krb5/config_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999, 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,19 +32,20 @@
  */
 
 #include "krb5_locl.h"
-RCSID("$Id: config_file.c,v 1.41 2000/08/16 07:40:36 assar Exp $");
+RCSID("$Id: config_file.c,v 1.42 2001/05/14 06:14:45 assar Exp $");
 
 #ifndef HAVE_NETINFO
 
-static int parse_section(char *p, krb5_config_section **s,
-			 krb5_config_section **res,
-			 char **error_message);
-static int parse_binding(FILE *f, unsigned *lineno, char *p,
-			 krb5_config_binding **b,
-			 krb5_config_binding **parent,
-			 char **error_message);
-static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
-		      char **error_message);
+static krb5_error_code parse_section(char *p, krb5_config_section **s,
+				     krb5_config_section **res,
+				     char **error_message);
+static krb5_error_code parse_binding(FILE *f, unsigned *lineno, char *p,
+				     krb5_config_binding **b,
+				     krb5_config_binding **parent,
+				     char **error_message);
+static krb5_error_code parse_list(FILE *f, unsigned *lineno,
+				  krb5_config_binding **parent,
+				  char **error_message);
 
 /*
  * Parse a section:
@@ -61,7 +62,7 @@ static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
  * Store the error message in `error_message'.
  */
 
-static int
+static krb5_error_code
 parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
 	      char **error_message)
 {
@@ -71,18 +72,18 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
     p1 = strchr (p + 1, ']');
     if (p1 == NULL) {
 	*error_message = "missing ]";
-	return -1;
+	return KRB5_CONFIG_BADFORMAT;
     }
     *p1 = '\0';
     tmp = malloc(sizeof(*tmp));
     if (tmp == NULL) {
 	*error_message = "out of memory";
-	return -1;
+	return KRB5_CONFIG_BADFORMAT;
     }
     tmp->name = strdup(p+1);
     if (tmp->name == NULL) {
 	*error_message = "out of memory";
-	return -1;
+	return KRB5_CONFIG_BADFORMAT;
     }
     tmp->type = krb5_config_list;
     tmp->u.list = NULL;
@@ -133,7 +134,7 @@ parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
     }
     *lineno = beg_lineno;
     *error_message = "unclosed {";
-    return -1;
+    return KRB5_CONFIG_BADFORMAT;
 }
 
 /*
@@ -154,14 +155,14 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
 	++p;
     if (*p == '\0') {
 	*error_message = "no =";
-	return -1;
+	return KRB5_CONFIG_BADFORMAT;
     }
     p2 = p;
     while (isspace((unsigned char)*p))
 	++p;
     if (*p != '=') {
 	*error_message = "no =";
-	return -1;
+	return KRB5_CONFIG_BADFORMAT;
     }
     ++p;
     while(isspace((unsigned char)*p))
@@ -169,7 +170,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
     tmp = malloc(sizeof(*tmp));
     if (tmp == NULL) {
 	*error_message = "out of memory";
-	return -1;
+	return KRB5_CONFIG_BADFORMAT;
     }
     *p2 = '\0';
     tmp->name = strdup(p1);
@@ -200,7 +201,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p,
  * returning error messages in `error_message'
  */
 
-krb5_error_code
+static krb5_error_code
 krb5_config_parse_file_debug (const char *fname,
 			      krb5_config_section **res,
 			      unsigned *lineno,
@@ -210,7 +211,7 @@ krb5_config_parse_file_debug (const char *fname,
     krb5_config_section *s;
     krb5_config_binding *b;
     char buf[BUFSIZ];
-    int ret = 0;
+    krb5_error_code ret = 0;
 
     s = NULL;
     b = NULL;
@@ -240,7 +241,7 @@ krb5_config_parse_file_debug (const char *fname,
 	    b = NULL;
 	} else if (*p == '}') {
 	    *error_message = "unmatched }";
-	    ret = -1;
+	    ret = EINVAL;	/* XXX */
 	    goto out;
 	} else if(*p != '\0') {
 	    ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
@@ -254,12 +255,20 @@ out:
 }
 
 krb5_error_code
-krb5_config_parse_file (const char *fname, krb5_config_section **res)
+krb5_config_parse_file (krb5_context context,
+			const char *fname,
+			krb5_config_section **res)
 {
-    char *foo;
+    char *str;
     unsigned lineno;
+    krb5_error_code ret;
 
-    return krb5_config_parse_file_debug (fname, res, &lineno, &foo);
+    ret = krb5_config_parse_file_debug (fname, res, &lineno, &str);
+    if (ret) {
+	krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
+	return ret;
+    }
+    return 0;
 }
 
 #endif /* !HAVE_NETINFO */
diff --git a/crypto/heimdal/lib/krb5/config_file_netinfo.c b/crypto/heimdal/lib/krb5/config_file_netinfo.c
index aeb939a..a035e88 100644
--- a/crypto/heimdal/lib/krb5/config_file_netinfo.c
+++ b/crypto/heimdal/lib/krb5/config_file_netinfo.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  */
 
 #include "krb5_locl.h"
-RCSID("$Id: config_file_netinfo.c,v 1.2 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: config_file_netinfo.c,v 1.3 2001/05/14 06:14:45 assar Exp $");
 
 /*
  * Netinfo implementation from Luke Howard <lukeh@xedoc.com.au>
@@ -131,7 +131,9 @@ ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
 }
 
 krb5_error_code
-krb5_config_parse_file (const char *fname, krb5_config_section **res)
+krb5_config_parse_file (krb5_context context,
+			const char *fname,
+			krb5_config_section **res)
 {
     void *ni = NULL, *lastni = NULL;
     int i;
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
index 0cfac9a..2ba194b 100644
--- a/crypto/heimdal/lib/krb5/context.c
+++ b/crypto/heimdal/lib/krb5/context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: context.c,v 1.59 2000/12/15 17:11:51 joda Exp $");
+RCSID("$Id: context.c,v 1.64 2001/05/16 22:24:42 assar Exp $");
 
 #define INIT_FIELD(C, T, E, D, F)					\
     (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), 	\
@@ -60,6 +60,7 @@ set_etypes (krb5_context context,
 	etypes = malloc((i+1) * sizeof(*etypes));
 	if (etypes == NULL) {
 	    krb5_config_free_strings (etypes_str);
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
 	}
 	for(j = 0, k = 0; j < i; j++) {
@@ -94,6 +95,9 @@ init_context_from_config_file(krb5_context context)
     INIT_FIELD(context, string, default_keytab, 
 	       KEYTAB_DEFAULT, "default_keytab_name");
 
+    INIT_FIELD(context, string, default_keytab_modify, 
+	       KEYTAB_DEFAULT_MODIFY, "default_keytab_modify_name");
+
     INIT_FIELD(context, string, time_fmt, 
 	       "%Y-%m-%dT%H:%M:%S", "time_format");
 
@@ -144,6 +148,8 @@ init_context_from_config_file(krb5_context context)
     krb5_kt_register (context, &krb5_mkt_ops);
     krb5_kt_register (context, &krb5_akf_ops);
     krb5_kt_register (context, &krb4_fkt_ops);
+    krb5_kt_register (context, &krb5_srvtab_fkt_ops);
+    krb5_kt_register (context, &krb5_any_ops);
     return 0;
 }
 
@@ -168,7 +174,7 @@ krb5_init_context(krb5_context *context)
     if (config_file == NULL)
 	config_file = krb5_config_file;
 
-    ret = krb5_config_parse_file (config_file, &tmp_cf);
+    ret = krb5_config_parse_file (p, config_file, &tmp_cf);
 
     if (ret == 0)
 	p->cf = tmp_cf;
@@ -210,7 +216,7 @@ krb5_free_context(krb5_context context)
  */
 
 static krb5_error_code
-default_etypes(krb5_enctype **etype)
+default_etypes(krb5_context context, krb5_enctype **etype)
 {
     krb5_enctype p[] = {
 	ETYPE_DES3_CBC_SHA1,
@@ -221,9 +227,12 @@ default_etypes(krb5_enctype **etype)
 	ETYPE_DES_CBC_CRC,
 	ETYPE_NULL
     };
+
     *etype = malloc(sizeof(p));
-    if(*etype == NULL)
+    if(*etype == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memcpy(*etype, p, sizeof(p));
     return 0;
 }
@@ -236,14 +245,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
     krb5_enctype *p = NULL;
 
     if(etypes) {
-	i = 0;
-	while(etypes[i])
-	    if(!krb5_enctype_valid(context, etypes[i++]))
+	for (i = 0; etypes[i]; ++i)
+	    if(!krb5_enctype_valid(context, etypes[i])) {
+		krb5_set_error_string(context, "enctype %d not supported",
+				      etypes[i]);
 		return KRB5_PROG_ETYPE_NOSUPP;
+	    }
 	++i;
 	ALLOC(p, i);
-	if(!p)
+	if(!p) {
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
+	}
 	memmove(p, etypes, i * sizeof(krb5_enctype));
     }
     if(context->etypes)
@@ -259,17 +272,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
 {
   krb5_enctype *p;
   int i;
+  krb5_error_code ret;
 
   if(context->etypes) {
     for(i = 0; context->etypes[i]; i++);
     ++i;
     ALLOC(p, i);
-    if(!p)
+    if(!p) {
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
+    }
     memmove(p, context->etypes, i * sizeof(krb5_enctype));
-  } else
-    if(default_etypes(&p))
-      return ENOMEM;
+  } else {
+    ret = default_etypes(context, &p);
+    if (ret)
+      return ret;
+  }
   *etypes = p;
   return 0;
 }
@@ -287,9 +305,9 @@ void
 krb5_init_ets(krb5_context context)
 {
     if(context->et_list == NULL){
-	initialize_krb5_error_table_r(&context->et_list);
-	initialize_asn1_error_table_r(&context->et_list);
-	initialize_heim_error_table_r(&context->et_list);
+	krb5_add_et_list(context, initialize_krb5_error_table_r);
+	krb5_add_et_list(context, initialize_asn1_error_table_r);
+	krb5_add_et_list(context, initialize_heim_error_table_r);
     }
 }
 
@@ -325,8 +343,10 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
     }
     if(context->extra_addresses == NULL) {
 	context->extra_addresses = malloc(sizeof(*context->extra_addresses));
-	if(context->extra_addresses == NULL)
+	if(context->extra_addresses == NULL) {
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
+	}
     }
     return krb5_copy_addresses(context, addresses, context->extra_addresses);
 }
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c
index 8459ee3..f248cd0 100644
--- a/crypto/heimdal/lib/krb5/convert_creds.c
+++ b/crypto/heimdal/lib/krb5/convert_creds.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  */
 
 #include "krb5_locl.h"
-RCSID("$Id: convert_creds.c,v 1.15 2000/07/11 19:30:04 joda Exp $");
+RCSID("$Id: convert_creds.c,v 1.17 2001/05/14 06:14:45 assar Exp $");
 
 static krb5_error_code
 check_ticket_flags(TicketFlags f)
@@ -134,16 +134,15 @@ krb524_convert_creds_kdc(krb5_context context,
     krb5_creds *v5_creds = in_cred;
     krb5_keytype keytype;
 
-    ret = krb5_enctype_to_keytype (context, v5_creds->session.keytype,
-				   &keytype);
-    if (ret)
-	return ret;
+    keytype = v5_creds->session.keytype;
 
-    if (keytype != KEYTYPE_DES) {
+    if (keytype != ENCTYPE_DES_CBC_CRC) {
+	/* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
+           so go get one */
 	krb5_creds template;
 
 	memset (&template, 0, sizeof(template));
-	template.session.keytype = KEYTYPE_DES;
+	template.session.keytype = ENCTYPE_DES_CBC_CRC;
 	ret = krb5_copy_principal (context, in_cred->client, &template.client);
 	if (ret) {
 	    krb5_free_creds_contents (context, &template);
@@ -197,6 +196,7 @@ krb524_convert_creds_kdc(krb5_context context,
     sp = krb5_storage_from_mem(reply.data, reply.length);
     if(sp == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string (context, "malloc: out of memory");
 	goto out2;
     }
     krb5_ret_int32(sp, &tmp);
@@ -204,10 +204,12 @@ krb524_convert_creds_kdc(krb5_context context,
     if(ret == 0) {
 	memset(v4creds, 0, sizeof(*v4creds));
 	ret = krb5_ret_int32(sp, &tmp);
-	if(ret) goto out;
+	if(ret)
+	    goto out;
 	v4creds->kvno = tmp;
 	ret = krb5_ret_data(sp, &ticket);
-	if(ret) goto out;
+	if(ret)
+	    goto out;
 	v4creds->ticket_st.length = ticket.length;
 	memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
 	krb5_data_free(&ticket);
@@ -216,7 +218,8 @@ krb524_convert_creds_kdc(krb5_context context,
 				      v4creds->service, 
 				      v4creds->instance, 
 				      v4creds->realm);
-	if(ret) goto out;
+	if(ret)
+	    goto out;
 	v4creds->issue_date = v5_creds->times.authtime;
 	v4creds->lifetime = _krb_time_to_life(v4creds->issue_date,
 					      v5_creds->times.endtime);
@@ -224,7 +227,8 @@ krb524_convert_creds_kdc(krb5_context context,
 				      v4creds->pname, 
 				      v4creds->pinst, 
 				      realm);
-	if(ret) goto out;
+	if(ret)
+	    goto out;
 	memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
     }
 out:
diff --git a/crypto/heimdal/lib/krb5/copy_host_realm.c b/crypto/heimdal/lib/krb5/copy_host_realm.c
index 4a8f3ec..38fdfa8 100644
--- a/crypto/heimdal/lib/krb5/copy_host_realm.c
+++ b/crypto/heimdal/lib/krb5/copy_host_realm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: copy_host_realm.c,v 1.3 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: copy_host_realm.c,v 1.4 2001/05/14 06:14:45 assar Exp $");
 
 /*
  * Copy the list of realms from `from' to `to'.
@@ -51,14 +51,17 @@ krb5_copy_host_realm(krb5_context context,
 	++n;
     ++n;
     *to = malloc (n * sizeof(**to));
-    if (*to == NULL)
+    if (*to == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     for (i = 0; i < n; ++i)
 	(*to)[i] = NULL;
     for (i = 0, p = from; *p != NULL; ++p, ++i) {
 	(*to)[i] = strdup(*p);
 	if ((*to)[i] == NULL) {
 	    krb5_free_host_realm (context, *to);
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
 	}
     }
diff --git a/crypto/heimdal/lib/krb5/creds.c b/crypto/heimdal/lib/krb5/creds.c
index 7051168..01c1c30 100644
--- a/crypto/heimdal/lib/krb5/creds.c
+++ b/crypto/heimdal/lib/krb5/creds.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: creds.c,v 1.14 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: creds.c,v 1.15 2001/05/14 06:14:45 assar Exp $");
 
 krb5_error_code
 krb5_free_cred_contents (krb5_context context, krb5_creds *c)
@@ -108,8 +108,10 @@ krb5_copy_creds (krb5_context context,
     krb5_creds *c;
 
     c = malloc (sizeof (*c));
-    if (c == NULL)
+    if (c == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memset (c, 0, sizeof(*c));
     *outcred = c;
     return krb5_copy_creds_contents (context, incred, c);
diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c
index 21191e2..c6a5d75 100644
--- a/crypto/heimdal/lib/krb5/data.c
+++ b/crypto/heimdal/lib/krb5/data.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: data.c,v 1.15 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: data.c,v 1.16 2001/05/14 06:14:46 assar Exp $");
 
 void
 krb5_data_zero(krb5_data *p)
@@ -100,10 +100,14 @@ krb5_copy_data(krb5_context context,
 {
     krb5_error_code ret;
     ALLOC(*outdata, 1);
-    if(*outdata == NULL)
+    if(*outdata == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ret = copy_octet_string(indata, *outdata);
-    if(ret)
+    if(ret) {
+	krb5_clear_error_string (context);
 	free(*outdata);
+    }
     return ret;
 }
diff --git a/crypto/heimdal/lib/krb5/derived-key-test.c b/crypto/heimdal/lib/krb5/derived-key-test.c
new file mode 100644
index 0000000..0a47dd3
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/derived-key-test.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: derived-key-test.c,v 1.1 2001/03/12 07:44:52 assar Exp $");
+
+enum { MAXSIZE = 24 };
+
+static struct testcase {
+    krb5_enctype enctype;
+    unsigned char constant[MAXSIZE];
+    size_t constant_len;
+    unsigned char key[MAXSIZE];
+    unsigned char res[MAXSIZE];
+} tests[] = {
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+    {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92},
+    {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+     {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2},
+     {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+     {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc},
+     {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+     {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5},
+     {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}},
+    {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
+     {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb},
+     {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}},
+    {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7,
+     {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e},
+     {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+     {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda},
+     {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+     {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c},
+     {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+     {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43},
+     {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}},
+    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+     {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16},
+     {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}},
+    {0}
+};
+
+int
+main(int argc, char **argv)
+{
+    struct testcase *t;
+    krb5_context context;
+    krb5_error_code ret;
+    int val = 0;
+
+    ret = krb5_init_context (&context);
+    if (ret)
+	errx (1, "krb5_init_context failed: %d", ret);
+
+    for (t = tests; t->enctype != 0; ++t) {
+	krb5_keyblock key;
+	krb5_keyblock *dkey;
+
+	key.keytype = KEYTYPE_DES3;
+	key.keyvalue.length = MAXSIZE;
+	key.keyvalue.data   = t->key;
+
+	ret = krb5_derive_key(context, &key, t->enctype, t->constant,
+			      t->constant_len, &dkey);
+	if (ret)
+	    krb5_err (context, 1, ret, "krb5_derive_key");
+	if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) {
+	    const unsigned char *p = dkey->keyvalue.data;
+	    int i;
+
+	    printf ("derive_key failed\n");
+	    printf ("should be: ");
+	    for (i = 0; i < dkey->keyvalue.length; ++i)
+		printf ("%02x", t->res[i]);
+	    printf ("\nresult was: ");
+	    for (i = 0; i < dkey->keyvalue.length; ++i)
+		printf ("%02x", p[i]);
+	    printf ("\n");
+	    val = 1;
+	}
+    }
+    return val;
+}
diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
index b9272dd..924be7c 100644
--- a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
+++ b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,10 +33,16 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: eai_to_heim_errno.c,v 1.1 2000/07/08 13:03:36 joda Exp $");
+RCSID("$Id: eai_to_heim_errno.c,v 1.3 2001/05/14 22:48:33 assar Exp $");
+
+/*
+ * convert the getaddrinfo error code in `eai_errno' into a
+ * krb5_error_code. `system_error' should have the value of the errno
+ * after the failed call.
+ */
 
 krb5_error_code
-krb5_eai_to_heim_errno(int eai_errno)
+krb5_eai_to_heim_errno(int eai_errno, int system_error)
 {
     switch(eai_errno) {
     case EAI_NOERROR:
@@ -62,7 +68,26 @@ krb5_eai_to_heim_errno(int eai_errno)
     case EAI_SOCKTYPE:
 	return HEIM_EAI_SOCKTYPE;
     case EAI_SYSTEM:
-	return errno;
+	return system_error;
+    default:
+	return HEIM_EAI_UNKNOWN; /* XXX */
+    }
+}
+
+krb5_error_code
+krb5_h_errno_to_heim_errno(int eai_errno)
+{
+    switch(eai_errno) {
+    case 0:
+	return 0;
+    case HOST_NOT_FOUND:
+	return HEIM_EAI_NONAME;
+    case TRY_AGAIN:
+	return HEIM_EAI_AGAIN;
+    case NO_RECOVERY:
+	return HEIM_EAI_FAIL;
+    case NO_DATA:
+	return HEIM_EAI_NONAME;
     default:
 	return HEIM_EAI_UNKNOWN; /* XXX */
     }
diff --git a/crypto/heimdal/lib/krb5/error_string.c b/crypto/heimdal/lib/krb5/error_string.c
new file mode 100644
index 0000000..bf73448
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/error_string.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: error_string.c,v 1.1 2001/05/06 23:07:22 assar Exp $");
+
+#undef __attribute__
+#define __attribute__(X)
+
+void
+krb5_free_error_string(krb5_context context, char *str)
+{
+    if (str != context->error_buf)
+	free(str);
+}
+
+void
+krb5_clear_error_string(krb5_context context)
+{
+    if (context->error_string != NULL
+	&& context->error_string != context->error_buf)
+	free(context->error_string);
+    context->error_string = NULL;
+}
+
+krb5_error_code
+krb5_set_error_string(krb5_context context, const char *fmt, ...)
+    __attribute__((format (printf, 2, 3)))
+{
+    krb5_error_code ret;
+    va_list ap;
+
+    va_start(ap, fmt);
+    ret = krb5_vset_error_string (context, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+krb5_error_code
+krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
+    __attribute__ ((format (printf, 2, 0)))
+{
+    krb5_clear_error_string(context);
+    vasprintf(&context->error_string, fmt, args);
+    if(context->error_string == NULL) {
+	vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args);
+	context->error_string = context->error_buf;
+    }
+    return 0;
+}
+
+char*
+krb5_get_error_string(krb5_context context)
+{
+    char *ret = context->error_string;
+    context->error_string = NULL;
+    return ret;
+}
+
+krb5_boolean
+krb5_have_error_string(krb5_context context)
+{
+    return context->error_string != NULL;
+}
diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c
index 72c5718..848c8ab 100644
--- a/crypto/heimdal/lib/krb5/expand_hostname.c
+++ b/crypto/heimdal/lib/krb5/expand_hostname.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: expand_hostname.c,v 1.9 2000/02/23 03:12:07 assar Exp $");
+RCSID("$Id: expand_hostname.c,v 1.10 2001/05/14 06:14:46 assar Exp $");
 
 static krb5_error_code
 copy_hostname(krb5_context context,
@@ -41,8 +41,10 @@ copy_hostname(krb5_context context,
 	      char **new_hostname)
 {
     *new_hostname = strdup (orig_hostname);
-    if (*new_hostname == NULL)
+    if (*new_hostname == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     strlwr (*new_hostname);
     return 0;
 }
@@ -70,10 +72,12 @@ krb5_expand_hostname (krb5_context context,
 	if (a->ai_canonname != NULL) {
 	    *new_hostname = strdup (a->ai_canonname);
 	    freeaddrinfo (ai);
-	    if (*new_hostname == NULL)
+	    if (*new_hostname == NULL) {
+		krb5_set_error_string(context, "malloc: out of memory");
 		return ENOMEM;
-	    else
+	    } else {
 		return 0;
+	    }
 	}
     }
     freeaddrinfo (ai);
diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c
index fbdb3a1..317f702 100644
--- a/crypto/heimdal/lib/krb5/fcache.c
+++ b/crypto/heimdal/lib/krb5/fcache.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: fcache.c,v 1.31 2000/12/05 09:15:10 joda Exp $");
+RCSID("$Id: fcache.c,v 1.33 2001/05/14 06:14:46 assar Exp $");
 
 typedef struct krb5_fcache{
     char *filename;
@@ -70,11 +70,14 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
 {
     krb5_fcache *f;
     f = malloc(sizeof(*f));
-    if(f == NULL)
+    if(f == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
     f->filename = strdup(res);
     if(f->filename == NULL){
 	free(f);
+	krb5_set_error_string(context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
     }
     f->version = 0;
@@ -171,18 +174,23 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
     krb5_fcache *f;
     int fd;
     char *file;
+
     f = malloc(sizeof(*f));
-    if(f == NULL)
+    if(f == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
     asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
     if(file == NULL) {
 	free(f);
+	krb5_set_error_string(context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
     }
     fd = mkstemp(file);
     if(fd < 0) {
 	free(f);
 	free(file);
+	krb5_set_error_string(context, "mkstemp %s", file);
 	return errno;
     }
     close(fd);
@@ -231,8 +239,12 @@ fcc_initialize(krb5_context context,
     unlink (filename);
   
     fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-    if(fd == -1)
-	return errno;
+    if(fd == -1) {
+	ret = errno;
+	krb5_set_error_string(context, "open(%s): %s", filename,
+			      strerror(ret));
+	return ret;
+    }
     {
 	krb5_storage *sp;    
 	sp = krb5_storage_from_fd(fd);
@@ -259,8 +271,11 @@ fcc_initialize(krb5_context context,
 	krb5_storage_free(sp);
     }
     if(close(fd) < 0)
-	if (ret == 0)
+	if (ret == 0) {
 	    ret = errno;
+	    krb5_set_error_string (context, "close %s: %s", filename,
+				   strerror(ret));
+	}
 	
     return ret;
 }
@@ -298,8 +313,11 @@ fcc_store_cred(krb5_context context,
     f = FILENAME(id);
 
     fd = open(f, O_WRONLY | O_APPEND | O_BINARY);
-    if(fd < 0)
-	return errno;
+    if(fd < 0) {
+	ret = errno;
+	krb5_set_error_string (context, "open(%s): %s", f, strerror(ret));
+	return ret;
+    }
     {
 	krb5_storage *sp;
 	sp = krb5_storage_from_fd(fd);
@@ -308,8 +326,10 @@ fcc_store_cred(krb5_context context,
 	krb5_storage_free(sp);
     }
     if (close(fd) < 0)
-	if (ret == 0)
+	if (ret == 0) {
 	    ret = errno;
+	    krb5_set_error_string (context, "close %s: %s", f, strerror(ret));
+	}
     return ret;
 }
 
@@ -339,12 +359,18 @@ init_fcc (krb5_context context,
     krb5_error_code ret;
 
     fd = open(fcache->filename, O_RDONLY | O_BINARY);
-    if(fd < 0)
-	return errno;
+    if(fd < 0) {
+	ret = errno;
+	krb5_set_error_string(context, "open(%s): %s", fcache->filename,
+			      strerror(ret));
+	return ret;
+    }
     sp = krb5_storage_from_fd(fd);
     ret = krb5_ret_int8(sp, &pvno);
-    if(ret == KRB5_CC_END)
+    if(ret == KRB5_CC_END) {
+
 	return ENOENT;
+    }
     if(ret)
 	return ret;
     if(pvno != 5) {
diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c
index 3ebe562..795c3f3 100644
--- a/crypto/heimdal/lib/krb5/generate_seq_number.c
+++ b/crypto/heimdal/lib/krb5/generate_seq_number.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: generate_seq_number.c,v 1.7 2000/04/08 21:20:45 assar Exp $");
+RCSID("$Id: generate_seq_number.c,v 1.8 2001/05/08 14:05:37 assar Exp $");
 
 krb5_error_code
 krb5_generate_seq_number(krb5_context context,
@@ -57,6 +57,6 @@ krb5_generate_seq_number(krb5_context context,
 	q = (q << 8) | *p;
     q &= 0xffffffff;
     *seqno = q;
-    krb5_free_keyblock_contents (context, subkey);
+    krb5_free_keyblock (context, subkey);
     return 0;
 }
diff --git a/crypto/heimdal/lib/krb5/generate_subkey.c b/crypto/heimdal/lib/krb5/generate_subkey.c
index a5b2e9e..3fb22f9 100644
--- a/crypto/heimdal/lib/krb5/generate_subkey.c
+++ b/crypto/heimdal/lib/krb5/generate_subkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: generate_subkey.c,v 1.7 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: generate_subkey.c,v 1.8 2001/05/14 06:14:46 assar Exp $");
 
 krb5_error_code
 krb5_generate_subkey(krb5_context context,
@@ -43,8 +43,10 @@ krb5_generate_subkey(krb5_context context,
     krb5_error_code ret;
 
     ALLOC(*subkey, 1);
-    if (*subkey == NULL)
+    if (*subkey == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ret = krb5_generate_random_keyblock(context, key->keytype, *subkey);
     if(ret)
 	free(*subkey);
diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c
index 7b9d74c..c05569f 100644
--- a/crypto/heimdal/lib/krb5/get_addrs.c
+++ b/crypto/heimdal/lib/krb5/get_addrs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: get_addrs.c,v 1.40 2000/12/10 20:07:05 assar Exp $");
+RCSID("$Id: get_addrs.c,v 1.41 2001/05/14 06:14:46 assar Exp $");
 
 #ifdef __osf__
 /* hate */
@@ -46,30 +46,39 @@ struct mbuf;
 #include <ifaddrs.h>
 
 static krb5_error_code
-gethostname_fallback (krb5_addresses *res)
+gethostname_fallback (krb5_context context, krb5_addresses *res)
 {
-    krb5_error_code err;
+    krb5_error_code ret;
     char hostname[MAXHOSTNAMELEN];
     struct hostent *hostent;
 
-    if (gethostname (hostname, sizeof(hostname)))
-	return errno;
+    if (gethostname (hostname, sizeof(hostname))) {
+	ret = errno;
+	krb5_set_error_string (context, "gethostname: %s", strerror(ret));
+	return ret;
+    }
     hostent = roken_gethostbyname (hostname);
-    if (hostent == NULL)
-	return errno;
+    if (hostent == NULL) {
+	ret = errno;
+	krb5_set_error_string (context, "gethostbyname %s: %s",
+			       hostname, strerror(ret));
+	return ret;
+    }
     res->len = 1;
     res->val = malloc (sizeof(*res->val));
-    if (res->val == NULL)
+    if (res->val == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     res->val[0].addr_type = hostent->h_addrtype;
     res->val[0].address.data = NULL;
     res->val[0].address.length = 0;
-    err = krb5_data_copy (&res->val[0].address,
+    ret = krb5_data_copy (&res->val[0].address,
 			  hostent->h_addr,
 			  hostent->h_length);
-    if (err) {
+    if (ret) {
 	free (res->val);
-	return err;
+	return ret;
     }
     return 0;
 }
@@ -96,8 +105,11 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
 
     res->val = NULL;
 
-    if (getifaddrs(&ifa0) == -1)
-	return (errno);
+    if (getifaddrs(&ifa0) == -1) {
+	ret = errno;
+	krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
+	return (ret);
+    }
 
     memset(&sa_zero, 0, sizeof(sa_zero));
 
@@ -107,6 +119,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
 
     if (num == 0) {
 	freeifaddrs(ifa0);
+	krb5_set_error_string(context, "no addresses found");
 	return (ENXIO);
     }
 
@@ -114,6 +127,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
     res->val = calloc(num, sizeof(*res->val));
     if (res->val == NULL) {
 	freeifaddrs(ifa0);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return (ENOMEM);
     }
 
@@ -132,7 +146,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
 		continue;
 	}
 
-	ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]);
+	ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
 	if (ret) {
 	    /*
 	     * The most likely error here is going to be "Program
@@ -159,7 +173,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
 		continue;
 
 	    if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-		ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]);
+		ret = krb5_sockaddr2address(context,
+					    ifa->ifa_addr, &res->val[idx]);
 		if (ret) {
 		    /*
 		     * See comment above.
@@ -187,7 +202,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
     if (flags & SCAN_INTERFACES) {
 	ret = find_all_addresses (context, res, flags);
 	if(ret || res->len == 0)
-	    ret = gethostname_fallback (res);
+	    ret = gethostname_fallback (context, res);
     } else
 	ret = 0;
 
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c
index e649cfe..2af940c 100644
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ b/crypto/heimdal/lib/krb5/get_cred.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: get_cred.c,v 1.82 2001/01/19 04:29:44 assar Exp $");
+RCSID("$Id: get_cred.c,v 1.85 2001/05/14 06:14:46 assar Exp $");
 
 /*
  * Take the `body' and encode it into `padata' using the credentials
@@ -45,7 +45,8 @@ make_pa_tgs_req(krb5_context context,
 		krb5_auth_context ac,
 		KDC_REQ_BODY *body,
 		PA_DATA *padata,
-		krb5_creds *creds)
+		krb5_creds *creds,
+		krb5_key_usage usage)
 {
     u_char *buf;
     size_t buf_size;
@@ -55,8 +56,10 @@ make_pa_tgs_req(krb5_context context,
 
     buf_size = 1024;
     buf = malloc (buf_size);
-    if (buf == NULL)
+    if (buf == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     do {
 	ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size,
@@ -68,6 +71,7 @@ make_pa_tgs_req(krb5_context context,
 		buf_size *= 2;
 		tmp = realloc (buf, buf_size);
 		if (tmp == NULL) {
+		    krb5_set_error_string(context, "malloc: out of memory");
 		    ret = ENOMEM;
 		    goto out;
 		}
@@ -83,7 +87,8 @@ make_pa_tgs_req(krb5_context context,
     ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
 			       &padata->padata_value,
 			       KRB5_KU_TGS_REQ_AUTH_CKSUM,
-			       KRB5_KU_TGS_REQ_AUTH);
+			       usage
+			       /* KRB5_KU_TGS_REQ_AUTH */);
 out:
     free (buf);
     if(ret)
@@ -110,8 +115,10 @@ set_auth_data (krb5_context context,
 
 	len = length_AuthorizationData(authdata);
 	buf = malloc(len);
-	if (buf == NULL)
+	if (buf == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
+	}
 	ret = encode_AuthorizationData(buf + len - 1,
 				       len, authdata, &len);
 	if (ret) {
@@ -122,7 +129,8 @@ set_auth_data (krb5_context context,
 	ALLOC(req_body->enc_authorization_data, 1);
 	if (req_body->enc_authorization_data == NULL) {
 	    free (buf);
-	    return ret;
+	    krb5_set_error_string(context, "malloc: out of memory");
+	    return ENOMEM;
 	}
 	ret = krb5_crypto_init(context, key, 0, &crypto);
 	if (ret) {
@@ -162,7 +170,8 @@ init_tgs_req (krb5_context context,
 	      krb5_creds *krbtgt,
 	      unsigned nonce,
 	      krb5_keyblock **subkey,
-	      TGS_REQ *t)
+	      TGS_REQ *t,
+	      krb5_key_usage usage)
 {
     krb5_error_code ret;
 
@@ -190,6 +199,7 @@ init_tgs_req (krb5_context context,
     ALLOC(t->req_body.sname, 1);
     if (t->req_body.sname == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto fail;
     }
 
@@ -205,6 +215,7 @@ init_tgs_req (krb5_context context,
     ALLOC(t->req_body.till, 1);
     if(t->req_body.till == NULL){
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto fail;
     }
     *t->req_body.till = in_creds->times.endtime;
@@ -214,11 +225,13 @@ init_tgs_req (krb5_context context,
 	ALLOC(t->req_body.additional_tickets, 1);
 	if (t->req_body.additional_tickets == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 	ALLOC_SEQ(t->req_body.additional_tickets, 1);
 	if (t->req_body.additional_tickets->val == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 	ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); 
@@ -228,11 +241,13 @@ init_tgs_req (krb5_context context,
     ALLOC(t->padata, 1);
     if (t->padata == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto fail;
     }
     ALLOC_SEQ(t->padata, 1);
     if (t->padata->val == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto fail;
     }
 
@@ -266,7 +281,8 @@ init_tgs_req (krb5_context context,
 			      ac,
 			      &t->req_body, 
 			      t->padata->val,
-			      krbtgt);
+			      krbtgt,
+			      usage);
 	if(ret) {
 	    krb5_free_keyblock (context, key);
 	    krb5_auth_con_free(context, ac);
@@ -366,13 +382,14 @@ decrypt_tkt_with_subkey (krb5_context context,
 }
 
 static krb5_error_code
-get_cred_kdc(krb5_context context, 
-	     krb5_ccache id, 
-	     krb5_kdc_flags flags,
-	     krb5_addresses *addresses, 
-	     krb5_creds *in_creds, 
-	     krb5_creds *krbtgt,
-	     krb5_creds *out_creds)
+get_cred_kdc_usage(krb5_context context, 
+		   krb5_ccache id, 
+		   krb5_kdc_flags flags,
+		   krb5_addresses *addresses, 
+		   krb5_creds *in_creds, 
+		   krb5_creds *krbtgt,
+		   krb5_creds *out_creds,
+		   krb5_key_usage usage)
 {
     TGS_REQ req;
     krb5_data enc;
@@ -407,7 +424,8 @@ get_cred_kdc(krb5_context context,
 			krbtgt,
 			nonce,
 			&subkey, 
-			&req);
+			&req,
+			usage);
     if(flags.b.enc_tkt_in_skey)
 	free_Ticket(&second_ticket);
     if (ret)
@@ -416,6 +434,7 @@ get_cred_kdc(krb5_context context,
     buf_size = 1024;
     buf = malloc (buf_size);
     if (buf == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto out;
     }
@@ -430,6 +449,7 @@ get_cred_kdc(krb5_context context,
 		buf_size *= 2;
 		tmp = realloc (buf, buf_size);
 		if (tmp == NULL) {
+		    krb5_set_error_string(context, "malloc: out of memory");
 		    ret = ENOMEM;
 		    goto out;
 		}
@@ -487,13 +507,16 @@ get_cred_kdc(krb5_context context,
 	krb5_free_kdc_rep(context, &rep);
 	if (ret)
 	    goto out;
-    }else if(krb5_rd_error(context, &resp, &error) == 0){
-	ret = error.error_code;
-	free_KRB_ERROR(&error);
-    }else if(resp.data && ((char*)resp.data)[0] == 4)
+    } else if(krb5_rd_error(context, &resp, &error) == 0) {
+	ret = krb5_error_from_rd_error(context, &error, in_creds);
+	krb5_free_error_contents(context, &error);
+    } else if(resp.data && ((char*)resp.data)[0] == 4) {
 	ret = KRB5KRB_AP_ERR_V4_REPLY;
-    else
+	krb5_clear_error_string(context);
+    } else {
 	ret = KRB5KRB_AP_ERR_MSG_TYPE;
+	krb5_clear_error_string(context);
+    }
     krb5_data_free(&resp);
 out:
     if(subkey){
@@ -506,6 +529,27 @@ out:
     
 }
 
+static krb5_error_code
+get_cred_kdc(krb5_context context, 
+	     krb5_ccache id, 
+	     krb5_kdc_flags flags,
+	     krb5_addresses *addresses, 
+	     krb5_creds *in_creds, 
+	     krb5_creds *krbtgt,
+	     krb5_creds *out_creds)
+{
+    krb5_error_code ret;
+
+    ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
+			     krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH);
+    if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+	krb5_clear_error_string (context);
+	ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
+				 krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH);
+    }
+    return ret;
+}
+
 /* same as above, just get local addresses first */
 
 static krb5_error_code
@@ -535,9 +579,12 @@ krb5_get_kdc_cred(krb5_context context,
 {
     krb5_error_code ret;
     krb5_creds *krbtgt;
+
     *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL)
+    if(*out_creds == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ret = get_krbtgt (context,
 		      id,
 		      in_creds->server->realm,
@@ -577,6 +624,7 @@ find_cred(krb5_context context,
 	}
 	tgts++;
     }
+    krb5_clear_error_string(context);
     return KRB5_CC_NOTFOUND;
 }
 
@@ -586,10 +634,13 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
     int i;
     krb5_error_code ret;
     krb5_creds **tmp = *tgts;
+
     for(i = 0; tmp && tmp[i]; i++); /* XXX */
     tmp = realloc(tmp, (i+2)*sizeof(*tmp));
-    if(tmp == NULL)
+    if(tmp == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     *tgts = tmp;
     ret = krb5_copy_creds(context, tkt, &tmp[i]);
     tmp[i+1] = NULL;
@@ -654,9 +705,10 @@ get_cred_from_kdc_flags(krb5_context context,
 			*ret_tgts, &tgts);
 	if(ret == 0){
 	    *out_creds = calloc(1, sizeof(**out_creds));
-	    if(*out_creds == NULL)
+	    if(*out_creds == NULL) {
+		krb5_set_error_string(context, "malloc: out of memory");
 		ret = ENOMEM;
-	    else {
+	    } else {
 		ret = get_cred_kdc_la(context, ccache, flags, 
 				      in_creds, &tgts, *out_creds);
 		if (ret) {
@@ -670,8 +722,10 @@ get_cred_from_kdc_flags(krb5_context context,
 	    return ret;
 	}
     }
-    if(krb5_realm_compare(context, in_creds->client, in_creds->server))
+    if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
+	krb5_clear_error_string (context);
 	return KRB5_CC_NOTFOUND;
+    }
     /* XXX this can loop forever */
     while(1){
 	general_string tgt_inst;
@@ -711,9 +765,10 @@ get_cred_from_kdc_flags(krb5_context context,
     krb5_free_principal(context, tmp_creds.server);
     krb5_free_principal(context, tmp_creds.client);
     *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL)
+    if(*out_creds == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	ret = ENOMEM;
-    else {
+    } else {
 	ret = get_cred_kdc_la(context, ccache, flags, 
 				      in_creds, tgt, *out_creds);
 	if (ret) {
@@ -726,16 +781,28 @@ get_cred_from_kdc_flags(krb5_context context,
 }
 
 krb5_error_code
+krb5_get_cred_from_kdc_opt(krb5_context context,
+			   krb5_ccache ccache,
+			   krb5_creds *in_creds,
+			   krb5_creds **out_creds,
+			   krb5_creds ***ret_tgts,
+			   krb5_flags flags)
+{
+    krb5_kdc_flags f;
+    f.i = flags;
+    return get_cred_from_kdc_flags(context, f, ccache, 
+				   in_creds, out_creds, ret_tgts);
+}
+
+krb5_error_code
 krb5_get_cred_from_kdc(krb5_context context,
 		       krb5_ccache ccache,
 		       krb5_creds *in_creds,
 		       krb5_creds **out_creds,
 		       krb5_creds ***ret_tgts)
 {
-    krb5_kdc_flags f;
-    f.i = 0;
-    return get_cred_from_kdc_flags(context, f, ccache, 
-				   in_creds, out_creds, ret_tgts);
+    return krb5_get_cred_from_kdc_opt(context, ccache, 
+				      in_creds, out_creds, ret_tgts, 0);
 }
      
 
@@ -754,8 +821,10 @@ krb5_get_credentials_with_flags(krb5_context context,
     
     *out_creds = NULL;
     res_creds = calloc(1, sizeof(*res_creds));
-    if (res_creds == NULL)
+    if (res_creds == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     ret = krb5_cc_retrieve_cred(context,
 				ccache,
@@ -769,8 +838,10 @@ krb5_get_credentials_with_flags(krb5_context context,
     free(res_creds);
     if(ret != KRB5_CC_END)
 	return ret;
-    if(options & KRB5_GC_CACHED)
+    if(options & KRB5_GC_CACHED) {
+	krb5_clear_error_string (context);
 	return KRB5_CC_NOTFOUND;
+    }
     if(options & KRB5_GC_USER_USER)
 	flags.b.enc_tkt_in_skey = 1;
     tgts = NULL;
diff --git a/crypto/heimdal/lib/krb5/get_default_principal.c b/crypto/heimdal/lib/krb5/get_default_principal.c
index 84d7a5e..f8ed48f 100644
--- a/crypto/heimdal/lib/krb5/get_default_principal.c
+++ b/crypto/heimdal/lib/krb5/get_default_principal.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,12 +33,23 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: get_default_principal.c,v 1.5 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: get_default_principal.c,v 1.7 2001/05/14 06:14:46 assar Exp $");
 
 /*
  * Try to find out what's a reasonable default principal.
  */
 
+static const char*
+get_env_user(void)
+{
+    const char *user = getenv("USER");
+    if(user == NULL)
+	user = getenv("LOGNAME");
+    if(user == NULL)
+	user = getenv("USERNAME");
+    return user;
+}
+
 krb5_error_code
 krb5_get_default_principal (krb5_context context,
 			    krb5_principal *princ)
@@ -46,6 +57,7 @@ krb5_get_default_principal (krb5_context context,
     krb5_error_code ret;
     krb5_ccache id;
     const char *user;
+    uid_t uid;
 
     ret = krb5_cc_default (context, &id);
     if (ret == 0) {
@@ -55,13 +67,32 @@ krb5_get_default_principal (krb5_context context,
 	    return 0;
     }
 
-    user = get_default_username ();
-    if (user == NULL)
-	return ENOTTY;
-    if (getuid () == 0) {
-	ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
+
+    uid = getuid();    
+    if(uid == 0) {
+	user = getlogin();
+	if(user == NULL)
+	    user = get_env_user();
+	if(user != NULL && strcmp(user, "root") != 0)
+	    ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
+	else
+	    ret = krb5_make_principal(context, princ, NULL, "root", NULL);
     } else {
+	struct passwd *pw = getpwuid(uid);	
+	if(pw != NULL)
+	    user = pw->pw_name;
+	else {
+	    user = get_env_user();
+	    if(user == NULL)
+		user = getlogin();
+	}
+	if(user == NULL) {
+	    krb5_set_error_string(context,
+				  "unable to figure out current principal");
+	    return ENOTTY; /* XXX */
+	}
 	ret = krb5_make_principal(context, princ, NULL, user, NULL);
     }
+
     return ret;
 }
diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c
index 3f9b901..c090cea 100644
--- a/crypto/heimdal/lib/krb5/get_default_realm.c
+++ b/crypto/heimdal/lib/krb5/get_default_realm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: get_default_realm.c,v 1.8 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: get_default_realm.c,v 1.9 2001/05/14 06:14:47 assar Exp $");
 
 /*
  * Return a NULL-terminated list of default realms in `realms'.
@@ -73,8 +73,10 @@ krb5_get_default_realm(krb5_context context,
     }
 
     res = strdup (context->default_realms[0]);
-    if (res == NULL)
+    if (res == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     *realm = res;
     return 0;
 }
diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c
index 103b757..febd061 100644
--- a/crypto/heimdal/lib/krb5/get_for_creds.c
+++ b/crypto/heimdal/lib/krb5/get_for_creds.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: get_for_creds.c,v 1.27 2000/08/18 06:47:40 assar Exp $");
+RCSID("$Id: get_for_creds.c,v 1.29 2001/05/14 22:49:55 assar Exp $");
 
 static krb5_error_code
 add_addrs(krb5_context context,
@@ -53,6 +53,7 @@ add_addrs(krb5_context context,
     addr->len += n;
     tmp = realloc(addr->val, addr->len * sizeof(*addr->val));
     if (tmp == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto fail;
     }
@@ -62,10 +63,12 @@ add_addrs(krb5_context context,
 	krb5_data_zero(&addr->val[i].address);
     }
     for (a = ai; a != NULL; a = a->ai_next) {
-	ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i]);
+	ret = krb5_sockaddr2address (context, a->ai_addr, &addr->val[i]);
 	if (ret == 0)
 	    ++i;
-	else if (ret != KRB5_PROG_ATYPE_NOSUPP)
+	else if (ret == KRB5_PROG_ATYPE_NOSUPP)
+	    krb5_clear_error_string (context);
+	else
 	    goto fail;
     }
     addr->len = i;
@@ -138,13 +141,18 @@ krb5_get_forwarded_creds (krb5_context	    context,
     krb5_kdc_flags kdc_flags;
     krb5_crypto crypto;
     struct addrinfo *ai;
+    int save_errno;
 
     addrs.len = 0;
     addrs.val = NULL;
 
     ret = getaddrinfo (hostname, NULL, NULL, &ai);
-    if (ret)
-	return krb5_eai_to_heim_errno(ret);
+    if (ret) {
+	save_errno = errno;
+	krb5_set_error_string(context, "resolving %s: %s",
+			      hostname, gai_strerror(ret));
+	return krb5_eai_to_heim_errno(ret, save_errno);
+    }
 
     ret = add_addrs (context, &addrs, ai);
     freeaddrinfo (ai);
@@ -171,6 +179,7 @@ krb5_get_forwarded_creds (krb5_context	    context,
     ALLOC_SEQ(&cred.tickets, 1);
     if (cred.tickets.val == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto out2;
     }
     ret = decode_Ticket(out_creds->ticket.data,
@@ -183,6 +192,7 @@ krb5_get_forwarded_creds (krb5_context	    context,
     ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
     if (enc_krb_cred_part.ticket_info.val == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto out4;
     }
     
@@ -191,18 +201,21 @@ krb5_get_forwarded_creds (krb5_context	    context,
     ALLOC(enc_krb_cred_part.timestamp, 1);
     if (enc_krb_cred_part.timestamp == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto out4;
     }
     *enc_krb_cred_part.timestamp = sec;
     ALLOC(enc_krb_cred_part.usec, 1);
     if (enc_krb_cred_part.usec == NULL) {
  	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto out4;
     }
     *enc_krb_cred_part.usec      = usec;
 
     if (auth_context->local_address && auth_context->local_port) {
-	ret = krb5_make_addrport (&enc_krb_cred_part.s_address,
+	ret = krb5_make_addrport (context,
+				  &enc_krb_cred_part.s_address,
 				  auth_context->local_address,
 				  auth_context->local_port);
 	if (ret)
@@ -213,6 +226,7 @@ krb5_get_forwarded_creds (krb5_context	    context,
 	ALLOC(enc_krb_cred_part.r_address, 1);
 	if (enc_krb_cred_part.r_address == NULL) {
 	    ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	    goto out4;
 	}
 
@@ -288,8 +302,10 @@ krb5_get_forwarded_creds (krb5_context	    context,
 	return ret;
     out_data->length = len;
     out_data->data   = malloc(len);
-    if (out_data->data == NULL)
+    if (out_data->data == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memcpy (out_data->data, buf + sizeof(buf) - len, len);
     return 0;
 out4:
diff --git a/crypto/heimdal/lib/krb5/get_host_realm.c b/crypto/heimdal/lib/krb5/get_host_realm.c
index e8522cb..266072e 100644
--- a/crypto/heimdal/lib/krb5/get_host_realm.c
+++ b/crypto/heimdal/lib/krb5/get_host_realm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -34,7 +34,7 @@
 #include "krb5_locl.h"
 #include <resolve.h>
 
-RCSID("$Id: get_host_realm.c,v 1.25 1999/12/11 23:14:07 assar Exp $");
+RCSID("$Id: get_host_realm.c,v 1.28 2001/05/14 06:14:47 assar Exp $");
 
 /* To automagically find the correct realm of a host (without
  * [domain_realm] in krb5.conf) add a text record for your domain with
@@ -142,6 +142,7 @@ config_find_realm(krb5_context context,
 krb5_error_code
 krb5_get_host_realm_int (krb5_context context,
 			 const char *host,
+			 krb5_boolean use_dns,
 			 krb5_realm **realms)
 {
     const char *p;
@@ -149,27 +150,33 @@ krb5_get_host_realm_int (krb5_context context,
     for (p = host; p != NULL; p = strchr (p + 1, '.')) {
 	if(config_find_realm(context, p, realms) == 0)
 	    return 0;
-	else if(dns_find_realm(context, p, "krb5-realm", realms) == 0)
-	    return 0;
-	else if(dns_find_realm(context, p, "_kerberos", realms) == 0)
-	    return 0;
+	else if(use_dns) {
+	    if(dns_find_realm(context, p, "krb5-realm", realms) == 0)
+		return 0;
+	    if(dns_find_realm(context, p, "_kerberos", realms) == 0)
+		return 0;
+	}
     }
     p = strchr(host, '.');
     if(p != NULL) {
 	p++;
 	*realms = malloc(2 * sizeof(krb5_realm));
-	if (*realms == NULL)
+	if (*realms == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
+	}
 
 	(*realms)[0] = strdup(p);
 	if((*realms)[0] == NULL) {
 	    free(*realms);
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
 	}
 	strupr((*realms)[0]);
 	(*realms)[1] = NULL;
 	return 0;
     }
+    krb5_set_error_string(context, "unable to find realm of host %s", host);
     return KRB5_ERR_HOST_REALM_UNKNOWN;
 }
 
@@ -190,5 +197,5 @@ krb5_get_host_realm(krb5_context context,
 	host = hostname;
     }
 
-    return krb5_get_host_realm_int (context, host, realms);
+    return krb5_get_host_realm_int (context, host, 1, realms);
 }
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c
index 84afe5e..bb023b1 100644
--- a/crypto/heimdal/lib/krb5/get_in_tkt.c
+++ b/crypto/heimdal/lib/krb5/get_in_tkt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: get_in_tkt.c,v 1.97 2000/08/18 06:47:54 assar Exp $");
+RCSID("$Id: get_in_tkt.c,v 1.100 2001/05/14 06:14:48 assar Exp $");
 
 krb5_error_code
 krb5_init_etype (krb5_context context,
@@ -61,6 +61,7 @@ krb5_init_etype (krb5_context context,
     *val = malloc(i * sizeof(int));
     if (i != 0 && *val == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto cleanup;
     }
     memmove (*val,
@@ -148,6 +149,7 @@ _krb5_extract_ticket(krb5_context context,
 	tmp = krb5_principal_compare (context, tmp_principal, creds->client);
 	if (!tmp) {
 	    krb5_free_principal (context, tmp_principal);
+	    krb5_clear_error_string (context);
 	    ret = KRB5KRB_AP_ERR_MODIFIED;
 	    goto out;
 	}
@@ -163,6 +165,7 @@ _krb5_extract_ticket(krb5_context context,
 	len = length_Ticket(&rep->kdc_rep.ticket);
 	buf = malloc(len);
 	if(buf == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    ret = ENOMEM;
 	    goto out;
 	}
@@ -189,6 +192,7 @@ _krb5_extract_ticket(krb5_context context,
 	krb5_free_principal (context, tmp_principal);
 	if (!tmp) {
 	    ret = KRB5KRB_AP_ERR_MODIFIED;
+	    krb5_clear_error_string (context);
 	    goto out;
 	}
     }
@@ -213,6 +217,7 @@ _krb5_extract_ticket(krb5_context context,
 
     if (nonce != rep->enc_part.nonce) {
 	ret = KRB5KRB_AP_ERR_MODIFIED;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto out;
     }
 
@@ -238,11 +243,16 @@ _krb5_extract_ticket(krb5_context context,
     if (creds->times.starttime == 0
 	&& abs(tmp_time - sec_now) > context->max_skew) {
 	ret = KRB5KRB_AP_ERR_SKEW;
+	krb5_set_error_string (context,
+			       "time skew (%d) larger than max (%d)",
+			       abs(tmp_time - sec_now),
+			       (int)context->max_skew);
 	goto out;
     }
 
     if (creds->times.starttime != 0
 	&& tmp_time != creds->times.starttime) {
+	krb5_clear_error_string (context);
 	ret = KRB5KRB_AP_ERR_MODIFIED;
 	goto out;
     }
@@ -256,6 +266,7 @@ _krb5_extract_ticket(krb5_context context,
 
     if (creds->times.renew_till != 0
 	&& tmp_time > creds->times.renew_till) {
+	krb5_clear_error_string (context);
 	ret = KRB5KRB_AP_ERR_MODIFIED;
 	goto out;
     }
@@ -266,6 +277,7 @@ _krb5_extract_ticket(krb5_context context,
 
     if (creds->times.endtime != 0
 	&& rep->enc_part.endtime > creds->times.endtime) {
+	krb5_clear_error_string (context);
 	ret = KRB5KRB_AP_ERR_MODIFIED;
 	goto out;
     }
@@ -380,8 +392,10 @@ add_padata(krb5_context context,
 	    netypes++;
     }
     pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
-    if (pa2 == NULL)
+    if (pa2 == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     md->val = pa2;
 
     for (i = 0; i < netypes; ++i) {
@@ -426,11 +440,13 @@ init_as_req (krb5_context context,
     a->req_body.cname = malloc(sizeof(*a->req_body.cname));
     if (a->req_body.cname == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto fail;
     }
     a->req_body.sname = malloc(sizeof(*a->req_body.sname));
     if (a->req_body.sname == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string(context, "malloc: out of memory");
 	goto fail;
     }
     ret = krb5_principal2principalname (a->req_body.cname, creds->client);
@@ -447,6 +463,7 @@ init_as_req (krb5_context context,
 	a->req_body.from = malloc(sizeof(*a->req_body.from));
 	if (a->req_body.from == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 	*a->req_body.from = creds->times.starttime;
@@ -459,6 +476,7 @@ init_as_req (krb5_context context,
 	a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
 	if (a->req_body.rtime == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 	*a->req_body.rtime = creds->times.renew_till;
@@ -481,6 +499,7 @@ init_as_req (krb5_context context,
 	a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
 	if (a->req_body.addresses == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 
@@ -500,6 +519,7 @@ init_as_req (krb5_context context,
 	ALLOC(a->padata, 1);
 	if(a->padata == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 	for(i = 0; i < preauth->len; i++) {
@@ -511,6 +531,7 @@ init_as_req (krb5_context context,
 				       sizeof(*a->padata->val));
 		if(tmp == NULL) {
 		    ret = ENOMEM;
+		    krb5_set_error_string(context, "malloc: out of memory");
 		    goto fail;
 		}
 		a->padata->val = tmp;
@@ -542,6 +563,7 @@ init_as_req (krb5_context context,
 	ALLOC(a->padata, 1);
 	if (a->padata == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    goto fail;
 	}
 	a->padata->len = 0;
@@ -559,6 +581,8 @@ init_as_req (krb5_context context,
 		   key_proc, keyseed, a->req_body.etype.val,
 		   a->req_body.etype.len, &salt);
     } else {
+	krb5_set_error_string (context, "pre-auth type %d not supported",
+			       *ptypes);
 	ret = KRB5_PREAUTH_BAD_TYPE;
 	goto fail;
     }
@@ -690,7 +714,7 @@ krb5_get_in_cred(krb5_context context,
 		ret = KRB5KRB_AP_ERR_V4_REPLY;
 	    krb5_data_free(&resp);
 	    if (ret2 == 0) {
-		ret = error.error_code;
+		ret = krb5_error_from_rd_error(context, &error, creds);
 		/* if no preauth was set and KDC requires it, give it
                    one more try */
 		if (!ptypes && !preauth
@@ -701,7 +725,7 @@ krb5_get_in_cred(krb5_context context,
 		    && set_ptypes(context, &error, &ptypes, &my_preauth)) {
 		    done = 0;
 		    preauth = my_preauth;
-		    free_KRB_ERROR(&error);
+		    krb5_free_error_contents(context, &error);
 		    continue;
 		}
 		if(ret_as_reply)
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
index 4fb8800..a4f5c80 100644
--- a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
+++ b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: get_in_tkt_pw.c,v 1.15 1999/12/02 17:05:10 joda Exp $");
+RCSID("$Id: get_in_tkt_pw.c,v 1.16 2001/05/14 06:14:48 assar Exp $");
 
 krb5_error_code
 krb5_password_key_proc (krb5_context context,
@@ -47,11 +47,14 @@ krb5_password_key_proc (krb5_context context,
     char buf[BUFSIZ];
      
     *key = malloc (sizeof (**key));
-    if (*key == NULL)
+    if (*key == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     if (password == NULL) {
 	if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
 	    free (*key);
+	    krb5_clear_error_string(context);
 	    return KRB5_LIBOS_PWDINTR;
 	}
 	password = buf;
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
index d78ef35..c5feee4 100644
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
+++ b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: get_in_tkt_with_keytab.c,v 1.5 1999/12/02 17:05:10 joda Exp $");
+RCSID("$Id: get_in_tkt_with_keytab.c,v 1.6 2001/05/14 06:14:48 assar Exp $");
 
 krb5_error_code
 krb5_keytab_key_proc (krb5_context context,
@@ -82,8 +82,10 @@ krb5_get_in_tkt_with_keytab (krb5_context context,
     krb5_keytab_key_proc_args *a;
 
     a = malloc(sizeof(*a));
-    if (a == NULL)
+    if (a == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     a->principal = creds->client;
     a->keytab    = keytab;
diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c
index 8881d13..daa704f 100644
--- a/crypto/heimdal/lib/krb5/init_creds_pw.c
+++ b/crypto/heimdal/lib/krb5/init_creds_pw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: init_creds_pw.c,v 1.44 2000/07/24 03:46:40 assar Exp $");
+RCSID("$Id: init_creds_pw.c,v 1.47 2001/05/14 06:14:48 assar Exp $");
 
 static int
 get_config_time (krb5_context context,
@@ -175,13 +175,13 @@ print_expire (krb5_context context,
 			       7 * 24 * 60 * 60);
 
     for (i = 0; i < lr->len; ++i) {
-	if (lr->val[i].lr_type == 6
+	if (abs(lr->val[i].lr_type) == LR_PW_EXPTIME
 	    && lr->val[i].lr_value <= t) {
 	    char *p;
 	    time_t tmp = lr->val[i].lr_value;
 	    
 	    asprintf (&p, "Your password will expire at %s", ctime(&tmp));
-	    (*prompter) (context, data, p, 0, NULL);
+	    (*prompter) (context, data, NULL, p, 0, NULL);
 	    free (p);
 	    return;
 	}
@@ -193,7 +193,7 @@ print_expire (krb5_context context,
 	time_t t = *rep->enc_part.key_expiration;
 
 	asprintf (&p, "Your password/account will expire at %s", ctime(&t));
-	(*prompter) (context, data, p, 0, NULL);
+	(*prompter) (context, data, NULL, p, 0, NULL);
 	free (p);
     }
 }
@@ -213,6 +213,12 @@ get_init_creds_common(krb5_context context,
 {
     krb5_error_code ret;
     krb5_realm *client_realm;
+    krb5_get_init_creds_opt default_opt;
+
+    if (options == NULL) {
+	krb5_get_init_creds_opt_init (&default_opt);
+	options = &default_opt;
+    }
 
     ret = init_cred (context, cred, client, start_time,
 		     in_tkt_service, options);
@@ -246,8 +252,10 @@ get_init_creds_common(krb5_context context,
     if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
 	*etypes = malloc((options->etype_list_length + 1)
 			* sizeof(krb5_enctype));
-	if (*etypes == NULL)
+	if (*etypes == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
+	}
 	memcpy (*etypes, options->etype_list,
 		options->etype_list_length * sizeof(krb5_enctype));
 	(*etypes)[options->etype_list_length] = ETYPE_NULL;
@@ -255,8 +263,10 @@ get_init_creds_common(krb5_context context,
     if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
 	*pre_auth_types = malloc((options->preauth_list_length + 1)
 				 * sizeof(krb5_preauthtype));
-	if (*pre_auth_types == NULL)
+	if (*pre_auth_types == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
 	    return ENOMEM;
+	}
 	memcpy (*pre_auth_types, options->preauth_list,
 		options->preauth_list_length * sizeof(krb5_preauthtype));
 	(*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE;
@@ -278,7 +288,7 @@ change_password (krb5_context context,
 		 void *data,
 		 krb5_get_init_creds_opt *old_options)
 {
-    krb5_prompt prompt;
+    krb5_prompt prompts[2];
     krb5_error_code ret;
     krb5_creds cpw_cred;
     char buf1[BUFSIZ], buf2[BUFSIZ];
@@ -319,27 +329,31 @@ change_password (krb5_context context,
 	password_data.data   = buf1;
 	password_data.length = sizeof(buf1);
 
-	prompt.hidden = 1;
-	prompt.prompt = "New password: ";
-	prompt.reply  = &password_data;
-
-	ret = (*prompter) (context, data, "Changing password", 1, &prompt);
-	if (ret)
-	    goto out;
+	prompts[0].hidden = 1;
+	prompts[0].prompt = "New password: ";
+	prompts[0].reply  = &password_data;
+	prompts[0].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD;
 
 	password_data.data   = buf2;
 	password_data.length = sizeof(buf2);
 
-	prompt.hidden = 1;
-	prompt.prompt = "Repeat new password: ";
-	prompt.reply  = &password_data;
+	prompts[1].hidden = 1;
+	prompts[1].prompt = "Repeat new password: ";
+	prompts[1].reply  = &password_data;
+	prompts[1].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
 
-	ret = (*prompter) (context, data, "Changing password", 1, &prompt);
-	if (ret)
+	ret = (*prompter) (context, data, NULL, "Changing password",
+			   2, prompts);
+	if (ret) {
+	    memset (buf1, 0, sizeof(buf1));
+	    memset (buf2, 0, sizeof(buf2));
 	    goto out;
+	}
 
 	if (strcmp (buf1, buf2) == 0)
 	    break;
+	memset (buf1, 0, sizeof(buf1));
+	memset (buf2, 0, sizeof(buf2));
     }
     
     ret = krb5_change_password (context,
@@ -355,13 +369,15 @@ change_password (krb5_context context,
 	      (int)result_string.length,
 	      (char*)result_string.data);
 
-    ret = (*prompter) (context, data, p, 0, NULL);
+    ret = (*prompter) (context, data, NULL, p, 0, NULL);
     free (p);
     if (result_code == 0) {
 	strlcpy (newpw, buf1, newpw_sz);
 	ret = 0;
-    } else
+    } else {
+	krb5_set_error_string (context, "failed changing password");
 	ret = ENOTTY;
+    }
 
 out:
     memset (buf1, 0, sizeof(buf1));
@@ -412,12 +428,14 @@ krb5_get_init_creds_password(krb5_context context,
 	password_data.length = sizeof(buf);
 	prompt.hidden = 1;
 	prompt.reply  = &password_data;
+	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
 
-	ret = (*prompter) (context, data, NULL, 1, &prompt);
+	ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
 	free (prompt.prompt);
 	if (ret) {
 	    memset (buf, 0, sizeof(buf));
 	    ret = KRB5_LIBOS_PWDINTR;
+	    krb5_clear_error_string (context);
 	    goto out;
 	}
 	password = password_data.data;
@@ -445,6 +463,8 @@ krb5_get_init_creds_password(krb5_context context,
 	case KRB5KDC_ERR_KEY_EXPIRED :
 	    /* try to avoid recursion */
 
+	    krb5_clear_error_string (context);
+
 	    if (in_tkt_service != NULL
 		&& strcmp (in_tkt_service, "kadmin/changepw") == 0)
 		goto out;
@@ -522,6 +542,7 @@ krb5_get_init_creds_keytab(krb5_context context,
 
     a = malloc (sizeof(*a));
     if (a == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto out;
     }
diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8
index ac9d3d5..10f2dab 100644
--- a/crypto/heimdal/lib/krb5/kerberos.8
+++ b/crypto/heimdal/lib/krb5/kerberos.8
@@ -1,4 +1,4 @@
-.\" $Id: kerberos.8,v 1.1 2000/09/01 15:52:24 joda Exp $
+.\" $Id: kerberos.8,v 1.2 2001/05/02 08:59:23 assar Exp $
 .\"
 .Dd September 1, 2000
 .Dt KERBEROS 8
diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c
index 124d9bc..7eb7067 100644
--- a/crypto/heimdal/lib/krb5/keyblock.c
+++ b/crypto/heimdal/lib/krb5/keyblock.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: keyblock.c,v 1.11 2000/03/23 03:38:25 assar Exp $");
+RCSID("$Id: keyblock.c,v 1.12 2001/05/14 06:14:48 assar Exp $");
 
 void
 krb5_free_keyblock_contents(krb5_context context,
@@ -72,8 +72,10 @@ krb5_copy_keyblock (krb5_context context,
     krb5_keyblock *k;
 
     k = malloc (sizeof(*k));
-    if (k == NULL)
+    if (k == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     *to = k;
     return krb5_copy_keyblock_contents (context, inblock, k);
 }
diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c
index 36ef2f5..bde443a 100644
--- a/crypto/heimdal/lib/krb5/keytab.c
+++ b/crypto/heimdal/lib/krb5/keytab.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: keytab.c,v 1.46 2000/02/07 03:18:05 assar Exp $");
+RCSID("$Id: keytab.c,v 1.50 2001/05/14 06:14:48 assar Exp $");
 
 /*
  * Register a new keytab in `ops'
@@ -48,8 +48,10 @@ krb5_kt_register(krb5_context context,
 
     tmp = realloc(context->kt_types,
 		  (context->num_kt_types + 1) * sizeof(*context->kt_types));
-    if(tmp == NULL)
+    if(tmp == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memcpy(&tmp[context->num_kt_types], ops,
 	   sizeof(tmp[context->num_kt_types]));
     context->kt_types = tmp;
@@ -89,12 +91,17 @@ krb5_kt_resolve(krb5_context context,
 	if(strncmp(type, context->kt_types[i].prefix, type_len) == 0)
 	    break;
     }
-    if(i == context->num_kt_types)
+    if(i == context->num_kt_types) {
+	krb5_set_error_string(context, "unknown keytab type %.*s", 
+			      (int)type_len, type);
 	return KRB5_KT_UNKNOWN_TYPE;
+    }
     
     k = malloc (sizeof(*k));
-    if (k == NULL)
+    if (k == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memcpy(k, &context->kt_types[i], sizeof(*k));
     k->data = NULL;
     ret = (*k->resolve)(context, residual, k);
@@ -114,8 +121,25 @@ krb5_kt_resolve(krb5_context context,
 krb5_error_code
 krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
 {
-    if (strlcpy (name, context->default_keytab, namesize) >= namesize)
+    if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
+	krb5_clear_error_string (context);
 	return KRB5_CONFIG_NOTENUFSPACE;
+    }
+    return 0;
+}
+
+/*
+ * copy the name of the default modify keytab into `name'.
+ * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
+ */
+
+krb5_error_code
+krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
+{
+    if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) {
+	krb5_clear_error_string (context);
+	return KRB5_CONFIG_NOTENUFSPACE;
+    }
     return 0;
 }
 
@@ -261,10 +285,19 @@ krb5_kt_get_entry(krb5_context context,
 	krb5_kt_free_entry(context, &tmp);
     }
     krb5_kt_end_seq_get (context, id, &cursor);
-    if (entry->vno)
+    if (entry->vno) {
 	return 0;
-    else
+    } else {
+	char princ[256], kt_name[256];
+
+	krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
+	krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
+
+	krb5_set_error_string (context,
+ 			       "failed to find %s in keytab %s",
+			       princ, kt_name);
 	return KRB5_KT_NOTFOUND;
+    }
 }
 
 /*
@@ -339,8 +372,12 @@ krb5_kt_start_seq_get(krb5_context context,
 		      krb5_keytab id,
 		      krb5_kt_cursor *cursor)
 {
-    if(id->start_seq_get == NULL)
+    if(id->start_seq_get == NULL) {
+	krb5_set_error_string(context,
+			      "start_seq_get is not supported in the %s "
+			      " keytab", id->prefix);
 	return HEIM_ERR_OPNOTSUPP;
+    }
     return (*id->start_seq_get)(context, id, cursor);
 }
 
@@ -356,8 +393,12 @@ krb5_kt_next_entry(krb5_context context,
 		   krb5_keytab_entry *entry,
 		   krb5_kt_cursor *cursor)
 {
-    if(id->next_entry == NULL)
+    if(id->next_entry == NULL) {
+	krb5_set_error_string(context,
+			      "next_entry is not supported in the %s "
+			      " keytab", id->prefix);
 	return HEIM_ERR_OPNOTSUPP;
+    }
     return (*id->next_entry)(context, id, entry, cursor);
 }
 
@@ -370,8 +411,12 @@ krb5_kt_end_seq_get(krb5_context context,
 		    krb5_keytab id,
 		    krb5_kt_cursor *cursor)
 {
-    if(id->end_seq_get == NULL)
+    if(id->end_seq_get == NULL) {
+	krb5_set_error_string(context,
+			      "end_seq_get is not supported in the %s "
+			      " keytab", id->prefix);
 	return HEIM_ERR_OPNOTSUPP;
+    }
     return (*id->end_seq_get)(context, id, cursor);
 }
 
@@ -385,8 +430,11 @@ krb5_kt_add_entry(krb5_context context,
 		  krb5_keytab id,
 		  krb5_keytab_entry *entry)
 {
-    if(id->add == NULL)
+    if(id->add == NULL) {
+	krb5_set_error_string(context, "Add is not supported in the %s keytab",
+			      id->prefix);
 	return KRB5_KT_NOWRITE;
+    }
     entry->timestamp = time(NULL);
     return (*id->add)(context, id,entry);
 }
@@ -401,7 +449,11 @@ krb5_kt_remove_entry(krb5_context context,
 		     krb5_keytab id,
 		     krb5_keytab_entry *entry)
 {
-    if(id->remove == NULL)
+    if(id->remove == NULL) {
+	krb5_set_error_string(context,
+			      "Remove is not supported in the %s keytab",
+			      id->prefix);
 	return KRB5_KT_NOWRITE;
+    }
     return (*id->remove)(context, id, entry);
 }
diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c
new file mode 100644
index 0000000..490a8f3
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/keytab_any.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab_any.c,v 1.2 2001/05/14 06:14:48 assar Exp $");
+
+struct any_data {
+    krb5_keytab kt;
+    char *name;
+    struct any_data *next;
+};
+
+static void
+free_list (struct any_data *a)
+{
+    struct any_data *next;
+
+    for (; a != NULL; a = next) {
+	next = a->next;
+	free (a->name);
+	free (a);
+    }
+}
+
+static krb5_error_code
+any_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+    struct any_data *a, *a0 = NULL, *prev = NULL;
+    krb5_error_code ret;
+    char buf[256];
+
+    while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) {
+	a = malloc(sizeof(*a));
+	if (a == NULL) {
+	    ret = ENOMEM;
+	    goto fail;
+	}
+	if (a0 == NULL) {
+	    a0 = a;
+	    a->name = strdup(name);
+	    if (a->name == NULL) {
+		krb5_set_error_string(context, "malloc: out of memory");
+		ret = ENOMEM;
+		goto fail;
+	    }
+	} else
+	    a->name = NULL;
+	if (prev != NULL)
+	    prev->next = a;
+	a->next = NULL;
+	ret = krb5_kt_resolve (context, buf, &a->kt);
+	if (ret)
+	    goto fail;
+	prev = a;
+    }
+    if (a0 == NULL) {
+	krb5_set_error_string(context, "empty ANY: keytab");
+	return ENOENT;
+    }
+    id->data = a0;
+    return 0;
+ fail:
+    free_list (a0);
+    return ret;
+}
+
+static krb5_error_code
+any_get_name (krb5_context context,
+	      krb5_keytab id,
+	      char *name,
+	      size_t namesize)
+{
+    struct any_data *a = id->data;
+    strlcpy(name, a->name, namesize);
+    return 0;
+}
+
+static krb5_error_code
+any_close (krb5_context context,
+	   krb5_keytab id)
+{
+    struct any_data *a = id->data;
+
+    free_list (a);
+    return 0;
+}
+
+struct any_cursor_extra_data {
+    struct any_data *a;
+    krb5_kt_cursor cursor;
+};
+
+static krb5_error_code
+any_start_seq_get(krb5_context context, 
+		  krb5_keytab id, 
+		  krb5_kt_cursor *c)
+{
+    struct any_data *a = id->data;
+    struct any_cursor_extra_data *ed;
+    krb5_error_code ret;
+
+    c->data = malloc (sizeof(struct any_cursor_extra_data));
+    if(c->data == NULL){
+	krb5_set_error_string (context, "malloc: out of memory");
+	return ENOMEM;
+    }
+    ed = (struct any_cursor_extra_data *)c->data;
+    ed->a = a;
+    ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+    if (ret) {
+	free (ed);
+	free (c->data);
+	c->data = NULL;
+	krb5_set_error_string (context, "malloc: out of memory");
+	return ENOMEM;
+    }
+    return 0;
+}
+
+static krb5_error_code
+any_next_entry (krb5_context context,
+		krb5_keytab id,
+		krb5_keytab_entry *entry,
+		krb5_kt_cursor *cursor)
+{
+    krb5_error_code ret, ret2;
+    struct any_cursor_extra_data *ed;
+
+    ed = (struct any_cursor_extra_data *)cursor->data;
+    do {
+	ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
+	if (ret == 0)
+	    return 0;
+	else if (ret == KRB5_CC_END) {
+	    ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
+	    if (ret2)
+		return ret2;
+	    ed->a = ed->a->next;
+	    if (ed->a == NULL) {
+		krb5_clear_error_string (context);
+		return KRB5_CC_END;
+	    }
+	    ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+	    if (ret2)
+		return ret2;
+	} else
+	    return ret;
+    } while (ret == KRB5_CC_END);
+    return ret;
+}
+
+static krb5_error_code
+any_end_seq_get(krb5_context context,
+		krb5_keytab id,
+		krb5_kt_cursor *cursor)
+{
+    krb5_error_code ret = 0;
+    struct any_cursor_extra_data *ed;
+
+    ed = (struct any_cursor_extra_data *)cursor->data;
+    if (ed->a != NULL)
+	ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor);
+    free (ed);
+    cursor->data = NULL;
+    return ret;
+}
+
+const krb5_kt_ops krb5_any_ops = {
+    "ANY",
+    any_resolve,
+    any_get_name,
+    any_close,
+    NULL, /* get */
+    any_start_seq_get,
+    any_next_entry,
+    any_end_seq_get,
+    NULL, /* add_entry */
+    NULL  /* remote_entry */
+};
diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c
index c6c35e5..13b67c2 100644
--- a/crypto/heimdal/lib/krb5/keytab_file.c
+++ b/crypto/heimdal/lib/krb5/keytab_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: keytab_file.c,v 1.6 2000/01/02 00:20:22 assar Exp $");
+RCSID("$Id: keytab_file.c,v 1.8 2001/05/14 06:14:48 assar Exp $");
 
 #define KRB5_KT_VNO_1 1
 #define KRB5_KT_VNO_2 2
@@ -46,7 +46,8 @@ struct fkt_data {
 };
 
 static krb5_error_code
-krb5_kt_ret_data(krb5_storage *sp,
+krb5_kt_ret_data(krb5_context context,
+		 krb5_storage *sp,
 		 krb5_data *data)
 {
     int ret;
@@ -56,8 +57,10 @@ krb5_kt_ret_data(krb5_storage *sp,
 	return ret;
     data->length = size;
     data->data = malloc(size);
-    if (data->data == NULL)
+    if (data->data == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ret = sp->fetch(sp, data->data, size);
     if(ret != size)
 	return (ret < 0)? errno : KRB5_KT_END;
@@ -65,7 +68,8 @@ krb5_kt_ret_data(krb5_storage *sp,
 }
 
 static krb5_error_code
-krb5_kt_ret_string(krb5_storage *sp,
+krb5_kt_ret_string(krb5_context context,
+		   krb5_storage *sp,
 		   general_string *data)
 {
     int ret;
@@ -74,8 +78,10 @@ krb5_kt_ret_string(krb5_storage *sp,
     if(ret)
 	return ret;
     *data = malloc(size + 1);
-    if (*data == NULL)
+    if (*data == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ret = sp->fetch(sp, *data, size);
     (*data)[size] = '\0';
     if(ret != size)
@@ -84,7 +90,8 @@ krb5_kt_ret_string(krb5_storage *sp,
 }
 
 static krb5_error_code
-krb5_kt_store_data(krb5_storage *sp,
+krb5_kt_store_data(krb5_context context,
+		   krb5_storage *sp,
 		   krb5_data data)
 {
     int ret;
@@ -119,7 +126,7 @@ krb5_kt_store_string(krb5_storage *sp,
 }
 
 static krb5_error_code
-krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
+krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
 {
     int ret;
     int16_t tmp;
@@ -127,25 +134,27 @@ krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
     ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
     if(ret) return ret;
     p->keytype = tmp;
-    ret = krb5_kt_ret_data(sp, &p->keyvalue);
+    ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
     return ret;
 }
 
 static krb5_error_code
-krb5_kt_store_keyblock(krb5_storage *sp, 
+krb5_kt_store_keyblock(krb5_context context,
+		       krb5_storage *sp, 
 		       krb5_keyblock *p)
 {
     int ret;
 
     ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
     if(ret) return ret;
-    ret = krb5_kt_store_data(sp, p->keyvalue);
+    ret = krb5_kt_store_data(context, sp, p->keyvalue);
     return ret;
 }
 
 
 static krb5_error_code
-krb5_kt_ret_principal(krb5_storage *sp,
+krb5_kt_ret_principal(krb5_context context,
+		      krb5_storage *sp,
 		      krb5_principal *princ)
 {
     int i;
@@ -154,8 +163,10 @@ krb5_kt_ret_principal(krb5_storage *sp,
     int16_t tmp;
     
     ALLOC(p, 1);
-    if(p == NULL)
+    if(p == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     ret = krb5_ret_int16(sp, &tmp);
     if(ret)
@@ -163,15 +174,19 @@ krb5_kt_ret_principal(krb5_storage *sp,
     if (sp->flags & KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)
 	tmp--;
     p->name.name_string.len = tmp;
-    ret = krb5_kt_ret_string(sp, &p->realm);
-    if(ret) return ret;
+    ret = krb5_kt_ret_string(context, sp, &p->realm);
+    if(ret)
+	return ret;
     p->name.name_string.val = calloc(p->name.name_string.len, 
 				     sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL)
+    if(p->name.name_string.val == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_ret_string(sp, p->name.name_string.val + i);
-	if(ret) return ret;
+	ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
+	if(ret)
+	    return ret;
     }
     if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
 	p->name.name_type = KRB5_NT_UNKNOWN;
@@ -187,7 +202,8 @@ krb5_kt_ret_principal(krb5_storage *sp,
 }
 
 static krb5_error_code
-krb5_kt_store_principal(krb5_storage *sp,
+krb5_kt_store_principal(krb5_context context,
+			krb5_storage *sp,
 			krb5_principal p)
 {
     int i;
@@ -202,7 +218,8 @@ krb5_kt_store_principal(krb5_storage *sp,
     if(ret) return ret;
     for(i = 0; i < p->name.name_string.len; i++){
 	ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
-	if(ret) return ret;
+	if(ret)
+	    return ret;
     }
     if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
 	ret = krb5_store_int32(sp, p->name.name_type);
@@ -217,12 +234,16 @@ static krb5_error_code
 fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
 {
     struct fkt_data *d;
+
     d = malloc(sizeof(*d));
-    if(d == NULL)
+    if(d == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     d->filename = strdup(name);
     if(d->filename == NULL) {
 	free(d);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     id->data = d;
@@ -280,8 +301,12 @@ fkt_start_seq_get_int(krb5_context context,
     struct fkt_data *d = id->data;
     
     c->fd = open (d->filename, flags);
-    if (c->fd < 0)
-	return errno;
+    if (c->fd < 0) {
+	ret = errno;
+	krb5_set_error_string(context, "open(%s): %s", d->filename,
+			      strerror(ret));
+	return ret;
+    }
     c->sp = krb5_storage_from_fd(c->fd);
     ret = krb5_ret_int8(c->sp, &pvno);
     if(ret) {
@@ -292,6 +317,7 @@ fkt_start_seq_get_int(krb5_context context,
     if(pvno != 5) {
 	krb5_storage_free(c->sp);
 	close(c->fd);
+	krb5_clear_error_string (context);
 	return KRB5_KEYTAB_BADVNO;
     }
     ret = krb5_ret_int8(c->sp, &tag);
@@ -336,7 +362,7 @@ loop:
 	pos = cursor->sp->seek(cursor->sp, -len, SEEK_CUR);
 	goto loop;
     }
-    ret = krb5_kt_ret_principal (cursor->sp, &entry->principal);
+    ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
     if (ret)
 	goto out;
     ret = krb5_ret_int32(cursor->sp, &tmp32);
@@ -347,7 +373,7 @@ loop:
     if (ret)
 	goto out;
     entry->vno = tmp8;
-    ret = krb5_kt_ret_keyblock (cursor->sp, &entry->keyblock);
+    ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
     if (ret)
 	goto out;
     if(start) *start = pos;
@@ -391,8 +417,12 @@ fkt_add_entry(krb5_context context,
     fd = open (d->filename, O_RDWR | O_BINARY);
     if (fd < 0) {
 	fd = open (d->filename, O_RDWR | O_CREAT | O_BINARY, 0600);
-	if (fd < 0)
-	    return errno;
+	if (fd < 0) {
+	    ret = errno;
+	    krb5_set_error_string(context, "open(%s): %s", d->filename,
+				  strerror(ret));
+	    return ret;
+	}
 	sp = krb5_storage_from_fd(fd);
 	ret = krb5_store_int8(sp, 5);
 	if(ret) {
@@ -421,6 +451,7 @@ fkt_add_entry(krb5_context context,
 	if(pvno != 5) {
 	    krb5_storage_free(sp);
 	    close(fd);
+	    krb5_clear_error_string (context);
 	    return KRB5_KEYTAB_BADVNO;
 	}
 	ret = krb5_ret_int8 (sp, &tag);
@@ -438,9 +469,10 @@ fkt_add_entry(krb5_context context,
 	emem = krb5_storage_emem();
 	if(emem == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    goto out;
 	}
-	ret = krb5_kt_store_principal(emem, entry->principal);
+	ret = krb5_kt_store_principal(context, emem, entry->principal);
 	if(ret) {
 	    krb5_storage_free(emem);
 	    goto out;
@@ -455,7 +487,7 @@ fkt_add_entry(krb5_context context,
 	    krb5_storage_free(emem);
 	    goto out;
 	}
-	ret = krb5_kt_store_keyblock (emem, &entry->keyblock);
+	ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
 	if(ret) {
 	    krb5_storage_free(emem);
 	    goto out;
@@ -521,8 +553,10 @@ fkt_remove_entry(krb5_context context,
 	}
     }
     krb5_kt_end_seq_get(context, id, &cursor);
-    if (!found)
+    if (!found) {
+	krb5_clear_error_string (context);
 	return KRB5_KT_NOTFOUND;
+    }
     return 0;
 }
 
diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c
index ffdf35c..2403412 100644
--- a/crypto/heimdal/lib/krb5/keytab_keyfile.c
+++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: keytab_keyfile.c,v 1.9 2000/07/02 16:14:16 assar Exp $");
+RCSID("$Id: keytab_keyfile.c,v 1.11 2001/05/14 06:14:49 assar Exp $");
 
 /* afs keyfile operations --------------------------------------- */
 
@@ -63,16 +63,23 @@ struct akf_data {
  */
 
 static int
-get_cell_and_realm (struct akf_data *d)
+get_cell_and_realm (krb5_context context,
+		    struct akf_data *d)
 {
     FILE *f;
     char buf[BUFSIZ], *cp;
+    int ret;
 
     f = fopen (AFS_SERVERTHISCELL, "r");
-    if (f == NULL)
-	return errno;
+    if (f == NULL) {
+	ret = errno;
+	krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
+			       strerror(ret));
+	return ret;
+    }
     if (fgets (buf, sizeof(buf), f) == NULL) {
 	fclose (f);
+	krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
 	return EINVAL;
     }
     if (buf[strlen(buf) - 1] == '\n')
@@ -80,13 +87,17 @@ get_cell_and_realm (struct akf_data *d)
     fclose(f);
 
     d->cell = strdup (buf);
-    if (d->cell == NULL)
-	return errno;
+    if (d->cell == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
+	return ENOMEM;
+    }
 
     f = fopen (AFS_SERVERMAGICKRBCONF, "r");
     if (f != NULL) {
 	if (fgets (buf, sizeof(buf), f) == NULL) {
 	    fclose (f);
+	    krb5_set_error_string (context, "no realm in %s",
+				   AFS_SERVERMAGICKRBCONF);
 	    return EINVAL;
 	}
 	if (buf[strlen(buf)-1] == '\n')
@@ -100,7 +111,8 @@ get_cell_and_realm (struct akf_data *d)
     d->realm = strdup (buf);
     if (d->realm == NULL) {
 	free (d->cell);
-	return errno;
+	krb5_set_error_string (context, "malloc: out of memory");
+	return ENOMEM;
     }
     return 0;
 }
@@ -115,11 +127,13 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id)
     int ret;
     struct akf_data *d = malloc(sizeof (struct akf_data));
 
-    if (d == NULL)
-	return errno;
+    if (d == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
+	return ENOMEM;
+    }
     
     d->num_entries = 0;
-    ret = get_cell_and_realm (d);
+    ret = get_cell_and_realm (context, d);
     if (ret) {
 	free (d);
 	return ret;
@@ -129,6 +143,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id)
 	free (d->cell);
 	free (d->realm);
 	free (d);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     id->data = d;
@@ -180,14 +195,21 @@ akf_start_seq_get(krb5_context context,
     struct akf_data *d = id->data;
 
     c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
-    if (c->fd < 0)
-	return errno;
+    if (c->fd < 0) {
+	ret = errno;
+	krb5_set_error_string(context, "open(%s): %s", d->filename,
+			      strerror(ret));
+	return ret;
+    }
 
     c->sp = krb5_storage_from_fd(c->fd);
     ret = krb5_ret_int32(c->sp, &d->num_entries);
     if(ret) {
 	krb5_storage_free(c->sp);
 	close(c->fd);
+	krb5_clear_error_string (context);
+	if(ret == KRB5_CC_END)
+	    return KRB5_KT_NOTFOUND;
 	return ret;
     }
 
@@ -228,6 +250,7 @@ akf_next_entry(krb5_context context,
     entry->keyblock.keyvalue.data   = malloc (8);
     if (entry->keyblock.keyvalue.data == NULL) {
 	krb5_free_principal (context, entry->principal);
+	krb5_set_error_string (context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto out;
     }
@@ -268,8 +291,12 @@ akf_add_entry(krb5_context context,
     if (fd < 0) {
 	fd = open (d->filename,
 		   O_RDWR | O_BINARY | O_CREAT, 0600);
-	if (fd < 0)
-	    return errno;
+	if (fd < 0) {
+	    ret = errno;
+	    krb5_set_error_string(context, "open(%s): %s", d->filename,
+				  strerror(ret));
+	    return ret;
+	}
 	created = 1;
     }
 
@@ -282,15 +309,18 @@ akf_add_entry(krb5_context context,
 	sp = krb5_storage_from_fd(fd);
 	if(sp == NULL) {
 	    close(fd);
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
 	}
 	if (created)
 	    len = 0;
 	else {
 	    if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
+		ret = errno;
 		krb5_storage_free(sp);
 		close(fd);
-		return errno;
+		krb5_set_error_string (context, "seek: %s", strerror(ret));
+		return ret;
 	    }
 	    
 	    ret = krb5_ret_int32(sp, &len);
@@ -303,9 +333,11 @@ akf_add_entry(krb5_context context,
 	len++;
 	
 	if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
+	    ret = errno;
 	    krb5_storage_free(sp);
 	    close(fd);
-	    return errno;
+	    krb5_set_error_string (context, "seek: %s", strerror(ret));
+	    return ret;
 	}
 	
 	ret = krb5_store_int32(sp, len);
@@ -317,9 +349,11 @@ akf_add_entry(krb5_context context,
 		
 
 	if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
+	    ret = errno;
 	    krb5_storage_free(sp);
 	    close(fd);
-	    return errno;
+	    krb5_set_error_string (context, "seek: %s", strerror(ret));
+	    return ret;
 	}
 	
 	ret = krb5_store_int32(sp, entry->vno);
diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c
index e41f849..6915cac 100644
--- a/crypto/heimdal/lib/krb5/keytab_krb4.c
+++ b/crypto/heimdal/lib/krb5/keytab_krb4.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: keytab_krb4.c,v 1.6 2000/12/15 17:10:40 joda Exp $");
+RCSID("$Id: keytab_krb4.c,v 1.8 2001/05/16 22:23:31 assar Exp $");
 
 struct krb4_kt_data {
     char *filename;
@@ -45,11 +45,14 @@ krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
     struct krb4_kt_data *d;
 
     d = malloc (sizeof(*d));
-    if (d == NULL)
+    if (d == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     d->filename = strdup (name);
     if (d->filename == NULL) {
 	free(d);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     id->data = d;
@@ -92,17 +95,23 @@ krb4_kt_start_seq_get_int (krb5_context context,
 {
     struct krb4_kt_data *d = id->data;
     struct krb4_cursor_extra_data *ed;
+    int ret;
 
     ed = malloc (sizeof(*ed));
-    if (ed == NULL)
+    if (ed == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ed->entry.principal = NULL;
     ed->num = -1;
     c->data = ed;
     c->fd = open (d->filename, flags);
     if (c->fd < 0) {
+	ret = errno;
 	free (ed);
-	return errno;
+	krb5_set_error_string(context, "open(%s): %s", d->filename,
+			      strerror(ret));
+	return ret;
     }
     c->sp = krb5_storage_from_fd(c->fd);
     return 0;
@@ -238,8 +247,12 @@ krb4_kt_add_entry (krb5_context context,
     if (fd < 0) {
 	fd = open (d->filename,
 		   O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
-	if (fd < 0)
-	    return errno;
+	if (fd < 0) {
+	    ret = errno;
+	    krb5_set_error_string(context, "open(%s): %s", d->filename,
+				  strerror(ret));
+	    return ret;
+	}
     }
     ret = krb5_524_conv_principal (context, entry->principal,
 				   service, instance, realm);
@@ -272,3 +285,16 @@ const krb5_kt_ops krb4_fkt_ops = {
     krb4_kt_add_entry,		/* add_entry */
     NULL			/* remove_entry */
 };
+
+const krb5_kt_ops krb5_srvtab_fkt_ops = {
+    "SRVTAB",
+    krb4_kt_resolve,
+    krb4_kt_get_name,
+    krb4_kt_close,
+    NULL,			/* get */
+    krb4_kt_start_seq_get,
+    krb4_kt_next_entry,
+    krb4_kt_end_seq_get,
+    krb4_kt_add_entry,		/* add_entry */
+    NULL			/* remove_entry */
+};
diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c
index 9fde8d0..cde8943 100644
--- a/crypto/heimdal/lib/krb5/keytab_memory.c
+++ b/crypto/heimdal/lib/krb5/keytab_memory.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: keytab_memory.c,v 1.4 2000/02/07 03:18:39 assar Exp $");
+RCSID("$Id: keytab_memory.c,v 1.5 2001/05/14 06:14:49 assar Exp $");
 
 /* memory operations -------------------------------------------- */
 
@@ -47,8 +47,10 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
 {
     struct mkt_data *d;
     d = malloc(sizeof(*d));
-    if(d == NULL)
+    if(d == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     d->entries = NULL;
     d->num_entries = 0;
     id->data = d;
@@ -115,8 +117,10 @@ mkt_add_entry(krb5_context context,
     struct mkt_data *d = id->data;
     krb5_keytab_entry *tmp;
     tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
-    if(tmp == NULL)
+    if(tmp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     d->entries = tmp;
     return krb5_kt_copy_entry_contents(context, entry, 
 				       &d->entries[d->num_entries++]);
diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h
index 628f560..1f0fdf9 100644
--- a/crypto/heimdal/lib/krb5/krb5-protos.h
+++ b/crypto/heimdal/lib/krb5/krb5-protos.h
@@ -93,7 +93,7 @@ krb5_error_code
 krb5_addlog_dest __P((
 	krb5_context context,
 	krb5_log_facility *f,
-	const char *p));
+	const char *orig));
 
 krb5_error_code
 krb5_addlog_func __P((
@@ -107,6 +107,7 @@ krb5_addlog_func __P((
 
 krb5_error_code
 krb5_addr2sockaddr __P((
+	krb5_context context,
 	const krb5_address *addr,
 	struct sockaddr *sa,
 	int *sa_size,
@@ -139,6 +140,7 @@ krb5_aname_to_localname __P((
 
 krb5_error_code
 krb5_anyaddr __P((
+	krb5_context context,
 	int af,
 	struct sockaddr *sa,
 	int *sa_size,
@@ -453,8 +455,8 @@ krb5_error_code
 krb5_cc_next_cred __P((
 	krb5_context context,
 	const krb5_ccache id,
-	krb5_creds *creds,
-	krb5_cc_cursor *cursor));
+	krb5_cc_cursor *cursor,
+	krb5_creds *creds));
 
 krb5_error_code
 krb5_cc_register __P((
@@ -533,6 +535,9 @@ krb5_checksumsize __P((
 	krb5_cksumtype type,
 	size_t *size));
 
+void
+krb5_clear_error_string __P((krb5_context context));
+
 krb5_error_code
 krb5_closelog __P((
 	krb5_context context,
@@ -634,16 +639,10 @@ krb5_config_get_time_default __P((
 
 krb5_error_code
 krb5_config_parse_file __P((
+	krb5_context context,
 	const char *fname,
 	krb5_config_section **res));
 
-krb5_error_code
-krb5_config_parse_file_debug __P((
-	const char *fname,
-	krb5_config_section **res,
-	unsigned *lineno,
-	char **error_message));
-
 const void *
 krb5_config_vget __P((
 	krb5_context context,
@@ -787,7 +786,8 @@ krb5_error_code
 krb5_create_checksum __P((
 	krb5_context context,
 	krb5_crypto crypto,
-	unsigned usage_or_type,
+	krb5_key_usage usage,
+	int type,
 	void *data,
 	size_t len,
 	Checksum *result));
@@ -800,7 +800,7 @@ krb5_crypto_destroy __P((
 krb5_error_code
 krb5_crypto_init __P((
 	krb5_context context,
-	krb5_keyblock *key,
+	const krb5_keyblock *key,
 	krb5_enctype etype,
 	krb5_crypto *crypto));
 
@@ -924,7 +924,17 @@ krb5_decrypt_ticket __P((
 	krb5_flags flags));
 
 krb5_error_code
+krb5_derive_key __P((
+	krb5_context context,
+	const krb5_keyblock *key,
+	krb5_enctype etype,
+	const void *constant,
+	size_t constant_len,
+	krb5_keyblock **derived_key));
+
+krb5_error_code
 krb5_domain_x500_decode __P((
+	krb5_context context,
 	krb5_data tr,
 	char ***realms,
 	int *num_realms,
@@ -938,7 +948,9 @@ krb5_domain_x500_encode __P((
 	krb5_data *encoding));
 
 krb5_error_code
-krb5_eai_to_heim_errno __P((int eai_errno));
+krb5_eai_to_heim_errno __P((
+	int eai_errno,
+	int system_error));
 
 krb5_error_code
 krb5_encode_Authenticator __P((
@@ -1058,6 +1070,12 @@ krb5_err __P((
     __attribute__ ((noreturn, format (printf, 4, 5)));
 
 krb5_error_code
+krb5_error_from_rd_error __P((
+	krb5_context context,
+	const krb5_error *error,
+	const krb5_creds *creds));
+
+krb5_error_code
 krb5_errx __P((
 	krb5_context context,
 	int eval,
@@ -1146,6 +1164,11 @@ krb5_free_error_contents __P((
 	krb5_context context,
 	krb5_error *error));
 
+void
+krb5_free_error_string __P((
+	krb5_context context,
+	char *str));
+
 krb5_error_code
 krb5_free_host_realm __P((
 	krb5_context context,
@@ -1239,6 +1262,15 @@ krb5_get_cred_from_kdc __P((
 	krb5_creds ***ret_tgts));
 
 krb5_error_code
+krb5_get_cred_from_kdc_opt __P((
+	krb5_context context,
+	krb5_ccache ccache,
+	krb5_creds *in_creds,
+	krb5_creds **out_creds,
+	krb5_creds ***ret_tgts,
+	krb5_flags flags));
+
+krb5_error_code
 krb5_get_credentials __P((
 	krb5_context context,
 	krb5_flags options,
@@ -1280,6 +1312,9 @@ krb5_get_err_text __P((
 	krb5_context context,
 	krb5_error_code code));
 
+char*
+krb5_get_error_string __P((krb5_context context));
+
 krb5_error_code
 krb5_get_extra_addresses __P((
 	krb5_context context,
@@ -1310,6 +1345,7 @@ krb5_error_code
 krb5_get_host_realm_int __P((
 	krb5_context context,
 	const char *host,
+	krb5_boolean use_dns,
 	krb5_realm **realms));
 
 krb5_error_code
@@ -1515,12 +1551,14 @@ krb5_getportbyname __P((
 
 krb5_error_code
 krb5_h_addr2addr __P((
+	krb5_context context,
 	int af,
 	const char *haddr,
 	krb5_address *addr));
 
 krb5_error_code
 krb5_h_addr2sockaddr __P((
+	krb5_context context,
 	int af,
 	const char *addr,
 	struct sockaddr *sa,
@@ -1528,6 +1566,12 @@ krb5_h_addr2sockaddr __P((
 	int port));
 
 krb5_error_code
+krb5_h_errno_to_heim_errno __P((int eai_errno));
+
+krb5_boolean
+krb5_have_error_string __P((krb5_context context));
+
+krb5_error_code
 krb5_init_context __P((krb5_context *context));
 
 void
@@ -1613,6 +1657,12 @@ krb5_kt_default __P((
 	krb5_keytab *id));
 
 krb5_error_code
+krb5_kt_default_modify_name __P((
+	krb5_context context,
+	char *name,
+	size_t namesize));
+
+krb5_error_code
 krb5_kt_default_name __P((
 	krb5_context context,
 	char *name,
@@ -1711,6 +1761,7 @@ krb5_log_msg __P((
 
 krb5_error_code
 krb5_make_addrport __P((
+	krb5_context context,
 	krb5_address **res,
 	const krb5_address *addr,
 	int16_t port));
@@ -1733,7 +1784,8 @@ krb5_mk_error __P((
 	const krb5_data *e_data,
 	const krb5_principal client,
 	const krb5_principal server,
-	time_t ctime,
+	time_t *ctime,
+	int *cusec,
 	krb5_data *reply));
 
 krb5_error_code
@@ -1893,6 +1945,7 @@ int
 krb5_prompter_posix __P((
 	krb5_context context,
 	void *data,
+	const char *name,
 	const char *banner,
 	int num_prompts,
 	krb5_prompt prompts[]));
@@ -2209,6 +2262,13 @@ krb5_set_default_realm __P((
 	char *realm));
 
 krb5_error_code
+krb5_set_error_string __P((
+	krb5_context context,
+	const char *fmt,
+	...))
+    __attribute__((format (printf, 2, 3)));
+
+krb5_error_code
 krb5_set_extra_addresses __P((
 	krb5_context context,
 	const krb5_addresses *addresses));
@@ -2246,11 +2306,13 @@ krb5_sock_to_principal __P((
 
 krb5_error_code
 krb5_sockaddr2address __P((
+	krb5_context context,
 	const struct sockaddr *sa,
 	krb5_address *addr));
 
 krb5_error_code
 krb5_sockaddr2port __P((
+	krb5_context context,
 	const struct sockaddr *sa,
 	int16_t *port));
 
@@ -2285,12 +2347,22 @@ krb5_storage_from_mem __P((
 	void *buf,
 	size_t len));
 
+krb5_flags
+krb5_storage_get_byteorder __P((
+	krb5_storage *sp,
+	krb5_flags byteorder));
+
 krb5_boolean
 krb5_storage_is_flags __P((
 	krb5_storage *sp,
 	krb5_flags flags));
 
 void
+krb5_storage_set_byteorder __P((
+	krb5_storage *sp,
+	krb5_flags byteorder));
+
+void
 krb5_storage_set_flags __P((
 	krb5_storage *sp,
 	krb5_flags flags));
@@ -2366,6 +2438,11 @@ krb5_store_times __P((
 	krb5_times times));
 
 krb5_error_code
+krb5_string_to_deltat __P((
+	const char *string,
+	krb5_deltat *deltat));
+
+krb5_error_code
 krb5_string_to_enctype __P((
 	krb5_context context,
 	const char *string,
@@ -2532,6 +2609,34 @@ krb5_verify_init_creds_opt_set_ap_req_nofail __P((
 	krb5_verify_init_creds_opt *options,
 	int ap_req_nofail));
 
+void
+krb5_verify_opt_init __P((krb5_verify_opt *opt));
+
+void
+krb5_verify_opt_set_ccache __P((
+	krb5_verify_opt *opt,
+	krb5_ccache ccache));
+
+void
+krb5_verify_opt_set_flags __P((
+	krb5_verify_opt *opt,
+	unsigned int flags));
+
+void
+krb5_verify_opt_set_keytab __P((
+	krb5_verify_opt *opt,
+	krb5_keytab keytab));
+
+void
+krb5_verify_opt_set_secure __P((
+	krb5_verify_opt *opt,
+	krb5_boolean secure));
+
+void
+krb5_verify_opt_set_service __P((
+	krb5_verify_opt *opt,
+	const char *service));
+
 krb5_error_code
 krb5_verify_user __P((
 	krb5_context context,
@@ -2551,6 +2656,13 @@ krb5_verify_user_lrealm __P((
 	const char *service));
 
 krb5_error_code
+krb5_verify_user_opt __P((
+	krb5_context context,
+	krb5_principal principal,
+	const char *password,
+	krb5_verify_opt *opt));
+
+krb5_error_code
 krb5_verr __P((
 	krb5_context context,
 	int eval,
@@ -2587,6 +2699,13 @@ krb5_vlog_msg __P((
     __attribute__((format (printf, 5, 0)));
 
 krb5_error_code
+krb5_vset_error_string __P((
+	krb5_context context,
+	const char *fmt,
+	va_list args))
+    __attribute__ ((format (printf, 2, 0)));
+
+krb5_error_code
 krb5_vwarn __P((
 	krb5_context context,
 	krb5_error_code code,
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5
index 6ff4aef..ca2d1e59 100644
--- a/crypto/heimdal/lib/krb5/krb5.conf.5
+++ b/crypto/heimdal/lib/krb5/krb5.conf.5
@@ -1,4 +1,4 @@
-.\" $Id: krb5.conf.5,v 1.12 2001/01/19 04:53:24 assar Exp $
+.\" $Id: krb5.conf.5,v 1.17 2001/05/31 13:58:34 assar Exp $
 .\"
 .Dd April 11, 1999
 .Dt KRB5.CONF 5
@@ -46,6 +46,35 @@ name:
 consists of one or more non-white space characters.
 Currently recognised sections and bindings are:
 .Bl -tag -width "xxx" -offset indent
+.It Li [appdefaults]
+Specifies the default values to be used for Kerberos applications.
+You can specify defaults per application, realm, or a combination of
+these.  The preference order is:
+.Bl -enum -compact
+.It
+.Va application Va realm Va option
+.It
+.Va application Va option
+.It
+.Va realm Va option
+.It
+.Va option
+.El
+.Pp
+The supported options are:
+.Bl -tag -width "xxx" -offset indent
+.It Li forwardable = Va boolean
+When obtaining initial credentials, make the credentials forwardable.
+.It Li proxiable = Va boolean
+When obtaining initial credentials, make the credentials proxiable.
+.It Li no-addresses = Va boolean
+When obtaining initial credentials, request them for an empty set of
+addresses, making the tickets valid from any address.
+.It Li ticket_life = Va time
+Default ticket lifetime.
+.It Li renew_lifetime = Va time
+Default renewable ticket lifetime.
+.El
 .It Li [libdefaults]
 .Bl -tag -width "xxx" -offset indent
 .It Li default_realm = Va REALM
@@ -97,6 +126,12 @@ The max number of times to try to contact each KDC.
 Default ticket lifetime.
 .It Li renew_lifetime = Va time
 Default renewable ticket lifetime.
+.It Li forwardable = Va boolean
+When obtaining initial credentials, make the credentials forwardable.
+This option is also valid in the [realms] section.
+.It Li proxiable = Va boolean
+When obtaining initial credentials, make the credentials proxiable.
+This option is also valid in the [realms] section.
 .It Li verify_ap_req_nofail = Va boolean
 Enable to make a failure to verify obtained credentials
 non-fatal. This can be useful if there is no keytab on a host.
@@ -111,8 +146,25 @@ A list of addresses to get tickets for along with all local addresses.
 .It Li time_format = Va string
 How to print time strings in logs, this string is passed to
 .Xr strftime 3 .
+.It Li date_format = Va string
+How to print date strings in logs, this string is passed to
+.Xr strftime 3 .
 .It Li log_utc = Va boolean
 Write log-entries using UTC instead of your local time zone.
+.It Li srv_lookup = Va boolean
+Use DNS SRV records to lookup realm configuration information.
+.It Li srv_try_txt = Va boolean
+If a SRV lookup fails, try looking up the same info in a DNS TXT record.
+.It Li scan_interfaces = Va boolean
+Scan all network interfaces for addresses, as opposed to simply using
+the address associated with the system's host name.
+.It Li fcache_version = Va int
+Use file credential cache format version specified.
+.It Li krb4_get_tickets = Va boolean
+Also get Kerberos 4 tickets in
+.Nm kinit
+and other programs.
+This option is also valid in the [realms] section.
 .El
 .It Li [domain_realm]
 This is a list of mappings from DNS domain to Kerberos realm. Each
@@ -255,8 +307,8 @@ and is only left for backwards compatability.
 points to the configuration file to read.
 .Sh EXAMPLE
 .Bd -literal -offset indent
-[lib_defaults]
-	default_domain = FOO.SE
+[libdefaults]
+	default_realm = FOO.SE
 [domain_realm]
 	.foo.se = FOO.SE
 	.bar.se = FOO.SE
@@ -294,4 +346,5 @@ actually used and thus cannot warn about unknown or misspelt ones.
 .Xr krb5_openlog 3 ,
 .Xr krb5_425_conv_principal 3 ,
 .Xr strftime 3 ,
+.Xr kinit 1 ,
 .Xr Source tm
diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h
index 65a8a16..32be069 100644
--- a/crypto/heimdal/lib/krb5/krb5.h
+++ b/crypto/heimdal/lib/krb5/krb5.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: krb5.h,v 1.179 2000/12/15 17:11:12 joda Exp $ */
+/* $Id: krb5.h,v 1.190 2001/05/16 22:23:56 assar Exp $ */
 
 #ifndef __KRB5_H__
 #define __KRB5_H__
@@ -43,7 +43,7 @@
 #include <krb5_err.h>
 #include <heim_err.h>
 
-#include <asn1.h>
+#include <krb5_asn1.h>
 
 /* simple constants */
 
@@ -70,26 +70,31 @@ typedef struct krb5_crypto_data *krb5_crypto;
 
 typedef CKSUMTYPE krb5_cksumtype;
 
-typedef enum krb5_enctype { 
-  ETYPE_NULL			= 0,
-  ETYPE_DES_CBC_CRC		= 1,
-  ETYPE_DES_CBC_MD4		= 2,
-  ETYPE_DES_CBC_MD5		= 3,
-  ETYPE_DES3_CBC_MD5		= 5,
-  ETYPE_OLD_DES3_CBC_SHA1	= 7,
-  ETYPE_SIGN_DSA_GENERATE	= 8,
-  ETYPE_ENCRYPT_RSA_PRIV	= 9,
-  ETYPE_ENCRYPT_RSA_PUB		= 10,
-  ETYPE_DES3_CBC_SHA1		= 16, /* with key derivation */
-  ETYPE_ARCFOUR_HMAC_MD5	= 23,
-  ETYPE_ARCFOUR_HMAC_MD5_56	= 24,
-  ETYPE_ENCTYPE_PK_CROSS	= 48,
-  ETYPE_DES_CBC_NONE		= -0x1000,
-  ETYPE_DES3_CBC_NONE		= -0x1001,
-  ETYPE_DES_CFB64_NONE		= -0x1002,
-  ETYPE_DES_PCBC_NONE		= -0x1003,
-  ETYPE_DES3_CBC_NONE_IVEC	= -0x1004
-} krb5_enctype;
+typedef Checksum krb5_checksum;
+
+typedef ENCTYPE krb5_enctype;
+
+/* alternative names */
+enum {
+    ENCTYPE_NULL		= ETYPE_NULL,
+    ENCTYPE_DES_CBC_CRC		= ETYPE_DES_CBC_CRC,
+    ENCTYPE_DES_CBC_MD4		= ETYPE_DES_CBC_MD4,
+    ENCTYPE_DES_CBC_MD5		= ETYPE_DES_CBC_MD5,
+    ENCTYPE_DES3_CBC_MD5	= ETYPE_DES3_CBC_MD5,
+    ENCTYPE_OLD_DES3_CBC_SHA1	= ETYPE_OLD_DES3_CBC_SHA1,
+    ENCTYPE_SIGN_DSA_GENERATE	= ETYPE_SIGN_DSA_GENERATE,
+    ENCTYPE_ENCRYPT_RSA_PRIV	= ETYPE_ENCRYPT_RSA_PRIV,
+    ENCTYPE_ENCRYPT_RSA_PUB	= ETYPE_ENCRYPT_RSA_PUB,
+    ENCTYPE_DES3_CBC_SHA1	= ETYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC_MD5	= ETYPE_ARCFOUR_HMAC_MD5,
+    ENCTYPE_ARCFOUR_HMAC_MD5_56	= ETYPE_ARCFOUR_HMAC_MD5_56,
+    ENCTYPE_ENCTYPE_PK_CROSS	= ETYPE_ENCTYPE_PK_CROSS,
+    ENCTYPE_DES_CBC_NONE	= ETYPE_DES_CBC_NONE,
+    ENCTYPE_DES3_CBC_NONE	= ETYPE_DES3_CBC_NONE,
+    ENCTYPE_DES_CFB64_NONE	= ETYPE_DES_CFB64_NONE,
+    ENCTYPE_DES_PCBC_NONE	= ETYPE_DES_PCBC_NONE,
+    ENCTYPE_DES3_CBC_NONE_IVEC	= ETYPE_DES3_CBC_NONE_IVEC
+};
 
 typedef PADATA_TYPE krb5_preauthtype;
 
@@ -164,6 +169,8 @@ typedef enum krb5_key_usage {
     /* SEQ in GSSAPI krb5 mechanism */
 } krb5_key_usage;
 
+typedef krb5_key_usage krb5_keyusage;
+
 typedef enum krb5_salttype {
     KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
     KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
@@ -364,6 +371,7 @@ typedef struct krb5_context_data {
     const char *time_fmt;
     krb5_boolean log_utc;
     const char *default_keytab;
+    const char *default_keytab_modify;
     krb5_boolean use_admin_kdc;
     krb5_addresses *extra_addresses;
     krb5_boolean scan_interfaces;	/* `ifconfig -a' */
@@ -375,6 +383,8 @@ typedef struct krb5_context_data {
     int num_kt_types;			/* # of registered keytab types */
     struct krb5_keytab_data *kt_types;  /* registered keytab types */
     const char *date_fmt;
+    char *error_string;
+    char error_buf[256];
 } krb5_context_data;
 
 typedef struct krb5_ticket {
@@ -391,10 +401,14 @@ struct krb5_rcache_data;
 typedef struct krb5_rcache_data *krb5_rcache;
 typedef Authenticator krb5_donot_replay;
 
-#define KRB5_STORAGE_HOST_BYTEORDER			0x01
+#define KRB5_STORAGE_HOST_BYTEORDER			0x01 /* old */
 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS	0x02
 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE		0x04
 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE		0x08
+#define KRB5_STORAGE_BYTEORDER_MASK			0x60
+#define KRB5_STORAGE_BYTEORDER_BE			0x00 /* default */
+#define KRB5_STORAGE_BYTEORDER_LE			0x20
+#define KRB5_STORAGE_BYTEORDER_HOST			0x40
 
 typedef struct krb5_storage {
     void *data;
@@ -527,14 +541,23 @@ typedef EncAPRepPart krb5_ap_rep_enc_part;
 extern const char krb5_config_file[];
 extern const char krb5_defkeyname[];
 
+typedef enum {
+    KRB5_PROMPT_TYPE_PASSWORD		= 0x1,
+    KRB5_PROMPT_TYPE_NEW_PASSWORD	= 0x2,
+    KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
+    KRB5_PROMPT_TYPE_PREAUTH		= 0x4
+} krb5_prompt_type;
+
 typedef struct _krb5_prompt {
     char *prompt;
     int hidden;
     krb5_data *reply;
+    krb5_prompt_type type;
 } krb5_prompt;
 
 typedef int (*krb5_prompter_fct)(krb5_context context,
 				 void *data,
+				 const char *name,
 				 const char *banner,
 				 int num_prompts,
 				 krb5_prompt prompts[]);
@@ -588,6 +611,16 @@ typedef struct _krb5_verify_init_creds_opt {
 
 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
 
+typedef struct krb5_verify_opt {
+    unsigned int flags;
+    krb5_ccache ccache;
+    krb5_keytab keytab;
+    krb5_boolean secure;
+    const char *service;
+} krb5_verify_opt;
+
+#define KRB5_VERIFY_LREALMS 1
+
 extern const krb5_cc_ops krb5_fcc_ops;
 extern const krb5_cc_ops krb5_mcc_ops;
 
@@ -595,6 +628,8 @@ extern const krb5_kt_ops krb5_fkt_ops;
 extern const krb5_kt_ops krb5_mkt_ops;
 extern const krb5_kt_ops krb5_akf_ops;
 extern const krb5_kt_ops krb4_fkt_ops;
+extern const krb5_kt_ops krb5_srvtab_fkt_ops;
+extern const krb5_kt_ops krb5_any_ops;
 
 #define KRB5_KPASSWD_SUCCESS	0
 #define KRB5_KPASSWD_MALFORMED	0
diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
index 3a3bb85..edd2f47 100644
--- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_425_conv_principal.3,v 1.4 2001/01/26 22:43:21 assar Exp $
+.\" $Id: krb5_425_conv_principal.3,v 1.5 2001/05/02 08:59:23 assar Exp $
 .Dd April 11, 1999
 .Dt KRB5_425_CONV_PRINCIPAL 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3
index 7c45925..975cc27 100644
--- a/crypto/heimdal/lib/krb5/krb5_appdefault.3
+++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 2000 Kungliga Tekniska Högskolan
-.\" $Id: krb5_appdefault.3,v 1.3 2001/01/05 16:29:42 joda Exp $
+.\" $Id: krb5_appdefault.3,v 1.4 2001/05/02 08:59:23 assar Exp $
 .Dd July 25, 2000
 .Dt KRB5_APPDEFAULT 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3
index d383c0a..92e25b0 100644
--- a/crypto/heimdal/lib/krb5/krb5_auth_context.3
+++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 2001 Kungliga Tekniska Högskolan
-.\" $Id: krb5_auth_context.3,v 1.1 2001/01/28 19:47:33 assar Exp $
+.\" $Id: krb5_auth_context.3,v 1.2 2001/05/02 08:59:23 assar Exp $
 .Dd Jan 21, 2001
 .Dt KRB5_AUTH_CONTEXT 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3
index af01cd8..80ac5e1 100644
--- a/crypto/heimdal/lib/krb5/krb5_build_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_build_principal.3,v 1.2 2001/01/26 22:43:21 assar Exp $
+.\" $Id: krb5_build_principal.3,v 1.3 2001/05/02 08:59:23 assar Exp $
 .Dd August 8, 1997
 .Dt KRB5_BUILD_PRINCIPAL 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3
index 3f2de83..f847436 100644
--- a/crypto/heimdal/lib/krb5/krb5_config.3
+++ b/crypto/heimdal/lib/krb5/krb5_config.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 2000 Kungliga Tekniska Högskolan
-.\" $Id: krb5_config.3,v 1.1 2000/07/25 10:22:46 joda Exp $
+.\" $Id: krb5_config.3,v 1.2 2001/05/02 08:59:23 assar Exp $
 .Dd July 25, 2000
 .Dt KRB5_CONFIG 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3
index 023853b..110c802 100644
--- a/crypto/heimdal/lib/krb5/krb5_free_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_free_principal.3,v 1.2 2001/01/26 22:43:22 assar Exp $
+.\" $Id: krb5_free_principal.3,v 1.3 2001/05/02 08:59:23 assar Exp $
 .Dd August 8, 1997
 .Dt KRB5_FREE_PRINCIPAL 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3
index 7e27ec2..54690de 100644
--- a/crypto/heimdal/lib/krb5/krb5_init_context.3
+++ b/crypto/heimdal/lib/krb5/krb5_init_context.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 2001 Kungliga Tekniska Högskolan
-.\" $Id: krb5_init_context.3,v 1.1 2001/01/28 21:39:29 assar Exp $
+.\" $Id: krb5_init_context.3,v 1.2 2001/05/23 16:24:02 assar Exp $
 .Dd Jan 21, 2001
 .Dt KRB5_CONTEXT 3
 .Os HEIMDAL
@@ -11,7 +11,7 @@
 .Ft krb5_error_code
 .Fn krb5_init_context "krb5_context *context"
 .Ft void
-.Fn krb5_free_context "krb5_context *context"
+.Fn krb5_free_context "krb5_context context"
 .Sh DESCRIPTION
 The
 .Fn krb5_init_context
diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3
new file mode 100644
index 0000000..6dc524e
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/krb5_keytab.3
@@ -0,0 +1,358 @@
+.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
+.\" $Id: krb5_keytab.3,v 1.1 2001/02/05 18:17:46 assar Exp $
+.Dd Feb 5, 2001
+.Dt KRB5_KEYTAB 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_kt_ops,
+.Nm krb5_keytab_entry ,
+.Nm krb5_kt_cursor ,
+.Nm krb5_kt_add_entry ,
+.Nm krb5_kt_close ,
+.Nm krb5_kt_compare ,
+.Nm krb5_kt_copy_entry_contents ,
+.Nm krb5_kt_default ,
+.Nm krb5_kt_default_name ,
+.Nm krb5_kt_end_seq_get ,
+.Nm krb5_kt_free_entry ,
+.Nm krb5_kt_get_entry ,
+.Nm krb5_kt_get_name ,
+.Nm krb5_kt_next_entry ,
+.Nm krb5_kt_read_service_key ,
+.Nm krb5_kt_register ,
+.Nm krb5_kt_remove_entry ,
+.Nm krb5_kt_resolve ,
+.Nm krb5_kt_start_seq_get
+.Nd manage keytab (key storage) files
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+.Pp
+.Ft krb5_error_code
+.Fo krb5_kt_add_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_close
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_kt_compare
+.Fa "krb5_context context"
+.Fa "krb5_keytab_entry *entry"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_kvno vno"
+.Fa "krb5_enctype enctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_copy_entry_contents
+.Fa "krb5_context context"
+.Fa "const krb5_keytab_entry *in"
+.Fa "krb5_keytab_entry *out"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default
+.Fa "krb5_context context"
+.Fa "krb5_keytab *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default_name
+.Fa "krb5_context context"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_end_seq_get
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_free_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_kvno kvno"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_name
+.Fa "krb5_context context"
+.Fa "krb5_keytab keytab"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_next_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_read_service_key
+.Fa "krb5_context context"
+.Fa "krb5_pointer keyprocarg"
+.Fa "krb5_principal principal"
+.Fa "krb5_kvno vno"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keyblock **key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_register
+.Fa "krb5_context context"
+.Fa "const krb5_kt_ops *ops"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_remove_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_resolve
+.Fa "krb5_context context"
+.Fa "const char *name"
+.Fa "krb5_keytab *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_start_seq_get
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Sh DESCRIPTION
+A keytab name is on the form
+.Li type:residual .
+The
+.Li residual
+part is specific to each keytab-type.
+.Pp
+When a keytab-name is resolved, the type is matched with an interal
+list of keytab types. If there is no matching keytab type,
+the default keytab is used. The current default type is
+.Nm file .
+The default value can be changed in the configuration file
+.Pa /etc/krb5.conf
+by setting the variable 
+.Li [defaults]default_keytab_name .
+.Pp
+The keytab types that are implemented in Heimdal
+are:
+.Bl -tag -width Ds
+.It Nm file
+store the keytab in a file, the type's name is
+.Li KEYFILE .
+The residual part is a filename.
+.It Nm keyfile
+store the keytab in a
+.Li AFS 
+keyfile (usually
+.Pa /usr/afs/etc/KeyFile ) ,
+the type's name is
+.Li AFSKEYFILE .
+The residual part is a filename.
+.It Nm krb4
+the keytab is a Kerberos 4
+.Pa srvtab
+that is on-the-fly converted to a keytab. The type's name is
+.Li krb4 .
+The residual part is a filename.
+.It Nm memory
+The keytab is stored in a memory segment. This allows sensitive and/or
+temporary data not to be stored on disk. The type's name is
+.Li MEMORY .
+There are no residual part, the only pointer back to the keytab is the
+.Fa id
+returned by
+.Fn krb5_kt_resolve .
+.El
+.Pp
+.Nm krb5_keytab_entry
+holds all data for an entry in a keytab file, like principal name,
+key-type, key, key-version number, etc.
+.Nm krb5_kt_cursor
+holds the current position that is used when iterating through a
+keytab entry with
+.Fn krb5_kt_start_seq_get , 
+.Fn krb5_kt_next_entry ,
+and
+.Fn krb5_kt_end_seq_get .
+.Pp
+.Nm krb5_kt_ops
+contains the different operations that can be done to a keytab. This
+structure is normally only used when doing a new keytab-type
+implementation.
+.Pp
+.Fn krb5_kt_resolve
+is the equvalent of an
+.Xr open 2
+on keytab. Resolve the keytab name in 
+.Fa name
+into a keytab in 
+.Fa id .
+Returns 0 or an error. The opposite of
+.Fn krb5_kt_resolve 
+is 
+.Fn krb5_kt_close .
+.Fn krb5_kt_close
+frees all resources allocated to the keytab.
+.Pp
+.Fn krb5_kt_default
+sets the argument 
+.Fa id
+to the default keytab.
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_default_name
+copy the name of the default keytab into
+.Fa name .
+Return 0 or KRB5_CONFIG_NOTENUFSPACE if 
+.Fa namesize
+is too short.
+.Pp
+.Fn krb5_kt_add_entry
+Add a new
+.Fa entry
+to the keytab 
+.Fa id .
+.Li KRB5_KT_NOWRITE
+is returned if the keytab is a readonly keytab.
+.Pp
+.Fn krb5_kt_compare
+compares the passed in 
+.Fa entry
+against
+.Fa principal ,
+.Fa vno ,
+and
+.Fa enctype .
+Any of 
+.Fa principal ,
+.Fa vno
+or
+.Fa enctype
+might be 0 which acts as a wildcard. Return TRUE if they compare the
+same, FALSE otherwise.
+.Pp
+.Fn krb5_kt_copy_entry_contents
+copies the contents of 
+.Fa in
+into 
+.Fa out .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_get_name
+retrieves the name of the keytab 
+.Fa keytab
+into 
+.Fa name ,
+.Fa namesize .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_free_entry
+frees the contents of 
+.Fa entry .
+.Pp
+.Fn krb5_kt_start_seq_get
+sets
+.Fa cursor
+to point at the beginning of 
+.Fa id.
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_next_entry
+gets the next entry from 
+.Fa id
+pointed to by 
+.Fa cursor
+and advance the
+.Fa cursor .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_end_seq_get
+releases all resources associated with 
+.Fa cursor .
+.Pp
+.Fn krb5_kt_get_entry
+retrieves the keytab entry for 
+.Fa principal,
+.Fa kvno, 
+.Fa enctype
+into 
+.Fa entry
+from the keytab 
+.Fa id .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_read_service_key
+reads the key identified by
+.Ns ( Fa principal ,
+.Fa vno ,
+.Fa enctype )
+from the keytab in 
+.Fa keyprocarg
+(the default if == NULL) into 
+.Fa *key .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_remove_entry
+removes the entry 
+.Fa entry
+from the keytab 
+.Fa id .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_register
+registers a new keytab type
+.Fa ops .
+Returns 0 or an error.
+.Sh EXAMPLE
+This is a minimalistic version of
+.Nm ktutil .
+.Pp
+.Bd -literal
+int
+main (int argc, char **argv)
+{
+    krb5_context context;
+    krb5_keytab keytab;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry entry;
+    krb5_error_code ret;
+    char *principal;
+
+    if (krb5_init_context (&context) != 0)
+	errx(1, "krb5_context");
+    
+    ret = krb5_kt_default (context, &keytab);
+    if (ret)
+	krb5_err(context, 1, ret, "krb5_kt_default");
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");	
+    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
+	krb5_unparse_name_short(context, entry.principal, &principal);
+	printf("principal: %s\\n", principal);
+	free(principal);
+	krb5_kt_free_entry(context, &entry);
+    }
+    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret)
+	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");	
+    krb5_free_context(context);
+    return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr kerberos 8 ,
+.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3
index 05ba77b..c4f5acd 100644
--- a/crypto/heimdal/lib/krb5/krb5_parse_name.3
+++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_parse_name.3,v 1.2 2001/01/26 22:43:22 assar Exp $
+.\" $Id: krb5_parse_name.3,v 1.3 2001/05/02 08:59:23 assar Exp $
 .Dd August 8, 1997
 .Dt KRB5_PARSE_NAME 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
index 5f7f096..1dee7de 100644
--- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_sname_to_principal.3,v 1.2 2001/01/26 22:43:22 assar Exp $
+.\" $Id: krb5_sname_to_principal.3,v 1.3 2001/05/02 08:59:23 assar Exp $
 .Dd August 8, 1997
 .Dt KRB5_PRINCIPAL 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
index a335eb2..08409ae 100644
--- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3
+++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
@@ -1,5 +1,5 @@
 .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_unparse_name.3,v 1.2 2001/01/26 22:43:22 assar Exp $
+.\" $Id: krb5_unparse_name.3,v 1.3 2001/05/02 08:59:23 assar Exp $
 .Dd August 8, 1997
 .Dt KRB5_UNPARSE_NAME 3
 .Os HEIMDAL
diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c
index b257e8b..86d67f6 100644
--- a/crypto/heimdal/lib/krb5/krbhst.c
+++ b/crypto/heimdal/lib/krb5/krbhst.c
@@ -34,24 +34,28 @@
 #include "krb5_locl.h"
 #include <resolve.h>
 
-RCSID("$Id: krbhst.c,v 1.25 2001/01/19 04:30:54 assar Exp $");
+RCSID("$Id: krbhst.c,v 1.26 2001/05/14 06:14:49 assar Exp $");
 
 /*
  * assuming that `*res' contains `*count' strings, add a copy of `string'.
  */
 
 static int
-add_string(char ***res, int *count, const char *string)
+add_string(krb5_context context, char ***res, int *count, const char *string)
 {
     char **tmp = realloc(*res, (*count + 1) * sizeof(**res));
 
-    if(tmp == NULL)
+    if(tmp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     *res = tmp;
     if(string) {
 	tmp[*count] = strdup(string);
-	if(tmp[*count] == NULL)
+	if(tmp[*count] == NULL) {
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
+	}
     } else
 	tmp[*count] = NULL;
     (*count)++;
@@ -94,19 +98,21 @@ srv_find_realm(krb5_context context, char ***res, int *count,
 	    char **tmp;
 
 	    tmp = realloc(*res, (*count + 1) * sizeof(**res));
-	    if (tmp == NULL)
+	    if (tmp == NULL) {
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
+	    }
 	    *res = tmp;
 	    snprintf (buf, sizeof(buf),
 		      "%s/%s:%u",
 		      proto,
 		      rr->u.srv->target,
 		      rr->u.srv->port);
-	    ret = add_string(res, count, buf);
+	    ret = add_string(context, res, count, buf);
 	    if(ret)
 		return ret;
 	}else if(rr->type == T_TXT) {
-	    ret = add_string(res, count, rr->u.txt);
+	    ret = add_string(context, res, count, rr->u.txt);
 	    if(ret)
 		return ret;
 	}
@@ -151,13 +157,13 @@ get_krbhst (krb5_context context,
     if(count == 0) {
 	char buf[1024];
 	snprintf(buf, sizeof(buf), "kerberos.%s", *realm);
-	ret = add_string(&res, &count, buf);
+	ret = add_string(context, &res, &count, buf);
 	if(ret) {
 	    krb5_config_free_strings(res);
 	    return ret;
 	}
     }
-    add_string(&res, &count, NULL);
+    add_string(context, &res, &count, NULL);
     *hostlist = res;
     return 0;
 }
diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c
index 37bff1d..1a6d6b2 100644
--- a/crypto/heimdal/lib/krb5/log.c
+++ b/crypto/heimdal/lib/krb5/log.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: log.c,v 1.25 2000/09/17 21:46:07 assar Exp $");
+RCSID("$Id: log.c,v 1.26 2001/05/14 06:14:49 assar Exp $");
 
 struct facility {
     int min;
@@ -120,11 +120,14 @@ krb5_initlog(krb5_context context,
 	     krb5_log_facility **fac)
 {
     krb5_log_facility *f = calloc(1, sizeof(*f));
-    if(f == NULL)
+    if(f == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     f->program = strdup(program);
     if(f->program == NULL){
 	free(f);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     *fac = f;
@@ -141,8 +144,10 @@ krb5_addlog_func(krb5_context context,
 		 void *data)
 {
     struct facility *fp = log_realloc(fac);
-    if(fp == NULL)
+    if(fp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     fp->min = min;
     fp->max = max;
     fp->log = log;
@@ -181,8 +186,10 @@ open_syslog(krb5_context context,
     struct syslog_data *sd = malloc(sizeof(*sd));
     int i;
 
-    if(sd == NULL)
+    if(sd == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     i = find_value(sev, syslogvals);
     if(i == -1)
 	i = LOG_ERR;
@@ -232,8 +239,10 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
 	  char *filename, char *mode, FILE *f, int keep_open)
 {
     struct file_data *fd = malloc(sizeof(*fd));
-    if(fd == NULL)
+    if(fd == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     fd->filename = filename;
     fd->mode = mode;
     fd->fd = f;
@@ -245,11 +254,13 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
 
 
 krb5_error_code
-krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
+krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
 {
     krb5_error_code ret = 0;
     int min = 0, max = -1, n;
     char c;
+    const char *p = orig;
+
     n = sscanf(p, "%d%c%d/", &min, &c, &max);
     if(n == 2){
 	if(c == '/') {
@@ -263,7 +274,10 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
     }
     if(n){
 	p = strchr(p, '/');
-	if(p == NULL) return HEIM_ERR_LOG_PARSE;
+	if(p == NULL) {
+	    krb5_set_error_string (context, "failed to parse \"%s\"", orig);
+	    return HEIM_ERR_LOG_PARSE;
+	}
 	p++;
     }
     if(strcmp(p, "STDERR") == 0){
@@ -275,17 +289,26 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
 	FILE *file = NULL;
 	int keep_open = 0;
 	fn = strdup(p + 5);
-	if(fn == NULL)
+	if(fn == NULL) {
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    return ENOMEM;
+	}
 	if(p[4] == '='){
 	    int i = open(fn, O_WRONLY | O_CREAT | 
 			 O_TRUNC | O_APPEND, 0666);
-	    if(i < 0)
-		return errno;
+	    if(i < 0) {
+		ret = errno;
+		krb5_set_error_string (context, "open(%s): %s", fn,
+				       strerror(ret));
+		return ret;
+	    }
 	    file = fdopen(i, "a");
 	    if(file == NULL){
+		ret = errno;
 		close(i);
-		return errno;
+		krb5_set_error_string (context, "fdopen(%s): %s", fn,
+				       strerror(ret));
+		return ret;
 	    }
 	    keep_open = 1;
 	}
@@ -303,6 +326,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p)
 	    facility = "AUTH";
 	ret = open_syslog(context, f, min, max, severity, facility);
     }else{
+	krb5_set_error_string (context, "unknown log type: %s", p);
 	ret = HEIM_ERR_LOG_PARSE; /* XXX */
     }
     return ret;
diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c
index 29c5cfd..8c44b6e 100644
--- a/crypto/heimdal/lib/krb5/mcache.c
+++ b/crypto/heimdal/lib/krb5/mcache.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: mcache.c,v 1.12 2000/11/15 02:12:51 assar Exp $");
+RCSID("$Id: mcache.c,v 1.13 2001/05/14 06:14:49 assar Exp $");
 
 typedef struct krb5_mcache {
     char *name;
@@ -65,6 +65,7 @@ static krb5_mcache *
 mcc_alloc(const char *name)
 {
     krb5_mcache *m;
+
     ALLOC(m, 1);
     if(m == NULL)
 	return NULL;
@@ -101,8 +102,10 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
     }
 
     m = mcc_alloc(res);
-    if (m == NULL)
+    if (m == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
     
     (*id)->data.data = m;
     (*id)->data.length = sizeof(*m);
@@ -118,8 +121,10 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
 
     m = mcc_alloc(NULL);
 
-    if (m == NULL)
+    if (m == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
 
     (*id)->data.data = m;
     (*id)->data.length = sizeof(*m);
@@ -203,8 +208,10 @@ mcc_store_cred(krb5_context context,
 	return ENOENT;
 
     l = malloc (sizeof(*l));
-    if (l == NULL)
+    if (l == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return KRB5_CC_NOMEM;
+    }
     l->next = m->creds;
     m->creds = l;
     memset (&l->cred, 0, sizeof(l->cred));
diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c
index 2b173db..0015f45 100644
--- a/crypto/heimdal/lib/krb5/mk_error.c
+++ b/crypto/heimdal/lib/krb5/mk_error.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: mk_error.c,v 1.14 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: mk_error.c,v 1.16 2001/05/14 06:14:49 assar Exp $");
 
 krb5_error_code
 krb5_mk_error(krb5_context context,
@@ -42,7 +42,8 @@ krb5_mk_error(krb5_context context,
 	      const krb5_data *e_data,
 	      const krb5_principal client,
 	      const krb5_principal server,
-	      time_t ctime,
+	      time_t *ctime,
+	      int *cusec,
 	      krb5_data *reply)
 {
     KRB_ERROR msg;
@@ -59,9 +60,8 @@ krb5_mk_error(krb5_context context,
     msg.msg_type = krb_error;
     msg.stime    = sec;
     msg.susec    = usec;
-    if(ctime) {
-	msg.ctime = &ctime;
-    }
+    msg.ctime    = ctime;
+    msg.cusec    = cusec;
     /* Make sure we only send `protocol' error codes */
     if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) {
 	if(e_text == NULL)
@@ -86,8 +86,10 @@ krb5_mk_error(krb5_context context,
 
     buf_size = 1024;
     buf = malloc (buf_size);
-    if (buf == NULL)
+    if (buf == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     do {
 	ret = encode_KRB_ERROR(buf + buf_size - 1,
@@ -101,6 +103,7 @@ krb5_mk_error(krb5_context context,
 		buf_size *= 2;
 		tmp = realloc (buf, buf_size);
 		if (tmp == NULL) {
+		    krb5_set_error_string (context, "malloc: out of memory");
 		    ret = ENOMEM;
 		    goto out;
 		}
@@ -114,6 +117,7 @@ krb5_mk_error(krb5_context context,
     reply->length = len;
     reply->data = malloc(len);
     if (reply->data == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto out;
     }
diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c
index c880f10..1de4a5c 100644
--- a/crypto/heimdal/lib/krb5/mk_priv.c
+++ b/crypto/heimdal/lib/krb5/mk_priv.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_priv.c,v 1.28 2000/08/18 06:48:07 assar Exp $");
+RCSID("$Id: mk_priv.c,v 1.29 2001/05/14 06:14:49 assar Exp $");
 
 /*
  *
@@ -87,8 +87,10 @@ krb5_mk_priv(krb5_context context,
 
   buf_size = 1024;
   buf = malloc (buf_size);
-  if (buf == NULL)
+  if (buf == NULL) {
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
+  }
 
   krb5_data_zero (&s.enc_part.cipher);
 
@@ -102,6 +104,7 @@ krb5_mk_priv(krb5_context context,
 	      buf_size *= 2;
 	      tmp = realloc (buf, buf_size);
 	      if (tmp == NULL) {
+		  krb5_set_error_string (context, "malloc: out of memory");
 		  ret = ENOMEM;
 		  goto fail;
 	      }
@@ -144,6 +147,7 @@ krb5_mk_priv(krb5_context context,
 	      buf_size *= 2;
 	      tmp = realloc (buf, buf_size);
 	      if (tmp == NULL) {
+		  krb5_set_error_string (context, "malloc: out of memory");
 		  ret = ENOMEM;
 		  goto fail;
 	      }
@@ -158,6 +162,7 @@ krb5_mk_priv(krb5_context context,
   outbuf->length = len;
   outbuf->data   = malloc (len);
   if (outbuf->data == NULL) {
+      krb5_set_error_string (context, "malloc: out of memory");
       free(buf);
       return ENOMEM;
   }
diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c
index ad750b0..fc6b4f2 100644
--- a/crypto/heimdal/lib/krb5/mk_rep.c
+++ b/crypto/heimdal/lib/krb5/mk_rep.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_rep.c,v 1.18 2000/12/06 20:57:23 joda Exp $");
+RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $");
 
 krb5_error_code
 krb5_mk_rep(krb5_context context,
@@ -61,8 +61,10 @@ krb5_mk_rep(krb5_context context,
 			      auth_context->keyblock,
 			      &auth_context->local_seqnumber);
     body.seq_number = malloc (sizeof(*body.seq_number));
-    if (body.seq_number == NULL)
+    if (body.seq_number == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     *(body.seq_number) = auth_context->local_seqnumber;
   } else
     body.seq_number = NULL;
@@ -74,6 +76,7 @@ krb5_mk_rep(krb5_context context,
   buf = malloc (buf_size);
   if (buf == NULL) {
       free_EncAPRepPart (&body);
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
   }
 
@@ -106,6 +109,7 @@ krb5_mk_rep(krb5_context context,
   buf = realloc(buf, buf_size);
   if(buf == NULL) {
       free_AP_REP (&ap);
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
   }
   ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len);
diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c
index a30c19e..dbe7f3d 100644
--- a/crypto/heimdal/lib/krb5/mk_req.c
+++ b/crypto/heimdal/lib/krb5/mk_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_req.c,v 1.22 2000/11/15 06:50:53 assar Exp $");
+RCSID("$Id: mk_req.c,v 1.23 2001/05/14 06:14:49 assar Exp $");
 
 krb5_error_code
 krb5_mk_req_exact(krb5_context context,
diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c
index f0f572c..5ab7a1c 100644
--- a/crypto/heimdal/lib/krb5/mk_req_ext.c
+++ b/crypto/heimdal/lib/krb5/mk_req_ext.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_req_ext.c,v 1.24 2000/11/15 07:01:26 assar Exp $");
+RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $");
 
 krb5_error_code
 krb5_mk_req_internal(krb5_context context,
@@ -99,6 +99,7 @@ krb5_mk_req_internal(krb5_context context,
 	  /* this is to make DCE secd (and older MIT kdcs?) happy */
 	  ret = krb5_create_checksum(context, 
 				     NULL,
+				     0,
 				     CKSUMTYPE_RSA_MD4,
 				     in_data->data,
 				     in_data->length,
@@ -112,6 +113,7 @@ krb5_mk_req_internal(krb5_context context,
 	  ret = krb5_create_checksum(context, 
 				     crypto,
 				     checksum_usage,
+				     0,
 				     in_data->data,
 				     in_data->length,
 				     &c);
diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c
index 2803d38..085ebaf 100644
--- a/crypto/heimdal/lib/krb5/mk_safe.c
+++ b/crypto/heimdal/lib/krb5/mk_safe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: mk_safe.c,v 1.24 2000/08/18 06:48:40 assar Exp $");
+RCSID("$Id: mk_safe.c,v 1.26 2001/05/14 06:14:50 assar Exp $");
 
 krb5_error_code
 krb5_mk_safe(krb5_context context,
@@ -48,6 +48,7 @@ krb5_mk_safe(krb5_context context,
   KerberosTime sec2;
   int usec2;
   u_char *buf = NULL;
+  void *tmp;
   size_t buf_size;
   size_t len;
   u_int32_t tmp_seq;
@@ -78,8 +79,10 @@ krb5_mk_safe(krb5_context context,
 
   buf_size = length_KRB_SAFE(&s);
   buf = malloc(buf_size + 128); /* add some for checksum */
-  if(buf == NULL)
+  if(buf == NULL) {
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
+  }
   ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
   if (ret) {
       free (buf);
@@ -93,6 +96,7 @@ krb5_mk_safe(krb5_context context,
   ret = krb5_create_checksum(context, 
 			     crypto,
 			     KRB5_KU_KRB_SAFE_CKSUM,
+			     0,
 			     buf + buf_size - len,
 			     len,
 			     &s.cksum);
@@ -103,9 +107,13 @@ krb5_mk_safe(krb5_context context,
   }
 
   buf_size = length_KRB_SAFE(&s);
-  buf = realloc(buf, buf_size);
-  if(buf == NULL)
+  tmp = realloc(buf, buf_size);
+  if(tmp == NULL) {
+      free(buf);
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
+  }
+  buf = tmp;
   
   ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
   free_Checksum (&s.cksum);
@@ -114,6 +122,7 @@ krb5_mk_safe(krb5_context context,
   outbuf->data   = malloc (len);
   if (outbuf->data == NULL) {
       free (buf);
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
   }
   memcpy (outbuf->data, buf + buf_size - len, len);
diff --git a/crypto/heimdal/lib/krb5/n-fold-test.c b/crypto/heimdal/lib/krb5/n-fold-test.c
index 814dc6f..7cf4905 100644
--- a/crypto/heimdal/lib/krb5/n-fold-test.c
+++ b/crypto/heimdal/lib/krb5/n-fold-test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: n-fold-test.c,v 1.3 1999/07/22 11:45:33 assar Exp $");
+RCSID("$Id: n-fold-test.c,v 1.4 2001/03/12 07:42:30 assar Exp $");
 
 enum { MAXSIZE = 24 };
 
@@ -74,6 +74,21 @@ static struct testcase {
       0xbd, 0x22, 0x28, 0x91, 0x56, 0xc0, 0x06, 0xa0, 0xdc, 0xf5, 0xb6,
       0xc2, 0xda, 0x6c}
     },
+    {"password", 7,
+     {0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa}
+    },
+    {"Rough Consensus, and Running Code", 8,
+     {0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0},
+    },
+    {"password", 21,
+     {0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 0xc3, 0x7b, 0x3f,
+      0x6d, 0x20, 0x00, 0x24, 0x7c, 0xb6, 0xe6, 0xbd, 0x5b, 0x3e},
+    },
+    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
+     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3,
+      0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54,
+      0x0c, 0x1b}
+    },
     {NULL, 0}
 };
 
diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c
index 7be1d93..0bffef4 100644
--- a/crypto/heimdal/lib/krb5/principal.c
+++ b/crypto/heimdal/lib/krb5/principal.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -41,7 +41,7 @@
 #include <fnmatch.h>
 #include "resolve.h"
 
-RCSID("$Id: principal.c,v 1.73 2000/10/16 03:42:14 assar Exp $");
+RCSID("$Id: principal.c,v 1.74 2001/05/14 06:14:50 assar Exp $");
 
 #define princ_num_comp(P) ((P)->name.name_string.len)
 #define princ_type(P) ((P)->name.name_type)
@@ -82,20 +82,26 @@ krb5_parse_name(krb5_context context,
     ncomp = 1;
     for(p = (char*)name; *p; p++){
 	if(*p=='\\'){
-	    if(!p[1])
+	    if(!p[1]) {
+		krb5_set_error_string (context,
+				       "trailing \\ in principal name");
 		return KRB5_PARSE_MALFORMED;
+	    }
 	    p++;
 	} else if(*p == '/')
 	    ncomp++;
     }
     comp = calloc(ncomp, sizeof(*comp));
-    if (comp == NULL)
+    if (comp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
   
     n = 0;
     start = q = p = s = strdup(name);
     if (start == NULL) {
 	free (comp);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     while(*p){
@@ -112,11 +118,14 @@ krb5_parse_name(krb5_context context,
 		c = '\0';
 	}else if(c == '/' || c == '@'){
 	    if(got_realm){
+		krb5_set_error_string (context,
+				       "part after realm in principal name");
 		ret = KRB5_PARSE_MALFORMED;
 		goto exit;
 	    }else{
 		comp[n] = malloc(q - start + 1);
 		if (comp[n] == NULL) {
+		    krb5_set_error_string (context, "malloc: out of memory");
 		    ret = ENOMEM;
 		    goto exit;
 		}
@@ -130,6 +139,8 @@ krb5_parse_name(krb5_context context,
 	    continue;
 	}
 	if(got_realm && (c == ':' || c == '/' || c == '\0')) {
+	    krb5_set_error_string (context,
+				   "part after realm in principal name");
 	    ret = KRB5_PARSE_MALFORMED;
 	    goto exit;
 	}
@@ -138,6 +149,7 @@ krb5_parse_name(krb5_context context,
     if(got_realm){
 	realm = malloc(q - start + 1);
 	if (realm == NULL) {
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    ret = ENOMEM;
 	    goto exit;
 	}
@@ -150,6 +162,7 @@ krb5_parse_name(krb5_context context,
 
 	comp[n] = malloc(q - start + 1);
 	if (comp[n] == NULL) {
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    ret = ENOMEM;
 	    goto exit;
 	}
@@ -159,6 +172,7 @@ krb5_parse_name(krb5_context context,
     }
     *principal = malloc(sizeof(**principal));
     if (*principal == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	ret = ENOMEM;
 	goto exit;
     }
@@ -278,8 +292,10 @@ unparse_name(krb5_context context,
 	len++;
     }
     *name = malloc(len);
-    if(len != 0 && *name == NULL)
+    if(len != 0 && *name == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     ret = unparse_name_fixed(context, principal, *name, len, short_flag);
     if(ret)
 	free(*name);
@@ -356,12 +372,16 @@ append_component(krb5_context context, krb5_principal p,
     size_t len = princ_num_comp(p);
 
     tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
-    if(tmp == NULL)
+    if(tmp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     princ_comp(p) = tmp;
     princ_ncomp(p, len) = malloc(comp_len + 1);
-    if (princ_ncomp(p, len) == NULL)
+    if (princ_ncomp(p, len) == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     memcpy (princ_ncomp(p, len), comp, comp_len);
     princ_ncomp(p, len)[comp_len] = '\0';
     princ_num_comp(p)++;
@@ -406,13 +426,16 @@ build_principal(krb5_context context,
     krb5_principal p;
   
     p = calloc(1, sizeof(*p));
-    if (p == NULL)
+    if (p == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     princ_type(p) = KRB5_NT_PRINCIPAL;
 
     princ_realm(p) = strdup(realm);
     if(p->realm == NULL){
 	free(p);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
   
@@ -487,10 +510,15 @@ krb5_copy_principal(krb5_context context,
 		    krb5_principal *outprinc)
 {
     krb5_principal p = malloc(sizeof(*p));
-    if (p == NULL)
+    if (p == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
-    if(copy_Principal(inprinc, p))
+    }
+    if(copy_Principal(inprinc, p)) {
+	free(p);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     *outprinc = p;
     return 0;
 }
@@ -667,6 +695,7 @@ krb5_425_conv_principal_ext(krb5_context context,
 	}
 	krb5_free_principal(context, pr);
 	*princ = NULL;
+	krb5_clear_error_string (context);
 	return HEIM_ERR_V4_PRINC_NO_CONV;
     }
     if(resolve){
@@ -688,6 +717,7 @@ krb5_425_conv_principal_ext(krb5_context context,
 #ifdef USE_RESOLVER
 		dns_free_data(r);
 #endif
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
 	    }
 	    ret = krb5_make_principal(context, &pr, realm, name, low_inst,
@@ -731,6 +761,7 @@ krb5_425_conv_principal_ext(krb5_context context,
 			       "default_domain", NULL);
     if(p == NULL){
 	/* this should be an error, just faking a name is not good */
+	krb5_clear_error_string (context);
 	return HEIM_ERR_V4_PRINC_NO_CONV;
     }
 	
@@ -743,6 +774,7 @@ krb5_425_conv_principal_ext(krb5_context context,
 	return 0;
     }
     krb5_free_principal(context, pr);
+    krb5_clear_error_string (context);
     return HEIM_ERR_V4_PRINC_NO_CONV;
 no_host:
     p = krb5_config_get_string(context, NULL,
@@ -768,6 +800,7 @@ no_host:
 	return 0;
     }
     krb5_free_principal(context, pr);
+    krb5_clear_error_string (context);
     return HEIM_ERR_V4_PRINC_NO_CONV;
 }
 
@@ -888,6 +921,9 @@ krb5_524_conv_principal(krb5_context context,
 	i = principal->name.name_string.val[1];
 	break;
     default:
+	krb5_set_error_string (context,
+			       "cannot convert a %d component principal",
+			       principal->name.name_string.len);
 	return KRB5_PARSE_MALFORMED;
     }
 
@@ -910,12 +946,21 @@ krb5_524_conv_principal(krb5_context context,
 	i = tmpinst;
     }
     
-    if (strlcpy (name, n, aname_sz) >= aname_sz)
+    if (strlcpy (name, n, aname_sz) >= aname_sz) {
+	krb5_set_error_string (context,
+			       "too long name component to convert");
 	return KRB5_PARSE_MALFORMED;
-    if (strlcpy (instance, i, aname_sz) >= aname_sz)
+    }
+    if (strlcpy (instance, i, aname_sz) >= aname_sz) {
+	krb5_set_error_string (context,
+			       "too long instance component to convert");
 	return KRB5_PARSE_MALFORMED;
-    if (strlcpy (realm, r, aname_sz) >= aname_sz)
+    }
+    if (strlcpy (realm, r, aname_sz) >= aname_sz) {
+	krb5_set_error_string (context,
+			       "too long realm component to convert");
 	return KRB5_PARSE_MALFORMED;
+    }
     return 0;
 }
 
@@ -934,8 +979,11 @@ krb5_sname_to_principal (krb5_context context,
     char localhost[MAXHOSTNAMELEN];
     char **realms, *host = NULL;
 	
-    if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN)
+    if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
+	krb5_set_error_string (context, "unsupported name type %d",
+			       type);
 	return KRB5_SNAME_UNSUPP_NAMETYPE;
+    }
     if(hostname == NULL) {
 	gethostname(localhost, sizeof(localhost));
 	hostname = localhost;
diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c
index dc3b119..3f5efb6 100644
--- a/crypto/heimdal/lib/krb5/prog_setup.c
+++ b/crypto/heimdal/lib/krb5/prog_setup.c
@@ -35,7 +35,7 @@
 #include <getarg.h>
 #include <err.h>
 
-RCSID("$Id: prog_setup.c,v 1.8 2001/01/25 11:20:32 assar Exp $");
+RCSID("$Id: prog_setup.c,v 1.9 2001/02/20 01:44:54 assar Exp $");
 
 void
 krb5_std_usage(int code, struct getargs *args, int num_args)
@@ -55,7 +55,7 @@ krb5_program_setup(krb5_context *context, int argc, char **argv,
     if(usage == NULL)
 	usage = krb5_std_usage;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     ret = krb5_init_context(context);
     if (ret)
 	errx (1, "krb5_init_context failed: %d", ret);
diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c
index a849254..4b9c573 100644
--- a/crypto/heimdal/lib/krb5/prompter_posix.c
+++ b/crypto/heimdal/lib/krb5/prompter_posix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,17 +33,20 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: prompter_posix.c,v 1.5 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $");
 
 int
 krb5_prompter_posix (krb5_context context,
 		     void *data,
+		     const char *name,
 		     const char *banner,
 		     int num_prompts,
 		     krb5_prompt prompts[])
 {
     int i;
 
+    if (name)
+	fprintf (stderr, "%s\n", name);
     if (banner)
 	fprintf (stderr, "%s\n", banner);
     for (i = 0; i < num_prompts; ++i) {
diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c
index ca8ff02..c7729b1 100644
--- a/crypto/heimdal/lib/krb5/rd_cred.c
+++ b/crypto/heimdal/lib/krb5/rd_cred.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_cred.c,v 1.12 2001/01/04 16:19:00 joda Exp $");
+RCSID("$Id: rd_cred.c,v 1.14 2001/05/14 06:14:50 assar Exp $");
 
 krb5_error_code
 krb5_rd_cred(krb5_context context,
@@ -50,6 +50,8 @@ krb5_rd_cred(krb5_context context,
     krb5_crypto crypto;
     int i;
 
+    *ret_creds = NULL;
+
     ret = decode_KRB_CRED(in_data->data, in_data->length, 
 			  &cred, &len);
     if(ret)
@@ -57,11 +59,13 @@ krb5_rd_cred(krb5_context context,
 
     if (cred.pvno != 5) {
 	ret = KRB5KRB_AP_ERR_BADVERSION;
+	krb5_clear_error_string (context);
 	goto out;
     }
 
     if (cred.msg_type != krb_cred) {
 	ret = KRB5KRB_AP_ERR_MSG_TYPE;
+	krb5_clear_error_string (context);
 	goto out;
     }
 
@@ -108,7 +112,7 @@ krb5_rd_cred(krb5_context context,
 	krb5_address *a;
 	int cmp;
 
-	ret = krb5_make_addrport (&a,
+	ret = krb5_make_addrport (context, &a,
 				  auth_context->remote_address,
 				  auth_context->remote_port);
 	if (ret)
@@ -123,6 +127,7 @@ krb5_rd_cred(krb5_context context,
 	free (a);
 
 	if (cmp == 0) {
+	    krb5_clear_error_string (context);
 	    ret = KRB5KRB_AP_ERR_BADADDR;
 	    goto out;
 	}
@@ -135,6 +140,7 @@ krb5_rd_cred(krb5_context context,
 	&& !krb5_address_compare (context,
 				  auth_context->local_address,
 				  enc_krb_cred_part.r_address)) {
+	krb5_clear_error_string (context);
 	ret = KRB5KRB_AP_ERR_BADADDR;
 	goto out;
     }
@@ -149,6 +155,7 @@ krb5_rd_cred(krb5_context context,
 	    enc_krb_cred_part.usec      == NULL ||
 	    abs(*enc_krb_cred_part.timestamp - sec)
 	    > context->max_skew) {
+	    krb5_clear_error_string (context);
 	    ret = KRB5KRB_AP_ERR_SKEW;
 	    goto out;
 	}
@@ -183,6 +190,7 @@ krb5_rd_cred(krb5_context context,
 	creds = calloc(1, sizeof(*creds));
 	if(creds == NULL) {
 	    ret = ENOMEM;
+	    krb5_set_error_string (context, "malloc: out of memory");
 	    goto out;
 	}
 
diff --git a/crypto/heimdal/lib/krb5/rd_error.c b/crypto/heimdal/lib/krb5/rd_error.c
index df9b45e..ca02f3d 100644
--- a/crypto/heimdal/lib/krb5/rd_error.c
+++ b/crypto/heimdal/lib/krb5/rd_error.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: rd_error.c,v 1.4 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: rd_error.c,v 1.6 2001/05/15 06:35:10 assar Exp $");
 
 krb5_error_code
 krb5_rd_error(krb5_context context,
@@ -43,11 +43,12 @@ krb5_rd_error(krb5_context context,
     
     size_t len;
     krb5_error_code ret;
+
     ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
     if(ret)
 	return ret;
     result->error_code += KRB5KDC_ERR_NONE;
-    return 0;    
+    return 0;
 }
 
 void
@@ -64,3 +65,56 @@ krb5_free_error (krb5_context context,
     krb5_free_error_contents (context, error);
     free (error);
 }
+
+krb5_error_code
+krb5_error_from_rd_error(krb5_context context,
+			 const krb5_error *error,
+			 const krb5_creds *creds)
+{
+    krb5_error_code ret;
+
+    ret = error->error_code;
+    if (error->e_text != NULL) {
+	krb5_set_error_string(context, "%s", *error->e_text);
+    } else {
+	char clientname[256], servername[256];
+
+	if (creds != NULL) {
+	    krb5_unparse_name_fixed(context, creds->client,
+				    clientname, sizeof(clientname));
+	    krb5_unparse_name_fixed(context, creds->server,
+				    servername, sizeof(servername));
+	}
+
+	switch (ret) {
+	case KRB5KDC_ERR_NAME_EXP :
+	    krb5_set_error_string(context, "Client %s%s%s expired",
+				  creds ? "(" : "",
+				  creds ? clientname : "",
+				  creds ? ")" : "");
+	    break;
+	case KRB5KDC_ERR_SERVICE_EXP :
+	    krb5_set_error_string(context, "Server %s%s%s expired",
+				  creds ? "(" : "",
+				  creds ? servername : "",
+				  creds ? ")" : "");
+	    break;
+	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
+	    krb5_set_error_string(context, "Client %s%s%s unknown",
+				  creds ? "(" : "",
+				  creds ? clientname : "",
+				  creds ? ")" : "");
+	    break;
+	case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
+	    krb5_set_error_string(context, "Server %s%s%s unknown",
+				  creds ? "(" : "",
+				  creds ? servername : "",
+				  creds ? ")" : "");
+	    break;
+	default :
+	    krb5_clear_error_string(context);
+	    break;
+	}
+    }
+    return ret;
+}
diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c
index 62350ba..1447c14 100644
--- a/crypto/heimdal/lib/krb5/rd_priv.c
+++ b/crypto/heimdal/lib/krb5/rd_priv.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_priv.c,v 1.27 2001/01/19 04:27:09 assar Exp $");
+RCSID("$Id: rd_priv.c,v 1.28 2001/05/14 06:14:50 assar Exp $");
 
 krb5_error_code
 krb5_rd_priv(krb5_context context,
@@ -55,10 +55,12 @@ krb5_rd_priv(krb5_context context,
   if (ret) 
       goto failure;
   if (priv.pvno != 5) {
+      krb5_clear_error_string (context);
       ret = KRB5KRB_AP_ERR_BADVERSION;
       goto failure;
   }
   if (priv.msg_type != krb_priv) {
+      krb5_clear_error_string (context);
       ret = KRB5KRB_AP_ERR_MSG_TYPE;
       goto failure;
   }
@@ -96,6 +98,7 @@ krb5_rd_priv(krb5_context context,
       && !krb5_address_compare (context,
 				auth_context->remote_address,
 				part.s_address)) {
+      krb5_clear_error_string (context);
       ret = KRB5KRB_AP_ERR_BADADDR;
       goto failure_part;
   }
@@ -107,6 +110,7 @@ krb5_rd_priv(krb5_context context,
       && !krb5_address_compare (context,
 				auth_context->local_address,
 				part.r_address)) {
+      krb5_clear_error_string (context);
       ret = KRB5KRB_AP_ERR_BADADDR;
       goto failure_part;
   }
@@ -119,6 +123,7 @@ krb5_rd_priv(krb5_context context,
       if (part.timestamp == NULL ||
 	  part.usec      == NULL ||
 	  abs(*part.timestamp - sec) > context->max_skew) {
+	  krb5_clear_error_string (context);
 	  ret = KRB5KRB_AP_ERR_SKEW;
 	  goto failure_part;
       }
@@ -135,6 +140,7 @@ krb5_rd_priv(krb5_context context,
 	   && auth_context->remote_seqnumber != 0)
 	  || (part.seq_number != NULL
 	      && *part.seq_number != auth_context->remote_seqnumber)) {
+	  krb5_clear_error_string (context);
 	  ret = KRB5KRB_AP_ERR_BADORDER;
 	  goto failure_part;
       }
diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c
index 20f2033..7462b3d 100644
--- a/crypto/heimdal/lib/krb5/rd_rep.c
+++ b/crypto/heimdal/lib/krb5/rd_rep.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_rep.c,v 1.20 2000/08/18 06:49:03 assar Exp $");
+RCSID("$Id: rd_rep.c,v 1.21 2001/05/14 06:14:50 assar Exp $");
 
 krb5_error_code
 krb5_rd_rep(krb5_context context,
@@ -55,10 +55,12 @@ krb5_rd_rep(krb5_context context,
       return ret;
   if (ap_rep.pvno != 5) {
     ret = KRB5KRB_AP_ERR_BADVERSION;
+    krb5_clear_error_string (context);
     goto out;
   }
   if (ap_rep.msg_type != krb_ap_rep) {
     ret = KRB5KRB_AP_ERR_MSG_TYPE;
+    krb5_clear_error_string (context);
     goto out;
   }
 
@@ -77,6 +79,7 @@ krb5_rd_rep(krb5_context context,
   *repl = malloc(sizeof(**repl));
   if (*repl == NULL) {
     ret = ENOMEM;
+    krb5_set_error_string (context, "malloc: out of memory");
     goto out;
   }
   ret = krb5_decode_EncAPRepPart(context,
@@ -90,6 +93,7 @@ krb5_rd_rep(krb5_context context,
   if ((*repl)->ctime != auth_context->authenticator->ctime ||
       (*repl)->cusec != auth_context->authenticator->cusec) {
     ret = KRB5KRB_AP_ERR_MUT_FAIL;
+    krb5_clear_error_string (context);
     goto out;
   }
   if ((*repl)->seq_number)
diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c
index 922137a..b7059e1 100644
--- a/crypto/heimdal/lib/krb5/rd_req.c
+++ b/crypto/heimdal/lib/krb5/rd_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_req.c,v 1.44 2000/11/15 23:16:28 assar Exp $");
+RCSID("$Id: rd_req.c,v 1.45 2001/05/14 06:14:50 assar Exp $");
 
 static krb5_error_code
 decrypt_tkt_enc_part (krb5_context context,
@@ -113,14 +113,17 @@ krb5_decode_ap_req(krb5_context context,
 	return ret;
     if (ap_req->pvno != 5){
 	free_AP_REQ(ap_req);
+	krb5_clear_error_string (context);
 	return KRB5KRB_AP_ERR_BADVERSION;
     }
     if (ap_req->msg_type != krb_ap_req){
 	free_AP_REQ(ap_req);
+	krb5_clear_error_string (context);
 	return KRB5KRB_AP_ERR_MSG_TYPE;
     }
     if (ap_req->ticket.tkt_vno != 5){
 	free_AP_REQ(ap_req);
+	krb5_clear_error_string (context);
 	return KRB5KRB_AP_ERR_BADVERSION;
     }
     return 0;
@@ -150,10 +153,12 @@ krb5_decrypt_ticket(krb5_context context,
 	   || (t.flags.invalid
 	       && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
 	    free_EncTicketPart(&t);
+	    krb5_clear_error_string (context);
 	    return KRB5KRB_AP_ERR_TKT_NYV;
 	}
 	if(now - t.endtime > context->max_skew) {
 	    free_EncTicketPart(&t);
+	    krb5_clear_error_string (context);
 	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
 	}
     }
@@ -320,6 +325,7 @@ krb5_verify_ap_req2(krb5_context context,
 	krb5_free_principal (context, p2);
 	if (!res) {
 	    ret = KRB5KRB_AP_ERR_BADMATCH;
+	    krb5_clear_error_string (context);
 	    goto out2;
 	}
     }
@@ -332,6 +338,7 @@ krb5_verify_ap_req2(krb5_context context,
 				 ac->remote_address,
 				 t.ticket.caddr)) {
 	ret = KRB5KRB_AP_ERR_BADADDR;
+	krb5_clear_error_string (context);
 	goto out2;
     }
 
diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c
index 07628d9..62d3646 100644
--- a/crypto/heimdal/lib/krb5/rd_safe.c
+++ b/crypto/heimdal/lib/krb5/rd_safe.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_safe.c,v 1.23 2001/01/19 04:25:37 assar Exp $");
+RCSID("$Id: rd_safe.c,v 1.24 2001/05/14 06:14:51 assar Exp $");
 
 static krb5_error_code
 verify_checksum(krb5_context context,
@@ -58,6 +58,7 @@ verify_checksum(krb5_context context,
 
     if (buf == NULL) {
 	ret = ENOMEM;
+	krb5_set_error_string (context, "malloc: out of memory");
 	goto out;
     }
 
@@ -97,15 +98,18 @@ krb5_rd_safe(krb5_context context,
       return ret;
   if (safe.pvno != 5) {
       ret = KRB5KRB_AP_ERR_BADVERSION;
+      krb5_clear_error_string (context);
       goto failure;
   }
   if (safe.msg_type != krb_safe) {
       ret = KRB5KRB_AP_ERR_MSG_TYPE;
+      krb5_clear_error_string (context);
       goto failure;
   }
   if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
       || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
       ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+      krb5_clear_error_string (context);
       goto failure;
   }
 
@@ -117,6 +121,7 @@ krb5_rd_safe(krb5_context context,
 				auth_context->remote_address,
 				safe.safe_body.s_address)) {
       ret = KRB5KRB_AP_ERR_BADADDR;
+      krb5_clear_error_string (context);
       goto failure;
   }
 
@@ -128,6 +133,7 @@ krb5_rd_safe(krb5_context context,
 				auth_context->local_address,
 				safe.safe_body.r_address)) {
       ret = KRB5KRB_AP_ERR_BADADDR;
+      krb5_clear_error_string (context);
       goto failure;
   }
 
@@ -141,6 +147,7 @@ krb5_rd_safe(krb5_context context,
 	  safe.safe_body.usec      == NULL ||
 	  abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
 	  ret = KRB5KRB_AP_ERR_SKEW;
+	  krb5_clear_error_string (context);
 	  goto failure;
       }
   }
@@ -157,6 +164,7 @@ krb5_rd_safe(krb5_context context,
 	      && *safe.safe_body.seq_number !=
 	      auth_context->remote_seqnumber)) {
 	  ret = KRB5KRB_AP_ERR_BADORDER;
+	  krb5_clear_error_string (context);
 	  goto failure;
       }
       auth_context->remote_seqnumber++;
@@ -170,6 +178,7 @@ krb5_rd_safe(krb5_context context,
   outbuf->data   = malloc(outbuf->length);
   if (outbuf->data == NULL) {
       ret = ENOMEM;
+      krb5_set_error_string (context, "malloc: out of memory");
       goto failure;
   }
   memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
index 45d6b62..124499a 100644
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ b/crypto/heimdal/lib/krb5/read_message.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: read_message.c,v 1.7 2000/07/21 22:54:09 joda Exp $");
+RCSID("$Id: read_message.c,v 1.8 2001/05/14 06:14:51 assar Exp $");
 
 krb5_error_code
 krb5_read_message (krb5_context context,
@@ -45,8 +45,11 @@ krb5_read_message (krb5_context context,
     u_int8_t buf[4];
 
     ret = krb5_net_read (context, p_fd, buf, 4);
-    if(ret == -1)
-	return errno;
+    if(ret == -1) {
+	ret = errno;
+	krb5_clear_error_string (context);
+	return ret;
+    }
     if(ret < 4) {
 	data->length = 0;
 	return HEIM_ERR_EOF;
@@ -56,8 +59,10 @@ krb5_read_message (krb5_context context,
     if (ret)
 	return ret;
     if (krb5_net_read (context, p_fd, data->data, len) != len) {
+	ret = errno;
 	krb5_data_free (data);
-	return errno;
+	krb5_clear_error_string (context);
+	return ret;
     }
     return 0;
 }
@@ -76,8 +81,6 @@ krb5_read_priv_message(krb5_context context,
 	return ret;
     ret = krb5_rd_priv (context, ac, &packet, data, NULL);
     krb5_data_free(&packet);
-    if(ret)
-	return ret;
     return ret;
 }
 
@@ -95,7 +98,5 @@ krb5_read_safe_message(krb5_context context,
 	return ret;
     ret = krb5_rd_safe (context, ac, &packet, data, NULL);
     krb5_data_free(&packet);
-    if(ret)
-	return ret;
     return ret;
 }
diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c
index 3c11254..806a765 100644
--- a/crypto/heimdal/lib/krb5/recvauth.c
+++ b/crypto/heimdal/lib/krb5/recvauth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: recvauth.c,v 1.13 2000/12/06 20:59:05 joda Exp $");
+RCSID("$Id: recvauth.c,v 1.15 2001/05/14 06:14:51 assar Exp $");
 
 /*
  * See `sendauth.c' for the format.
@@ -101,44 +101,61 @@ krb5_recvauth_match_version(krb5_context context,
 
   if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
     n = krb5_net_read (context, p_fd, &len, 4);
-    if (n < 0)
-	return errno;
-    if (n == 0)
+    if (n < 0) {
+	ret = errno;
+	krb5_set_error_string (context, "read: %s", strerror(errno));
+	return ret;
+    }
+    if (n == 0) {
+	krb5_clear_error_string (context);
 	return KRB5_SENDAUTH_BADAUTHVERS;
+    }
     len = ntohl(len);
     if (len != sizeof(her_version)
 	|| krb5_net_read (context, p_fd, her_version, len) != len
 	|| strncmp (version, her_version, len)) {
       repl = 1;
       krb5_net_write (context, p_fd, &repl, 1);
+	krb5_clear_error_string (context);
       return KRB5_SENDAUTH_BADAUTHVERS;
     }
   }
 
   n = krb5_net_read (context, p_fd, &len, 4);
-  if (n < 0)
-      return errno;
-  if (n == 0)
+  if (n < 0) {
+      ret = errno;
+      krb5_set_error_string (context, "read: %s", strerror(errno));
+      return ret;
+  }
+  if (n == 0) {
+      krb5_clear_error_string (context);
       return KRB5_SENDAUTH_BADAPPLVERS;
+  }
   len = ntohl(len);
   her_appl_version = malloc (len);
   if (her_appl_version == NULL) {
       repl = 2;
       krb5_net_write (context, p_fd, &repl, 1);
+      krb5_set_error_string (context, "malloc: out of memory");
       return ENOMEM;
   }
   if (krb5_net_read (context, p_fd, her_appl_version, len) != len
       || !(*match_appl_version)(match_data, her_appl_version)) {
     repl = 2;
     krb5_net_write (context, p_fd, &repl, 1);
+    krb5_set_error_string (context, "wrong sendauth version (%s)",
+			   her_appl_version);
     free (her_appl_version);
     return KRB5_SENDAUTH_BADAPPLVERS;
   }
   free (her_appl_version);
 
   repl = 0;
-  if (krb5_net_write (context, p_fd, &repl, 1) != 1)
-    return errno;
+  if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
+    ret = errno;
+    krb5_set_error_string (context, "write: %s", strerror(errno));
+    return ret;
+  }
 
   krb5_data_zero (&data);
   ret = krb5_read_message (context, p_fd, &data);
@@ -163,7 +180,8 @@ krb5_recvauth_match_version(krb5_context context,
 			    NULL,
 			    NULL,
 			    server,
-			    0,
+			    NULL,
+			    NULL,
 			    &error_data);
       if (ret2 == 0) {
 	  krb5_write_message (context, p_fd, &error_data);
@@ -173,8 +191,11 @@ krb5_recvauth_match_version(krb5_context context,
   }      
 
   len = 0;
-  if (krb5_net_write (context, p_fd, &len, 4) != 4)
-    return errno;
+  if (krb5_net_write (context, p_fd, &len, 4) != 4) {
+      ret = errno;
+      krb5_set_error_string (context, "write: %s", strerror(errno));
+      return ret;
+  }
 
   if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
     ret = krb5_mk_rep (context, *auth_context, &data);
diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c
index 2935cfc..d4f5569 100644
--- a/crypto/heimdal/lib/krb5/replay.c
+++ b/crypto/heimdal/lib/krb5/replay.c
@@ -34,7 +34,7 @@
 #include "krb5_locl.h"
 #include <vis.h>
 
-RCSID("$Id: replay.c,v 1.7 2001/01/29 02:09:00 assar Exp $");
+RCSID("$Id: replay.c,v 1.8 2001/05/14 06:14:51 assar Exp $");
 
 struct krb5_rcache_data {
     char *name;
@@ -46,8 +46,10 @@ krb5_rc_resolve(krb5_context context,
 		const char *name)
 {
     id->name = strdup(name);
-    if(id->name == NULL)
+    if(id->name == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return KRB5_RC_MALLOC;
+    }
     return 0;
 }
 
@@ -56,11 +58,16 @@ krb5_rc_resolve_type(krb5_context context,
 		     krb5_rcache *id,
 		     const char *type)
 {
-    if(strcmp(type, "FILE"))
+    if(strcmp(type, "FILE")) {
+	krb5_set_error_string (context, "replay cache type %s not supported",
+			       type);
 	return KRB5_RC_TYPE_NOTFOUND;
+    }
     *id = calloc(1, sizeof(**id));
-    if(*id == NULL)
+    if(*id == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return KRB5_RC_MALLOC;
+    }
     return 0;
 }
 
@@ -70,8 +77,11 @@ krb5_rc_resolve_full(krb5_context context,
 		     const char *string_name)
 {
     krb5_error_code ret;
-    if(strncmp(string_name, "FILE:", 5))
+    if(strncmp(string_name, "FILE:", 5)) {
+	krb5_set_error_string (context, "replay cache type %s not supported",
+			       string_name);
 	return KRB5_RC_TYPE_NOTFOUND;
+    }
     ret = krb5_rc_resolve_type(context, id, "FILE");
     if(ret)
 	return ret;
@@ -110,8 +120,14 @@ krb5_rc_initialize(krb5_context context,
 {
     FILE *f = fopen(id->name, "w");
     struct rc_entry tmp;
-    if(f == NULL)
-	return errno;
+    int ret;
+
+    if(f == NULL) {
+	ret = errno;
+	krb5_set_error_string (context, "open(%s): %s", id->name,
+			       strerror(ret));
+	return ret;
+    }
     tmp.stamp = auth_lifespan;
     fwrite(&tmp, 1, sizeof(tmp), f);
     fclose(f);
@@ -129,8 +145,14 @@ krb5_error_code
 krb5_rc_destroy(krb5_context context,
 		krb5_rcache id)
 {
-    if(remove(id->name) < 0)
-	return errno;
+    int ret;
+
+    if(remove(id->name) < 0) {
+	ret = errno;
+	krb5_set_error_string (context, "remove(%s): %s", id->name,
+			       strerror(ret));
+	return ret;
+    }
     return krb5_rc_close(context, id);
 }
 
@@ -167,11 +189,17 @@ krb5_rc_store(krb5_context context,
     struct rc_entry ent, tmp;
     time_t t;
     FILE *f;
+    int ret;
+
     ent.stamp = time(NULL);
     checksum_authenticator(rep, ent.data);
     f = fopen(id->name, "r");
-    if(f == NULL)
-	return errno;
+    if(f == NULL) {
+	ret = errno;
+	krb5_set_error_string (context, "open(%s): %s", id->name,
+			       strerror(ret));
+	return ret;
+    }
     fread(&tmp, sizeof(ent), 1, f);
     t = ent.stamp - tmp.stamp;
     while(fread(&tmp, sizeof(ent), 1, f)){
@@ -179,17 +207,23 @@ krb5_rc_store(krb5_context context,
 	    continue;
 	if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
 	    fclose(f);
+	    krb5_clear_error_string (context);
 	    return KRB5_RC_REPLAY;
 	}
     }
     if(ferror(f)){
+	ret = errno;
 	fclose(f);
-	return errno;
+	krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
+	return ret;
     }
     fclose(f);
     f = fopen(id->name, "a");
-    if(f == NULL)
+    if(f == NULL) {
+	krb5_set_error_string (context, "open(%s): %s", id->name,
+			       strerror(errno));
 	return KRB5_RC_IO_UNKNOWN;
+    }
     fwrite(&ent, 1, sizeof(ent), f);
     fclose(f);
     return 0;
@@ -216,6 +250,7 @@ krb5_rc_get_lifespan(krb5_context context,
 	*auth_lifespan = ent.stamp;
 	return 0;
     }
+    krb5_clear_error_string (context);
     return KRB5_RC_IO_UNKNOWN;
 }
 
@@ -243,8 +278,11 @@ krb5_get_server_rcache(krb5_context context,
 
     char *tmp = malloc(4 * piece->length + 1);
     char *name;
-    if(tmp == NULL)
+
+    if(tmp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
 #ifdef HAVE_GETEUID
     asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid());
@@ -252,8 +290,10 @@ krb5_get_server_rcache(krb5_context context,
     asprintf(&name, "FILE:rc_%s", tmp);
 #endif
     free(tmp);
-    if(name == NULL)
+    if(name == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
 
     ret = krb5_rc_resolve_full(context, &rcache, name);
     free(name);
diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c
index e2b884d..5a66f02 100644
--- a/crypto/heimdal/lib/krb5/send_to_kdc.c
+++ b/crypto/heimdal/lib/krb5/send_to_kdc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: send_to_kdc.c,v 1.40 2000/11/15 01:48:23 assar Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.44 2001/05/14 22:49:56 assar Exp $");
 
 /*
  * send the data in `req' on the socket `fd' (which is datagram iff udp)
@@ -267,7 +267,7 @@ send_via_proxy (krb5_context context,
     ret = getaddrinfo (proxy, portstr, &hints, &ai);
     free (proxy2);
     if (ret)
-	return krb5_eai_to_heim_errno(ret);
+	return krb5_eai_to_heim_errno(ret, errno);
 
     for (a = ai; a != NULL; a = a->ai_next) {
 	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
@@ -300,7 +300,7 @@ send_via_proxy (krb5_context context,
 }
 
 /*
- * Send the data `send' to one KDC in `realm' and get back the reply
+ * Send the data `send' to one hots in `hostlist' and get back the reply
  * in `receive'.
  */
 
@@ -316,7 +316,7 @@ krb5_sendto (krb5_context context,
      int fd;
      int i;
 
-     for (i = 0; i < context->max_retries; ++i)
+     for (i = 0; i < context->max_retries; ++i) {
 	 for (hp = hostlist; (p = *hp); ++hp) {
 	     char *colon;
 	     int http_flag = 0;
@@ -368,27 +368,25 @@ krb5_sendto (krb5_context context,
 		     close (fd);
 		     continue;
 		 }
-		 break;
-	     }
-	     if (a == NULL) {
-		 freeaddrinfo (ai);
-		 continue;
+		 if(http_flag)
+		     ret = send_and_recv_http(fd, context->kdc_timeout,
+					      "", send, receive);
+		 else if(tcp_flag)
+		     ret = send_and_recv_tcp (fd, context->kdc_timeout,
+					      send, receive);
+		 else
+		     ret = send_and_recv_udp (fd, context->kdc_timeout,
+					      send, receive);
+		 close (fd);
+		 if(ret == 0 && receive->length != 0) {
+		     freeaddrinfo(ai);
+		     goto out;
+		 }
 	     }
-	     freeaddrinfo (ai);
-
-	     if(http_flag)
-		 ret = send_and_recv_http(fd, context->kdc_timeout,
-					  "", send, receive);
-	     else if(tcp_flag)
-		 ret = send_and_recv_tcp (fd, context->kdc_timeout,
-					  send, receive);
-	     else
-		 ret = send_and_recv_udp (fd, context->kdc_timeout,
-					  send, receive);
-	     close (fd);
-	     if(ret == 0 && receive->length != 0)
-		 goto out;
+	     freeaddrinfo(ai);
 	 }
+     }
+     krb5_clear_error_string (context);
      ret = KRB5_KDC_UNREACH;
 out:
      return ret;
@@ -415,6 +413,9 @@ krb5_sendto_kdc2(krb5_context context,
 	return ret;
     ret = krb5_sendto(context, send, hostlist, port, receive);
     krb5_free_krbhst (context, hostlist);
+    if (ret == KRB5_KDC_UNREACH)
+	krb5_set_error_string(context,
+			      "unable to reach any KDC in realm %s", *realm);
     return ret;
 }
 
diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c
index b9e8dd0..8f2c544 100644
--- a/crypto/heimdal/lib/krb5/sendauth.c
+++ b/crypto/heimdal/lib/krb5/sendauth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: sendauth.c,v 1.17 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $");
 
 /*
  * The format seems to be:
@@ -90,23 +90,35 @@ krb5_sendauth(krb5_context context,
     len = strlen(version) + 1;
     net_len = htonl(len);
     if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, version, len) != len)
-	return errno;
+	|| krb5_net_write (context, p_fd, version, len) != len) {
+	ret = errno;
+	krb5_set_error_string (context, "write: %s", strerror(ret));
+	return ret;
+    }
 
     len = strlen(appl_version) + 1;
     net_len = htonl(len);
     if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, appl_version, len) != len)
-	return errno;
+	|| krb5_net_write (context, p_fd, appl_version, len) != len) {
+	ret = errno;
+	krb5_set_error_string (context, "write: %s", strerror(ret));
+	return ret;
+    }
 
     sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
-    if (sret < 0)
-	return errno;
-    else if (sret != sizeof(repl))
+    if (sret < 0) {
+	ret = errno;
+	krb5_set_error_string (context, "read: %s", strerror(ret));
+	return ret;
+    } else if (sret != sizeof(repl)) {
+	krb5_clear_error_string (context);
 	return KRB5_SENDAUTH_BADRESPONSE;
+    }
 
-    if (repl != 0)
+    if (repl != 0) {
+	krb5_clear_error_string (context);
 	return KRB5_SENDAUTH_REJECTED;
+    }
 
     if (in_creds == NULL) {
 	if (ccache == NULL) {
@@ -170,19 +182,22 @@ krb5_sendauth(krb5_context context,
 	ret = krb5_rd_error (context, &error_data, &error);
 	krb5_data_free (&error_data);
 	if (ret == 0) {
+	    ret = krb5_error_from_rd_error(context, &error, NULL);
 	    if (ret_error != NULL) {
 		*ret_error = malloc (sizeof(krb5_error));
 		if (*ret_error == NULL) {
-		    free_KRB_ERROR(&error);
+		    krb5_free_error_contents (context, &error);
 		} else {
 		    **ret_error = error;
 		}
 	    } else {
-		free_KRB_ERROR(&error);
+		krb5_free_error_contents (context, &error);
 	    }
-	    return error.error_code;
-	} else
 	    return ret;
+	} else {
+	    krb5_clear_error_string(context);
+	    return ret;
+	}
     }
 
     if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c
index b917a92..9cb49c3 100644
--- a/crypto/heimdal/lib/krb5/set_default_realm.c
+++ b/crypto/heimdal/lib/krb5/set_default_realm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: set_default_realm.c,v 1.11 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: set_default_realm.c,v 1.12 2001/05/14 06:14:51 assar Exp $");
 
 /*
  * Convert the simple string `s' into a NULL-terminated and freshly allocated 
@@ -41,15 +41,18 @@ RCSID("$Id: set_default_realm.c,v 1.11 1999/12/02 17:05:12 joda Exp $");
  */
 
 static krb5_error_code
-string_to_list (const char *s, krb5_realm **list)
+string_to_list (krb5_context context, const char *s, krb5_realm **list)
 {
 
     *list = malloc (2 * sizeof(**list));
-    if (*list == NULL)
+    if (*list == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     (*list)[0] = strdup (s);
     if ((*list)[0] == NULL) {
 	free (*list);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     (*list)[1] = NULL;
@@ -77,7 +80,7 @@ krb5_set_default_realm(krb5_context context,
 	if (realms == NULL)
 	    ret = krb5_get_host_realm(context, NULL, &realms);
     } else {
-	ret = string_to_list (realm, &realms);
+	ret = string_to_list (context, realm, &realms);
     }
     if (ret)
 	return ret;
diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c
index 477622d..d7a77a4 100644
--- a/crypto/heimdal/lib/krb5/sock_principal.c
+++ b/crypto/heimdal/lib/krb5/sock_principal.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: sock_principal.c,v 1.11 2000/08/09 20:53:11 assar Exp $");
+RCSID("$Id: sock_principal.c,v 1.13 2001/05/14 06:14:51 assar Exp $");
 			
 krb5_error_code
 krb5_sock_to_principal (krb5_context context,
@@ -49,14 +49,16 @@ krb5_sock_to_principal (krb5_context context,
     socklen_t len = sizeof(__ss);
     struct hostent *hostent;
     int family;
-    char hname[256];
-    char *tmp;
+    char *hname = NULL;
 
-    if (getsockname (sock, sa, &len) < 0)
-	return errno;
+    if (getsockname (sock, sa, &len) < 0) {
+	ret = errno;
+	krb5_set_error_string (context, "getsockname: %s", strerror(ret));
+	return ret;
+    }
     family = sa->sa_family;
     
-    ret = krb5_sockaddr2address (sa, &address);
+    ret = krb5_sockaddr2address (context, sa, &address);
     if (ret)
 	return ret;
 
@@ -64,20 +66,22 @@ krb5_sock_to_principal (krb5_context context,
 				   address.address.length,
 				   family);
 
-    if (hostent == NULL)
-	return h_errno;
-    tmp = hostent->h_name;
-    if (strchr(tmp, '.') == NULL) {
+    if (hostent == NULL) {
+	krb5_set_error_string (context, "gethostbyaddr: %s",
+			       hstrerror(h_errno));
+	return krb5_h_errno_to_heim_errno(h_errno);
+    }
+    hname = hostent->h_name;
+    if (strchr(hname, '.') == NULL) {
 	char **a;
 
 	for (a = hostent->h_aliases; a != NULL && *a != NULL; ++a)
 	    if (strchr(*a, '.') != NULL) {
-		tmp = *a;
+		hname = *a;
 		break;
 	    }
     }
 
-    strlcpy(hname, tmp, sizeof(hname));
     return krb5_sname_to_principal (context,
 				    hname,
 				    sname,
diff --git a/crypto/heimdal/lib/krb5/store-test.c b/crypto/heimdal/lib/krb5/store-test.c
new file mode 100644
index 0000000..512d2a5
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/store-test.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: store-test.c,v 1.1 2001/05/11 16:06:25 joda Exp $");
+
+static void
+print_data(unsigned char *data, size_t len)
+{
+    int i;
+    for(i = 0; i < len; i++) {
+	if(i > 0 && (i % 16) == 0)
+	    printf("\n            ");
+	printf("%02x ", data[i]);
+    }
+    printf("\n");
+}
+
+static int
+compare(const char *name, krb5_storage *sp, void *expected, size_t len)
+{
+    int ret = 0;
+    krb5_data data;
+    krb5_storage_to_data(sp, &data);
+    krb5_storage_free(sp);
+    if(data.length != len || memcmp(data.data, expected, len) != 0) {
+	printf("%s mismatch\n", name);
+	printf("  Expected: ");
+	print_data(expected, len);
+	printf("  Actual:   ");
+	print_data(data.data, data.length);
+	ret++;
+    }
+    krb5_data_free(&data);
+    return ret;
+}
+
+int
+main(int argc, char **argv)
+{
+    int nerr = 0;
+    krb5_storage *sp;
+    krb5_context context;
+    krb5_principal principal;
+	
+
+    krb5_init_context(&context);
+
+    sp = krb5_storage_emem();
+    krb5_store_int32(sp, 0x01020304);
+    nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4);
+
+    sp = krb5_storage_emem();
+    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
+    krb5_store_int32(sp, 0x01020304);
+    nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4);
+
+    sp = krb5_storage_emem();
+    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+    krb5_store_int32(sp, 0x01020304);
+    nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4);
+
+    sp = krb5_storage_emem();
+    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
+    krb5_store_int32(sp, 0x01020304);
+    {
+	int test = 1;
+	void *data;
+	if(*(char*)&test) 
+	    data = "\x4\x3\x2\x1";
+	else 
+	    data = "\x1\x2\x3\x4";
+	nerr += compare("Integer (host)", sp, data, 4);
+    }
+
+    sp = krb5_storage_emem();
+    krb5_make_principal(context, &principal, "TEST", "foobar", NULL);
+    krb5_store_principal(sp, principal);
+    nerr += compare("Principal", sp, "\x0\x0\x0\x1"
+		    "\x0\x0\x0\x1"
+		    "\x0\x0\x0\x4TEST"
+		    "\x0\x0\x0\x6""foobar", 26);
+    
+    return nerr ? 1 : 0;
+}
diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c
index 5f9d659..4dd96a8 100644
--- a/crypto/heimdal/lib/krb5/store.c
+++ b/crypto/heimdal/lib/krb5/store.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,13 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: store.c,v 1.34 2000/04/11 00:46:09 assar Exp $");
+RCSID("$Id: store.c,v 1.35 2001/05/11 13:01:43 joda Exp $");
+
+#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
+#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
+#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
+#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
+			       krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
 
 void
 krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
@@ -53,6 +59,20 @@ krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
     return (sp->flags & flags) == flags;
 }
 
+void
+krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
+{
+    sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
+    sp->flags |= byteorder;
+}
+
+krb5_flags
+krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
+{
+    return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
+}
+
+
 ssize_t
 _krb5_put_int(void *buffer, unsigned long value, size_t size)
 {
@@ -115,8 +135,10 @@ krb5_store_int(krb5_storage *sp,
 	       size_t len)
 {
     int ret;
-    unsigned char v[4];
+    unsigned char v[16];
 
+    if(len > sizeof(v))
+	return EINVAL;
     _krb5_put_int(v, value, len);
     ret = sp->store(sp, v, len);
     if (ret != len)
@@ -128,8 +150,10 @@ krb5_error_code
 krb5_store_int32(krb5_storage *sp,
 		 int32_t value)
 {
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER))
+    if(BYTEORDER_IS_HOST(sp))
 	value = htonl(value);
+    else if(BYTEORDER_IS_LE(sp))
+	value = bswap32(value);
     return krb5_store_int(sp, value, 4);
 }
 
@@ -156,8 +180,10 @@ krb5_ret_int32(krb5_storage *sp,
     krb5_error_code ret = krb5_ret_int(sp, value, 4);
     if(ret)
 	return ret;
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER))
-	*value = ntohl(*value);
+    if(BYTEORDER_IS_HOST(sp))
+	*value = htonl(*value);
+    else if(BYTEORDER_IS_LE(sp))
+	*value = bswap32(*value);
     return 0;
 }
 
@@ -165,8 +191,10 @@ krb5_error_code
 krb5_store_int16(krb5_storage *sp,
 		 int16_t value)
 {
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER))
+    if(BYTEORDER_IS_HOST(sp))
 	value = htons(value);
+    else if(BYTEORDER_IS_LE(sp))
+	value = bswap16(value);
     return krb5_store_int(sp, value, 2);
 }
 
@@ -180,8 +208,10 @@ krb5_ret_int16(krb5_storage *sp,
     if(ret)
 	return ret;
     *value = v;
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER))
-	*value = ntohs(*value);
+    if(BYTEORDER_IS_HOST(sp))
+	*value = htons(*value);
+    else if(BYTEORDER_IS_LE(sp))
+	*value = bswap16(*value);
     return 0;
 }
 
diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c
index 6e6c0b6..0ea5cd1 100644
--- a/crypto/heimdal/lib/krb5/string-to-key-test.c
+++ b/crypto/heimdal/lib/krb5/string-to-key-test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: string-to-key-test.c,v 1.4 2000/12/31 08:03:54 assar Exp $");
+RCSID("$Id: string-to-key-test.c,v 1.7 2001/05/11 16:15:27 joda Exp $");
 
 enum { MAXSIZE = 24 };
 
@@ -43,7 +43,7 @@ static struct testcase {
     unsigned char res[MAXSIZE];
 } tests[] = {
     {"@", "", ETYPE_DES_CBC_MD5,
-     {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}},
+     {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}},
     {"nisse@FOO.SE", "hej", ETYPE_DES_CBC_MD5,
      {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}},
     {"assar/liten@FOO.SE", "hemligt", ETYPE_DES_CBC_MD5,
@@ -63,6 +63,26 @@ static struct testcase {
     {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5,
      {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe,
       0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}},
+    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5,
+     {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}},
+    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5,
+     {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}},
+    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5,
+     {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}},
+    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5,
+     {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}},
+    {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5,
+     {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}},
+    {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5,
+     {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}},
+    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1,
+     {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}},
+    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1,
+     {0xdf, 0xcd, 0x23, 0x3d, 0xd0, 0xa4, 0x32, 0x04, 0xea, 0x6d, 0xc4, 0x37, 0xfb, 0x15, 0xe0, 0x61, 0xb0, 0x29, 0x79, 0xc1, 0xf7, 0x4f, 0x37, 0x7a}},
+    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES3_CBC_SHA1,
+     {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}},
+    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1,
+     {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}},
     {NULL}
 };
 
@@ -78,6 +98,10 @@ main(int argc, char **argv)
     if (ret)
 	errx (1, "krb5_init_context failed: %d", ret);
 
+    /* to enable realm-less principal name above */
+
+    krb5_set_default_realm(context, "");
+
     for (t = tests; t->principal_name; ++t) {
 	krb5_keyblock key;
 	krb5_principal principal;
diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c
index ecb5821..8d2397b 100644
--- a/crypto/heimdal/lib/krb5/ticket.c
+++ b/crypto/heimdal/lib/krb5/ticket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: ticket.c,v 1.4 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: ticket.c,v 1.5 2001/05/14 06:14:51 assar Exp $");
 
 krb5_error_code
 krb5_free_ticket(krb5_context context,
@@ -52,8 +52,10 @@ krb5_copy_ticket(krb5_context context,
 {
     krb5_error_code ret;
     krb5_ticket *tmp = malloc(sizeof(*tmp));
-    if(tmp == NULL)
+    if(tmp == NULL) {
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
+    }
     if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
 	free(tmp);
 	return ret;
diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c
index 98121b4..9346546 100644
--- a/crypto/heimdal/lib/krb5/time.c
+++ b/crypto/heimdal/lib/krb5/time.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: time.c,v 1.4 2000/06/29 08:20:52 joda Exp $");
+RCSID("$Id: time.c,v 1.5 2001/05/02 10:06:11 joda Exp $");
 
 /*
  * return ``corrected'' time in `timeret'.
@@ -77,3 +77,11 @@ krb5_format_time(krb5_context context, time_t t,
     strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm);
     return 0;
 }
+
+krb5_error_code
+krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
+{
+    if((*deltat = parse_time(string, "s")) == -1)
+	return EINVAL;
+    return 0;
+}
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
index 1faf378..dbe6c80 100644
--- a/crypto/heimdal/lib/krb5/transited.c
+++ b/crypto/heimdal/lib/krb5/transited.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $");
+RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $");
 
 /* this is an attempt at one of the most horrible `compression'
    schemes that has ever been invented; it's so amazingly brain-dead
@@ -61,7 +61,8 @@ free_realms(struct tr_realm *r)
 }
 
 static int
-make_path(struct tr_realm *r, const char *from, const char *to)
+make_path(krb5_context context, struct tr_realm *r,
+	  const char *from, const char *to)
 {
     const char *p;
     struct tr_realm *path = r->next;
@@ -78,8 +79,10 @@ make_path(struct tr_realm *r, const char *from, const char *to)
 	p = from;
 	while(1){
 	    p = strchr(p, '.');
-	    if(p == NULL)
+	    if(p == NULL) {
+		krb5_clear_error_string (context);
 		return KRB5KDC_ERR_POLICY;
+	    }
 	    p++;
 	    if(strcmp(p, to) == 0)
 		break;
@@ -89,6 +92,7 @@ make_path(struct tr_realm *r, const char *from, const char *to)
 	    path->realm = strdup(p);
 	    if(path->realm == NULL){
 		r->next = path; /* XXX */
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;;
 	    }
 	}
@@ -106,21 +110,25 @@ make_path(struct tr_realm *r, const char *from, const char *to)
 	    path->realm = malloc(p - from + 1);
 	    if(path->realm == NULL){
 		r->next = path; /* XXX */
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
 	    }
 	    memcpy(path->realm, from, p - from);
 	    path->realm[p - from] = '\0';
 	    p--;
 	}
-    }else
+    } else {
+	krb5_clear_error_string (context);
 	return KRB5KDC_ERR_POLICY;
+    }
     r->next = path;
     
     return 0;
 }
 
 static int
-make_paths(struct tr_realm *realms, const char *client_realm, 
+make_paths(krb5_context context,
+	   struct tr_realm *realms, const char *client_realm, 
 	   const char *server_realm)
 {
     struct tr_realm *r;
@@ -138,7 +146,7 @@ make_paths(struct tr_realm *realms, const char *client_realm,
 		next_realm = r->next->realm;
 	    else
 		next_realm = server_realm;
-	    ret = make_path(r, prev_realm, next_realm);
+	    ret = make_path(context, r, prev_realm, next_realm);
 	    if(ret){
 		free_realms(realms);
 		return ret;
@@ -150,7 +158,8 @@ make_paths(struct tr_realm *realms, const char *client_realm,
 }
 
 static int
-expand_realms(struct tr_realm *realms, const char *client_realm)
+expand_realms(krb5_context context,
+	      struct tr_realm *realms, const char *client_realm)
 {
     struct tr_realm *r;
     const char *prev_realm = NULL;
@@ -162,6 +171,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
 	    tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1);
 	    if(tmp == NULL){
 		free_realms(realms);
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
 	    }
 	    r->realm = tmp;
@@ -173,6 +183,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm)
 	    tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1);
 	    if(tmp == NULL){
 		free_realms(realms);
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
 	    }
 	    strcpy(tmp, prev_realm);
@@ -236,7 +247,8 @@ append_realm(struct tr_realm *head, struct tr_realm *r)
 }
 
 static int
-decode_realms(const char *tr, int length, struct tr_realm **realms)
+decode_realms(krb5_context context,
+	      const char *tr, int length, struct tr_realm **realms)
 {
     struct tr_realm *r = NULL;
 
@@ -261,6 +273,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
 	    r = make_realm(tmp);
 	    if(r == NULL){
 		free_realms(*realms);
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
 	    }
 	    *realms = append_realm(*realms, r);
@@ -273,6 +286,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
     r = make_realm(tmp);
     if(r == NULL){
 	free_realms(*realms);
+	krb5_set_error_string (context, "malloc: out of memory");
 	return ENOMEM;
     }
     *realms = append_realm(*realms, r);
@@ -282,7 +296,8 @@ decode_realms(const char *tr, int length, struct tr_realm **realms)
 
 
 krb5_error_code
-krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, 
+krb5_domain_x500_decode(krb5_context context,
+			krb5_data tr, char ***realms, int *num_realms, 
 			const char *client_realm, const char *server_realm)
 {
     struct tr_realm *r = NULL;
@@ -290,16 +305,16 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
     int ret;
     
     /* split string in components */
-    ret = decode_realms(tr.data, tr.length, &r);
+    ret = decode_realms(context, tr.data, tr.length, &r);
     if(ret)
 	return ret;
     
     /* apply prefix rule */
-    ret = expand_realms(r, client_realm);
+    ret = expand_realms(context, r, client_realm);
     if(ret)
 	return ret;
     
-    ret = make_paths(r, client_realm, server_realm);
+    ret = make_paths(context, r, client_realm, server_realm);
     if(ret)
 	return ret;
     
@@ -324,6 +339,7 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms,
 	    R = realloc(*realms, (*num_realms + 1) * sizeof(**realms));
 	    if(R == NULL) {
 		free(*realms);
+		krb5_set_error_string (context, "malloc: out of memory");
 		return ENOMEM;
 	    }
 	    R[*num_realms] = r->realm;
@@ -382,6 +398,8 @@ krb5_check_transited_realms(krb5_context context,
 	char **p;
 	for(p = bad_realms; *p; p++)
 	    if(strcmp(*p, realms[i]) == 0) {
+		krb5_set_error_string (context, "no transit through realm %s",
+				       *p);
 		ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
 		if(bad_realm)
 		    *bad_realm = i;
diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c
index e7945ad..7e4618e 100644
--- a/crypto/heimdal/lib/krb5/verify_init.c
+++ b/crypto/heimdal/lib/krb5/verify_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: verify_init.c,v 1.12 2000/01/21 05:47:35 assar Exp $");
+RCSID("$Id: verify_init.c,v 1.14 2001/05/14 06:14:52 assar Exp $");
 
 void
 krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options)
@@ -79,7 +79,7 @@ krb5_verify_init_creds(krb5_context context,
 {
     krb5_error_code ret;
     krb5_data req;
-    krb5_ccache local_ccache;
+    krb5_ccache local_ccache = NULL;
     krb5_keytab_entry entry;
     krb5_creds *new_creds = NULL;
     krb5_auth_context auth_context = NULL;
@@ -92,8 +92,12 @@ krb5_verify_init_creds(krb5_context context,
     if (ap_req_server == NULL) {
 	char local_hostname[MAXHOSTNAMELEN];
 
-	if (gethostname (local_hostname, sizeof(local_hostname)) < 0)
-	    return errno;
+	if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
+	    ret = errno;
+	    krb5_set_error_string (context, "getsockname: %s",
+				   strerror(ret));
+	    return ret;
+	}
 
 	ret = krb5_sname_to_principal (context,
 				       local_hostname,
@@ -185,8 +189,10 @@ cleanup:
 	krb5_free_principal (context, server);
     if (ap_req_keytab == NULL && keytab)
 	krb5_kt_close (context, keytab);
-    if (ccache == NULL
-	|| (ret != 0 && *ccache == NULL))
+    if (local_ccache != NULL
+	&&
+	(ccache == NULL
+	 || (ret != 0 && *ccache == NULL)))
 	krb5_cc_destroy (context, local_ccache);
 
     if (ret == 0 && ccache != NULL && *ccache == NULL)
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
index c071d24..5aba5d8 100644
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8
+++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
@@ -1,4 +1,4 @@
-.\" $Id: verify_krb5_conf.8,v 1.2 2000/03/04 14:07:50 assar Exp $
+.\" $Id: verify_krb5_conf.8,v 1.3 2001/05/02 08:59:23 assar Exp $
 .\"
 .Dd March  4, 2000
 .Dt VERIFY_KRB5_CONF 8
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c
index 2b9ce28..e480324 100644
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c
+++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 #include <getarg.h>
-RCSID("$Id: verify_krb5_conf.c,v 1.3 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: verify_krb5_conf.c,v 1.5 2001/05/14 06:14:52 assar Exp $");
 
 /* verify krb5.conf */
 
@@ -60,14 +60,17 @@ usage (int ret)
 int
 main(int argc, char **argv)
 {
+    krb5_context context;
     const char *config_file = NULL;
     krb5_error_code ret;
     krb5_config_section *tmp_cf;
-    unsigned lineno;
-    char *error_message;
     int optind = 0;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
+
+    ret = krb5_init_context(&context);
+    if (ret)
+	errx (1, "krb5_init_context failed");
 
     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
 	usage(1);
@@ -93,10 +96,9 @@ main(int argc, char **argv)
 	usage (1);
     }
     
-    ret = krb5_config_parse_file_debug (config_file, &tmp_cf, &lineno,
-					&error_message);
+    ret = krb5_config_parse_file (context, config_file, &tmp_cf);
     if (ret == 0)
 	return 0;
-    fprintf (stderr, "%s:%u: %s\n", config_file, lineno, error_message);
+    krb5_warn (context, ret, "krb5_config_parse_file");
     return 1;
 }
diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c
index 758bc60..25cd77b 100644
--- a/crypto/heimdal/lib/krb5/verify_user.c
+++ b/crypto/heimdal/lib/krb5/verify_user.c
@@ -33,12 +33,13 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: verify_user.c,v 1.12 2001/01/04 17:40:00 joda Exp $");
+RCSID("$Id: verify_user.c,v 1.14 2001/05/14 09:06:53 joda Exp $");
 
 static krb5_error_code
 verify_common (krb5_context context,
 	       krb5_principal principal,
 	       krb5_ccache ccache,
+	       krb5_keytab keytab,
 	       krb5_boolean secure,
 	       const char *service,
 	       krb5_creds cred)
@@ -50,7 +51,8 @@ verify_common (krb5_context context,
 
     ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
 				   &server);
-    if(ret) return ret;
+    if(ret)
+	return ret;
 
     krb5_verify_init_creds_opt_init(&vopt);
     krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
@@ -58,11 +60,12 @@ verify_common (krb5_context context,
     ret = krb5_verify_init_creds(context,
 				 &cred,
 				 server,
-				 NULL,
+				 keytab,
 				 NULL,
 				 &vopt);
     krb5_free_principal(context, server);
-    if(ret) return ret;
+    if(ret)
+	return ret;
     if(ccache == NULL)
 	ret = krb5_cc_default (context, &id);
     else
@@ -87,24 +90,59 @@ verify_common (krb5_context context,
  * As a side effect, fresh tickets are obtained and stored in `ccache'.
  */
 
-krb5_error_code
-krb5_verify_user(krb5_context context, 
-		 krb5_principal principal,
-		 krb5_ccache ccache,
-		 const char *password,
-		 krb5_boolean secure,
-		 const char *service)
+void
+krb5_verify_opt_init(krb5_verify_opt *opt)
+{
+    memset(opt, 0, sizeof(*opt));
+    opt->secure = TRUE;
+    opt->service = "host";
+}
+
+void
+krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache)
+{
+    opt->ccache = ccache;
+}
+
+void
+krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab)
 {
+    opt->keytab = keytab;
+}
+
+void
+krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure)
+{
+    opt->secure = secure;
+}
+
+void
+krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service)
+{
+    opt->service = service;
+}
+
+void
+krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags)
+{
+    opt->flags |= flags;
+}
+
+static krb5_error_code
+verify_user_opt_int(krb5_context context,
+		    krb5_principal principal,
+		    const char *password,
+		    krb5_verify_opt *vopt)
 
+{
     krb5_error_code ret;
     krb5_get_init_creds_opt opt;
     krb5_creds cred;
-    
+
     krb5_get_init_creds_opt_init (&opt);
     krb5_get_init_creds_opt_set_default_flags(context, NULL, 
 					      *krb5_princ_realm(context, principal), 
 					      &opt);
-
     ret = krb5_get_init_creds_password (context,
 					&cred,
 					principal,
@@ -114,10 +152,70 @@ krb5_verify_user(krb5_context context,
 					0,
 					NULL,
 					&opt);
-    
     if(ret)
 	return ret;
-    return verify_common (context, principal, ccache, secure, service, cred);
+#define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D))
+    return verify_common (context, principal, OPT(ccache, NULL), 
+			  OPT(keytab, NULL), vopt ? vopt->secure : TRUE, 
+			  OPT(service, "host"), cred);
+#undef OPT
+}
+
+krb5_error_code
+krb5_verify_user_opt(krb5_context context,
+		     krb5_principal principal,
+		     const char *password,
+		     krb5_verify_opt *opt)
+{
+    krb5_error_code ret;
+
+    if(opt && (opt->flags & KRB5_VERIFY_LREALMS)) {
+	krb5_realm *realms, *r;
+	ret = krb5_get_default_realms (context, &realms);
+	if (ret)
+	    return ret;
+	ret = KRB5_CONFIG_NODEFREALM;
+	
+	for (r = realms; *r != NULL && ret != 0; ++r) {
+	    char *tmp = strdup (*r);
+	    
+	    if (tmp == NULL) {
+		krb5_free_host_realm (context, realms);
+		krb5_set_error_string (context, "malloc: out of memory");
+		return ENOMEM;
+	    }
+	    free (*krb5_princ_realm (context, principal));
+	    krb5_princ_set_realm (context, principal, &tmp);
+	    
+	    ret = verify_user_opt_int(context, principal, password, opt);
+	}
+	krb5_free_host_realm (context, realms);
+	if(ret)
+	    return ret;
+    } else
+	ret = verify_user_opt_int(context, principal, password, opt);
+    return ret;
+}
+
+/* compat function that calls above */
+
+krb5_error_code
+krb5_verify_user(krb5_context context, 
+		 krb5_principal principal,
+		 krb5_ccache ccache,
+		 const char *password,
+		 krb5_boolean secure,
+		 const char *service)
+{
+    krb5_verify_opt opt;
+    
+    krb5_verify_opt_init(&opt);
+    
+    krb5_verify_opt_set_ccache(&opt, ccache);
+    krb5_verify_opt_set_secure(&opt, secure);
+    krb5_verify_opt_set_service(&opt, service);
+    
+    return krb5_verify_user_opt(context, principal, password, &opt);
 }
 
 /*
@@ -133,44 +231,14 @@ krb5_verify_user_lrealm(krb5_context context,
 			krb5_boolean secure,
 			const char *service)
 {
-    krb5_error_code ret;
-    krb5_get_init_creds_opt opt;
-    krb5_realm *realms, *r;
-    krb5_creds cred;
+    krb5_verify_opt opt;
     
-    krb5_get_init_creds_opt_init (&opt);
-
-    ret = krb5_get_default_realms (context, &realms);
-    if (ret)
-	return ret;
-    ret = KRB5_CONFIG_NODEFREALM;
-
-    for (r = realms; *r != NULL && ret != 0; ++r) {
-	char *tmp = strdup (*r);
-
-	if (tmp == NULL) {
-	    krb5_free_host_realm (context, realms);
-	    return ENOMEM;
-	}
-	free (*krb5_princ_realm (context, principal));
-	krb5_princ_set_realm (context, principal, &tmp);
-
-	krb5_get_init_creds_opt_set_default_flags(context, NULL, 
-						  *krb5_princ_realm(context, principal), 
-						  &opt);
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    (char*)password,
-					    krb5_prompter_posix,
-					    NULL,
-					    0,
-					    NULL,
-					    &opt);
-    }
-    krb5_free_host_realm (context, realms);
-    if(ret)
-	return ret;
-
-    return verify_common (context, principal, ccache, secure, service, cred);
+    krb5_verify_opt_init(&opt);
+    
+    krb5_verify_opt_set_ccache(&opt, ccache);
+    krb5_verify_opt_set_secure(&opt, secure);
+    krb5_verify_opt_set_service(&opt, service);
+    krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS);
+    
+    return krb5_verify_user_opt(context, principal, password, &opt);
 }
diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c
index 1f594fb..ec009b2 100644
--- a/crypto/heimdal/lib/krb5/warn.c
+++ b/crypto/heimdal/lib/krb5/warn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -34,8 +34,12 @@
 #include "krb5_locl.h"
 #include <err.h>
 
-RCSID("$Id: warn.c,v 1.11 2000/08/16 07:37:41 assar Exp $");
+RCSID("$Id: warn.c,v 1.13 2001/05/07 21:04:34 assar Exp $");
 
+static krb5_error_code _warnerr(krb5_context context, int do_errtext, 
+	 krb5_error_code code, int level, const char *fmt, va_list ap)
+	__attribute__((__format__(__printf__, 5, 0)));
+	
 static krb5_error_code
 _warnerr(krb5_context context, int do_errtext, 
 	 krb5_error_code code, int level, const char *fmt, va_list ap)
@@ -43,6 +47,7 @@ _warnerr(krb5_context context, int do_errtext,
     char xfmt[7] = "";
     const char *args[2], **arg;
     char *msg = NULL;
+    char *err_str = NULL;
     
     args[0] = args[1] = NULL;
     arg = args;
@@ -60,11 +65,16 @@ _warnerr(krb5_context context, int do_errtext,
 
 	strcat(xfmt, "%s");
 
-	err_msg = krb5_get_err_text(context, code);
-	if (err_msg)
-	    *arg++ = err_msg;
-	else
-	    *arg++ = "<unknown error>";
+	err_str = krb5_get_error_string(context);
+	if (err_str != NULL) {
+	    *arg++ = err_str;
+	} else {
+	    err_msg = krb5_get_err_text(context, code);
+	    if (err_msg)
+		*arg++ = err_msg;
+	    else
+		*arg++ = "<unknown error>";
+	}
     }
 	
     if(context && context->warn_dest)
@@ -72,6 +82,7 @@ _warnerr(krb5_context context, int do_errtext,
     else
 	warnx(xfmt, args[0], args[1]);
     free(msg);
+    free(err_str);
     return 0;
 }
 
diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c
index 2e394b6..16a40f0 100644
--- a/crypto/heimdal/lib/krb5/write_message.c
+++ b/crypto/heimdal/lib/krb5/write_message.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: write_message.c,v 1.6 2000/07/21 23:49:09 joda Exp $");
+RCSID("$Id: write_message.c,v 1.7 2001/05/14 06:14:52 assar Exp $");
 
 krb5_error_code
 krb5_write_message (krb5_context context,
@@ -42,12 +42,16 @@ krb5_write_message (krb5_context context,
 {
     u_int32_t len;
     u_int8_t buf[4];
+    int ret;
 
     len = data->length;
     _krb5_put_int(buf, len, 4);
     if (krb5_net_write (context, p_fd, buf, 4) != 4
-	|| krb5_net_write (context, p_fd, data->data, len) != len)
-	return errno;
+	|| krb5_net_write (context, p_fd, data->data, len) != len) {
+	ret = errno;
+	krb5_set_error_string (context, "write: %s", strerror(ret));
+	return ret;
+    }
     return 0;
 }
 
@@ -59,6 +63,7 @@ krb5_write_priv_message(krb5_context context,
 {
     krb5_error_code ret;
     krb5_data packet;
+
     ret = krb5_mk_priv (context, ac, data, &packet, NULL);
     if(ret)
 	return ret;
diff --git a/crypto/heimdal/lib/otp/ChangeLog b/crypto/heimdal/lib/otp/ChangeLog
new file mode 100644
index 0000000..064d9b9
--- /dev/null
+++ b/crypto/heimdal/lib/otp/ChangeLog
@@ -0,0 +1,71 @@
+2001-01-30  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am (libotp_la_LDFLAGS): bump version to 1:2:1
+
+2001-01-29  Assar Westerlund  <assar@sics.se>
+
+	* otp_md.c: update to new md4/md5/sha API
+
+2000-12-11  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am (INCLUDES): add krb4 includes here, which are
+	somewhat bogusly used when linking against libdes supplied by krb4
+
+2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
+
+	* Makefile.am: bump version to 1:1:1
+
+2000-07-01  Assar Westerlund  <assar@sics.se>
+
+	*  const-ify
+
+2000-02-07  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: update version to 1:0:1
+
+2000-01-26  Assar Westerlund  <assar@sics.se>
+
+	* otp_md.c: update to pseudo-standard APIs for md4,md5,sha.
+	* otp_md.c: start using the pseudo-standard APIs for the hash
+	functions
+
+1999-10-20  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: set version to 0:1:0
+
+Fri Mar 19 14:52:48 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add version-info
+
+Thu Mar 18 11:24:19 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Sat Mar 13 22:27:10 1999  Assar Westerlund  <assar@sics.se>
+
+	* otp_parse.c: unsigned-ify
+
+Sun Nov 22 10:44:16 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Mon May 25 05:27:07 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sat May 23 20:54:28 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: link with DBLIB
+
+Sun Apr 19 09:59:46 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sat Feb  7 07:27:18 1998  Assar Westerlund  <assar@sics.se>
+
+	* otp_db.c (otp_put): make sure we don't overrun `buf'
+
+Sun Nov  9 07:14:59 1997  Assar Westerlund  <assar@sics.se>
+
+	* otp_locl.h: use xdbm.h
+
diff --git a/crypto/heimdal/lib/otp/Makefile.am b/crypto/heimdal/lib/otp/Makefile.am
new file mode 100644
index 0000000..b2bbed4
--- /dev/null
+++ b/crypto/heimdal/lib/otp/Makefile.am
@@ -0,0 +1,29 @@
+# $Id: Makefile.am,v 1.16 2001/01/30 01:54:48 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+noinst_PROGRAMS = otptest
+
+otptest_LDADD = libotp.la \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(DBLIB)
+
+include_HEADERS = otp.h
+
+lib_LTLIBRARIES = libotp.la
+libotp_la_LDFLAGS = -version-info 1:2:1
+
+libotp_la_SOURCES = \
+	otp.c \
+	otp_challenge.c \
+	otp_db.c \
+	otp_md.c \
+	otp_parse.c \
+	otp_print.c \
+	otp_verify.c \
+	otp_locl.h \
+	otp_md.h \
+	roken_rename.h
diff --git a/crypto/heimdal/lib/otp/Makefile.in b/crypto/heimdal/lib/otp/Makefile.in
new file mode 100644
index 0000000..221fbd2
--- /dev/null
+++ b/crypto/heimdal/lib/otp/Makefile.in
@@ -0,0 +1,627 @@
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
+
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+
+@SET_MAKE@
+host_alias = @host_alias@
+host_triplet = @host@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_ = @INCLUDE_@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.16 2001/01/30 01:54:48 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
+
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
+
+AM_CFLAGS =  $(WFLAGS)
+
+CP = cp
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+LIBS = @LIBS@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
+CHECK_LOCAL = $(PROGRAMS)
+
+noinst_PROGRAMS = otptest
+
+otptest_LDADD = libotp.la \
+	$(LIB_des) \
+	$(LIB_roken) \
+	$(DBLIB)
+
+
+include_HEADERS = otp.h
+
+lib_LTLIBRARIES = libotp.la
+libotp_la_LDFLAGS = -version-info 1:2:1
+
+libotp_la_SOURCES = \
+	otp.c \
+	otp_challenge.c \
+	otp_db.c \
+	otp_md.c \
+	otp_parse.c \
+	otp_print.c \
+	otp_verify.c \
+	otp_locl.h \
+	otp_md.h \
+	roken_rename.h
+
+subdir = lib/otp
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+LTLIBRARIES =  $(lib_LTLIBRARIES)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+libotp_la_LIBADD = 
+am_libotp_la_OBJECTS =  otp.lo otp_challenge.lo otp_db.lo otp_md.lo \
+otp_parse.lo otp_print.lo otp_verify.lo
+libotp_la_OBJECTS =  $(am_libotp_la_OBJECTS)
+noinst_PROGRAMS =  otptest$(EXEEXT)
+PROGRAMS =  $(noinst_PROGRAMS)
+
+otptest_SOURCES = otptest.c
+otptest_OBJECTS =  otptest.$(OBJEXT)
+otptest_DEPENDENCIES =  libotp.la
+otptest_LDFLAGS = 
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES =  $(libotp_la_SOURCES) otptest.c
+HEADERS =  $(include_HEADERS)
+
+depcomp = 
+DIST_COMMON =  $(include_HEADERS) ChangeLog Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+GZIP_ENV = --best
+SOURCES = $(libotp_la_SOURCES) otptest.c
+OBJECTS = $(am_libotp_la_OBJECTS) otptest.$(OBJEXT)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/otp/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-libLTLIBRARIES:
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+
+distclean-libLTLIBRARIES:
+
+maintainer-clean-libLTLIBRARIES:
+
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(libdir)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \
+	  else :; fi; \
+	done
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  echo " $(LIBTOOL)  --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
+	  $(LIBTOOL)  --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
+	done
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+libotp.la: $(libotp_la_OBJECTS) $(libotp_la_DEPENDENCIES)
+	$(LINK) -rpath $(libdir) $(libotp_la_LDFLAGS) $(libotp_la_OBJECTS) $(libotp_la_LIBADD) $(LIBS)
+
+mostlyclean-noinstPROGRAMS:
+
+clean-noinstPROGRAMS:
+	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+
+distclean-noinstPROGRAMS:
+
+maintainer-clean-noinstPROGRAMS:
+
+otptest$(EXEEXT): $(otptest_OBJECTS) $(otptest_DEPENDENCIES)
+	@rm -f otptest$(EXEEXT)
+	$(LINK) $(otptest_LDFLAGS) $(otptest_OBJECTS) $(otptest_LDADD) $(LIBS)
+.c.o:
+	$(COMPILE) -c $<
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+.c.lo:
+	$(LTCOMPILE) -c -o $@ $<
+
+install-includeHEADERS: $(include_HEADERS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(includedir)
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \
+	  f="`echo $$p | sed -e 's|^.*/||'`"; \
+	  echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
+	  $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f; \
+	done
+
+uninstall-includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  f="`echo $$p | sed -e 's|^.*/||'`"; \
+	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
+	  rm -f $(DESTDIR)$(includedir)/$$f; \
+	done
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
+
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pR $$d/$$file $(distdir) \
+	    || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-libLTLIBRARIES
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-includeHEADERS install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-libLTLIBRARIES uninstall-includeHEADERS
+uninstall: uninstall-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+	-rm -f Makefile.in
+mostlyclean-am:  mostlyclean-libLTLIBRARIES mostlyclean-compile \
+		mostlyclean-libtool mostlyclean-noinstPROGRAMS \
+		mostlyclean-tags mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-libLTLIBRARIES clean-compile clean-libtool \
+		clean-noinstPROGRAMS clean-tags clean-generic \
+		mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-libLTLIBRARIES distclean-compile \
+		distclean-libtool distclean-noinstPROGRAMS \
+		distclean-tags distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-libLTLIBRARIES \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-noinstPROGRAMS maintainer-clean-tags \
+		maintainer-clean-generic distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \
+clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \
+uninstall-libLTLIBRARIES install-libLTLIBRARIES mostlyclean-compile \
+distclean-compile clean-compile maintainer-clean-compile \
+mostlyclean-libtool distclean-libtool clean-libtool \
+maintainer-clean-libtool mostlyclean-noinstPROGRAMS \
+distclean-noinstPROGRAMS clean-noinstPROGRAMS \
+maintainer-clean-noinstPROGRAMS uninstall-includeHEADERS \
+install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \
+maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \
+check-am installcheck-am installcheck install-exec-am install-exec \
+install-data-local install-data-am install-data install-am install \
+uninstall-am uninstall all-local all-redirect all-am all install-strip \
+installdirs mostlyclean-generic distclean-generic clean-generic \
+maintainer-clean-generic clean mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	echo "*"; \
+	echo "* Failed to install $$x setuid root"; \
+	echo "*"; \
+	fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(CP) $$file $(buildinclude)/$$f"; \
+			$(CP) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/heimdal/lib/otp/otp.c b/crypto/heimdal/lib/otp/otp.c
new file mode 100644
index 0000000..746f3cb
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp.c,v 1.8 2000/07/12 00:26:43 assar Exp $");
+#endif
+
+#include "otp_locl.h"
+#include "otp_md.h"
+
+static OtpAlgorithm algorithms[] = {
+  {OTP_ALG_MD4, "md4", 16, otp_md4_hash, otp_md4_init, otp_md4_next},
+  {OTP_ALG_MD5, "md5", 16, otp_md5_hash, otp_md5_init, otp_md5_next},
+  {OTP_ALG_SHA, "sha", 20, otp_sha_hash, otp_sha_init, otp_sha_next}
+};
+
+OtpAlgorithm *
+otp_find_alg (char *name)
+{
+  int i;
+
+  for (i = 0; i < sizeof(algorithms)/sizeof(*algorithms); ++i)
+    if (strcmp (name, algorithms[i].name) == 0)
+      return &algorithms[i];
+  return NULL;
+}
+
+char *
+otp_error (OtpContext *o)
+{
+  return o->err;
+}
diff --git a/crypto/heimdal/lib/otp/otp.h b/crypto/heimdal/lib/otp/otp.h
new file mode 100644
index 0000000..e813458
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp.h
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: otp.h,v 1.19 2000/07/12 00:26:43 assar Exp $ */
+
+#ifndef _OTP_H
+#define _OTP_H
+
+#include <stdlib.h>
+#include <time.h>
+
+enum {OTPKEYSIZE = 8};
+
+typedef unsigned char OtpKey[OTPKEYSIZE];
+
+#define OTP_MIN_PASSPHRASE 10
+#define OTP_MAX_PASSPHRASE 63
+
+#define OTP_USER_TIMEOUT   120
+#define OTP_DB_TIMEOUT      60
+
+#define OTP_HEXPREFIX "hex:"
+#define OTP_WORDPREFIX "word:"
+
+typedef enum { OTP_ALG_MD4, OTP_ALG_MD5, OTP_ALG_SHA } OtpAlgID;
+
+#define OTP_ALG_DEFAULT "md5"
+
+typedef struct {
+  OtpAlgID id;
+  char *name;
+  int hashsize;
+  int (*hash)(const char *s, size_t len, unsigned char *res);
+  int (*init)(OtpKey key, const char *pwd, const char *seed);
+  int (*next)(OtpKey key);
+} OtpAlgorithm;
+
+typedef struct {
+  char *user;
+  OtpAlgorithm *alg;
+  unsigned n;
+  char seed[17];
+  OtpKey key;
+  int challengep;
+  time_t lock_time;
+  char *err;
+} OtpContext;
+
+OtpAlgorithm *otp_find_alg (char *name);
+void otp_print_stddict (OtpKey key, char *str, size_t sz);
+void otp_print_hex (OtpKey key, char *str, size_t sz);
+void otp_print_stddict_extended (OtpKey key, char *str, size_t sz);
+void otp_print_hex_extended (OtpKey key, char *str, size_t sz);
+unsigned otp_checksum (OtpKey key);
+int otp_parse_hex (OtpKey key, const char *);
+int otp_parse_stddict (OtpKey key, const char *);
+int otp_parse_altdict (OtpKey key, const char *, OtpAlgorithm *);
+int otp_parse (OtpKey key, const char *, OtpAlgorithm *);
+int otp_challenge (OtpContext *ctx, char *user, char *str, size_t len);
+int otp_verify_user (OtpContext *ctx, const char *passwd);
+int otp_verify_user_1 (OtpContext *ctx, const char *passwd);
+char *otp_error (OtpContext *ctx);
+
+void *otp_db_open (void);
+void otp_db_close (void *);
+int otp_put (void *, OtpContext *ctx);
+int otp_get (void *, OtpContext *ctx);
+int otp_simple_get (void *, OtpContext *ctx);
+int otp_delete (void *, OtpContext *ctx);
+
+#endif /* _OTP_H */
diff --git a/crypto/heimdal/lib/otp/otp_challenge.c b/crypto/heimdal/lib/otp/otp_challenge.c
new file mode 100644
index 0000000..3507c4f
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_challenge.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp_challenge.c,v 1.10 1999/12/02 16:58:44 joda Exp $");
+#endif
+
+#include "otp_locl.h"
+
+int
+otp_challenge (OtpContext *ctx, char *user, char *str, size_t len)
+{
+  void *dbm;
+  int ret;
+
+  ctx->challengep = 0;
+  ctx->err = NULL;
+  ctx->user = malloc(strlen(user) + 1);
+  if (ctx->user == NULL) {
+    ctx->err = "Out of memory";
+    return -1;
+  }
+  strcpy(ctx->user, user);
+  dbm = otp_db_open ();
+  if (dbm == NULL) {
+    ctx->err = "Cannot open database";
+    return -1;
+  }
+  ret = otp_get (dbm, ctx);
+  otp_db_close (dbm);
+  if (ret)
+    return ret;
+  snprintf (str, len,
+	    "[ otp-%s %u %s ]",
+	    ctx->alg->name, ctx->n-1, ctx->seed);
+  ctx->challengep = 1;
+  return 0;
+}
diff --git a/crypto/heimdal/lib/otp/otp_db.c b/crypto/heimdal/lib/otp/otp_db.c
new file mode 100644
index 0000000..3cc5d849
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_db.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp_db.c,v 1.17 1999/12/02 16:58:44 joda Exp $");
+#endif
+
+#include "otp_locl.h"
+
+#define RETRIES 5
+
+void *
+otp_db_open (void)
+{
+  int lock;
+  int i;
+  void *ret;
+
+  for(i = 0; i < RETRIES; ++i) {
+    struct stat statbuf;
+
+    lock = open (OTP_DB_LOCK, O_WRONLY | O_CREAT | O_EXCL, 0666);
+    if (lock >= 0) {
+      close(lock);
+      break;
+    }
+    if (stat (OTP_DB_LOCK, &statbuf) == 0) {
+      if (time(NULL) - statbuf.st_mtime > OTP_DB_TIMEOUT)
+	unlink (OTP_DB_LOCK);
+      else
+	sleep (1);
+    }
+  }
+  if (i == RETRIES)
+    return NULL;
+  ret = dbm_open (OTP_DB, O_RDWR | O_CREAT, 0600);
+  if (ret == NULL)
+    unlink (OTP_DB_LOCK);
+  return ret;
+}
+
+void
+otp_db_close (void *dbm)
+{
+  dbm_close ((DBM *)dbm);
+  unlink (OTP_DB_LOCK);
+}
+
+/*
+ * Remove this entry from the database.
+ * return 0 if ok.
+ */
+
+int 
+otp_delete (void *v, OtpContext *ctx)
+{
+  DBM *dbm = (DBM *)v;
+  datum key;
+
+  key.dsize = strlen(ctx->user);
+  key.dptr  = ctx->user;
+ 
+  return dbm_delete(dbm, key);
+}
+
+/*
+ * Read this entry from the database and lock it if lockp.
+ */
+
+static int
+otp_get_internal (void *v, OtpContext *ctx, int lockp)
+{
+  DBM *dbm = (DBM *)v;
+  datum dat, key;
+  char *p;
+  time_t now, then;
+
+  key.dsize = strlen(ctx->user);
+  key.dptr  = ctx->user;
+
+  dat = dbm_fetch (dbm, key);
+  if (dat.dptr == NULL) {
+    ctx->err = "Entry not found";
+    return -1;
+  }
+  p = dat.dptr;
+
+  memcpy (&then, p, sizeof(then));
+  ctx->lock_time = then;
+  if (lockp) {
+    time(&now);
+    if (then && now - then < OTP_USER_TIMEOUT) {
+      ctx->err = "Entry locked";
+      return -1;
+    }
+    memcpy (p, &now, sizeof(now));
+  }
+  p += sizeof(now);
+  ctx->alg = otp_find_alg (p);
+  if (ctx->alg == NULL) {
+    ctx->err = "Bad algorithm";
+    return -1;
+  }
+  p += strlen(p) + 1;
+  {
+    unsigned char *up = (unsigned char *)p;
+    ctx->n = (up[0] << 24) | (up[1] << 16) | (up[2] << 8) | up[3];
+  }
+  p += 4;
+  memcpy (ctx->key, p, OTPKEYSIZE);
+  p += OTPKEYSIZE;
+  strlcpy (ctx->seed, p, sizeof(ctx->seed));
+  if (lockp)
+    return dbm_store (dbm, key, dat, DBM_REPLACE);
+  else
+    return 0;
+}
+
+/*
+ * Get and lock.
+ */
+
+int
+otp_get (void *v, OtpContext *ctx)
+{
+  return otp_get_internal (v, ctx, 1);
+}
+
+/*
+ * Get and don't lock.
+ */
+
+int
+otp_simple_get (void *v, OtpContext *ctx)
+{
+  return otp_get_internal (v, ctx, 0);
+}
+
+/*
+ * Write this entry to the database.
+ */
+
+int
+otp_put (void *v, OtpContext *ctx)
+{
+  DBM *dbm = (DBM *)v;
+  datum dat, key;
+  char buf[1024], *p;
+  time_t zero = 0;
+  size_t len, rem;
+
+  key.dsize = strlen(ctx->user);
+  key.dptr  = ctx->user;
+
+  p = buf;
+  rem = sizeof(buf);
+
+  if (rem < sizeof(zero))
+      return -1;
+  memcpy (p, &zero, sizeof(zero));
+  p += sizeof(zero);
+  rem -= sizeof(zero);
+  len = strlen(ctx->alg->name) + 1;
+
+  if (rem < len)
+      return -1;
+  strcpy (p, ctx->alg->name);
+  p += len;
+  rem -= len;
+
+  if (rem < 4)
+      return -1;
+  {
+    unsigned char *up = (unsigned char *)p;
+    *up++ = (ctx->n >> 24) & 0xFF;
+    *up++ = (ctx->n >> 16) & 0xFF;
+    *up++ = (ctx->n >>  8) & 0xFF;
+    *up++ = (ctx->n >>  0) & 0xFF;
+  }
+  p += 4;
+  rem -= 4;
+
+  if (rem < OTPKEYSIZE)
+      return -1;
+  memcpy (p, ctx->key, OTPKEYSIZE);
+  p += OTPKEYSIZE;
+  rem -= OTPKEYSIZE;
+
+  len = strlen(ctx->seed) + 1;
+  if (rem < len)
+      return -1;
+  strcpy (p, ctx->seed);
+  p += len;
+  rem -= len;
+  dat.dptr  = buf;
+  dat.dsize = p - buf;
+  return dbm_store (dbm, key, dat, DBM_REPLACE);
+}
diff --git a/crypto/heimdal/lib/otp/otp_locl.h b/crypto/heimdal/lib/otp/otp_locl.h
new file mode 100644
index 0000000..391d04e
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_locl.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: otp_locl.h,v 1.11 1999/12/02 16:58:44 joda Exp $ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#include <roken.h>
+
+#include <otp.h>
+
+#include <xdbm.h>
+
+#define OTPKEYS "/.otpkeys"
+
+#define OTP_DB "/etc/otp"
+#define OTP_DB_LOCK "/etc/otp-lock"
diff --git a/crypto/heimdal/lib/otp/otp_md.c b/crypto/heimdal/lib/otp/otp_md.c
new file mode 100644
index 0000000..d408fcd
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_md.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp_md.c,v 1.14 2001/01/29 05:55:18 assar Exp $");
+#endif
+#include "otp_locl.h"
+
+#include "otp_md.h"
+#ifdef HAVE_OPENSSL_MD4_H
+#include <openssl/md4.h>
+#else
+#include <md4.h>
+#endif
+#ifdef HAVE_OPENSSL_MD5_H
+#include <openssl/md5.h>
+#else
+#include <md5.h>
+#endif
+#ifdef HAVE_OPENSSL_SHA_H
+#include <openssl/sha.h>
+#else
+#include <sha.h>
+#endif
+
+/*
+ * Compress len bytes from md into key
+ */
+
+static void
+compressmd (OtpKey key, unsigned char *md, size_t len)
+{
+  u_char *p = key;
+
+  memset (p, 0, OTPKEYSIZE);
+  while(len) {
+    *p++ ^= *md++;
+    *p++ ^= *md++;
+    *p++ ^= *md++;
+    *p++ ^= *md++;
+    len -= 4;
+    if (p == key + OTPKEYSIZE)
+      p = key;
+  }
+}
+
+static int
+otp_md_init (OtpKey key,
+	     const char *pwd,
+	     const char *seed,
+	     void (*init)(void *),
+	     void (*update)(void *, const void *, size_t),
+	     void (*final)(void *, void *),
+	     void *arg,
+	     unsigned char *res,
+	     size_t ressz)
+{
+  char *p;
+  int len;
+
+  len = strlen(pwd) + strlen(seed);
+  p = malloc (len + 1);
+  if (p == NULL)
+    return -1;
+  strcpy (p, seed);
+  strlwr (p);
+  strcat (p, pwd);
+  (*init)(arg);
+  (*update)(arg, p, len);
+  (*final)(res, arg);
+  free (p);
+  compressmd (key, res, ressz);
+  return 0;
+}
+
+static int
+otp_md_next (OtpKey key,
+	     void (*init)(void *),
+	     void (*update)(void *, const void *, size_t),
+	     void (*final)(void *, void *),
+	     void *arg,
+	     unsigned char *res,
+	     size_t ressz)
+{
+  (*init)(arg);
+  (*update)(arg, key, OTPKEYSIZE);
+  (*final)(res, arg);
+  compressmd (key, res, ressz);
+  return 0;
+}
+
+static int
+otp_md_hash (const char *data,
+	     size_t len,
+	     void (*init)(void *),
+	     void (*update)(void *, const void *, size_t),
+	     void (*final)(void *, void *),
+	     void *arg,
+	     unsigned char *res,
+	     size_t ressz)
+{
+  (*init)(arg);
+  (*update)(arg, data, len);
+  (*final)(res, arg);
+  return 0;
+}
+
+int
+otp_md4_init (OtpKey key, const char *pwd, const char *seed)
+{
+  unsigned char res[16];
+  MD4_CTX md4;
+
+  return otp_md_init (key, pwd, seed,
+		      (void (*)(void *))MD4_Init,
+		      (void (*)(void *, const void *, size_t))MD4_Update, 
+		      (void (*)(void *, void *))MD4_Final,
+		      &md4, res, sizeof(res));
+}
+
+int
+otp_md4_hash (const char *data,
+	      size_t len,
+	      unsigned char *res)
+{
+  MD4_CTX md4;
+
+  return otp_md_hash (data, len,
+		      (void (*)(void *))MD4_Init,
+		      (void (*)(void *, const void *, size_t))MD4_Update, 
+		      (void (*)(void *, void *))MD4_Final,
+		      &md4, res, 16);
+}
+
+int
+otp_md4_next (OtpKey key)
+{
+  unsigned char res[16];
+  MD4_CTX md4;
+
+  return otp_md_next (key, 
+		      (void (*)(void *))MD4_Init, 
+		      (void (*)(void *, const void *, size_t))MD4_Update, 
+		      (void (*)(void *, void *))MD4_Final,
+		      &md4, res, sizeof(res));
+}
+
+
+int
+otp_md5_init (OtpKey key, const char *pwd, const char *seed)
+{
+  unsigned char res[16];
+  MD5_CTX md5;
+
+  return otp_md_init (key, pwd, seed, 
+		      (void (*)(void *))MD5_Init, 
+		      (void (*)(void *, const void *, size_t))MD5_Update, 
+		      (void (*)(void *, void *))MD5_Final,
+		      &md5, res, sizeof(res));
+}
+
+int
+otp_md5_hash (const char *data,
+	      size_t len,
+	      unsigned char *res)
+{
+  MD5_CTX md5;
+
+  return otp_md_hash (data, len,
+		      (void (*)(void *))MD5_Init,
+		      (void (*)(void *, const void *, size_t))MD5_Update, 
+		      (void (*)(void *, void *))MD5_Final,
+		      &md5, res, 16);
+}
+
+int
+otp_md5_next (OtpKey key)
+{
+  unsigned char res[16];
+  MD5_CTX md5;
+
+  return otp_md_next (key, 
+		      (void (*)(void *))MD5_Init, 
+		      (void (*)(void *, const void *, size_t))MD5_Update, 
+		      (void (*)(void *, void *))MD5_Final,
+		      &md5, res, sizeof(res));
+}
+
+/* 
+ * For histerical reasons, in the OTP definition it's said that the
+ * result from SHA must be stored in little-endian order.  See
+ * draft-ietf-otp-01.txt.
+ */
+
+static void
+SHA1_Final_little_endian (void *res, SHA_CTX *m)
+{
+  unsigned char tmp[20];
+  unsigned char *p = res;
+  int j;
+
+  SHA1_Final (tmp, m);
+  for (j = 0; j < 20; j += 4) {
+    p[j]   = tmp[j+3];
+    p[j+1] = tmp[j+2];
+    p[j+2] = tmp[j+1];
+    p[j+3] = tmp[j];
+  }
+}
+
+int
+otp_sha_init (OtpKey key, const char *pwd, const char *seed)
+{
+  unsigned char res[20];
+  SHA_CTX sha1;
+
+  return otp_md_init (key, pwd, seed, 
+		      (void (*)(void *))SHA1_Init, 
+		      (void (*)(void *, const void *, size_t))SHA1_Update, 
+		      (void (*)(void *, void *))SHA1_Final_little_endian,
+		      &sha1, res, sizeof(res));
+}
+
+int
+otp_sha_hash (const char *data,
+	      size_t len,
+	      unsigned char *res)
+{
+  SHA_CTX sha1;
+
+  return otp_md_hash (data, len,
+		      (void (*)(void *))SHA1_Init,
+		      (void (*)(void *, const void *, size_t))SHA1_Update, 
+		      (void (*)(void *, void *))SHA1_Final_little_endian,
+		      &sha1, res, 20);
+}
+
+int
+otp_sha_next (OtpKey key)
+{
+  unsigned char res[20];
+  SHA_CTX sha1;
+
+  return otp_md_next (key, 
+		      (void (*)(void *))SHA1_Init,
+		      (void (*)(void *, const void *, size_t))SHA1_Update,
+		      (void (*)(void *, void *))SHA1_Final_little_endian,
+		      &sha1, res, sizeof(res));
+}
diff --git a/crypto/heimdal/lib/otp/otp_md.h b/crypto/heimdal/lib/otp/otp_md.h
new file mode 100644
index 0000000..5732606
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_md.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: otp_md.h,v 1.7 2000/07/12 00:26:44 assar Exp $ */
+
+int otp_md4_init (OtpKey key, const char *pwd, const char *seed);
+int otp_md4_hash (const char *, size_t, unsigned char *res);
+int otp_md4_next (OtpKey key);
+
+int otp_md5_init (OtpKey key, const char *pwd, const char *seed);
+int otp_md5_hash (const char *, size_t, unsigned char *res);
+int otp_md5_next (OtpKey key);
+
+int otp_sha_init (OtpKey key, const char *pwd, const char *seed);
+int otp_sha_hash (const char *, size_t, unsigned char *res);
+int otp_sha_next (OtpKey key);
diff --git a/crypto/heimdal/lib/otp/otp_parse.c b/crypto/heimdal/lib/otp/otp_parse.c
new file mode 100644
index 0000000..cc69de5
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_parse.c
@@ -0,0 +1,2515 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp_parse.c,v 1.20 2000/07/01 13:58:38 assar Exp $");
+#endif
+
+#include "otp_locl.h"
+
+struct e {
+  char *s;
+  unsigned n;
+};
+
+extern const struct e inv_std_dict[2048];
+
+static int
+cmp(const void *a, const void *b)
+{
+  struct e *e1, *e2;
+  
+  e1 = (struct e *)a;
+  e2 = (struct e *)b;
+  return strcasecmp (e1->s, e2->s);
+}
+
+static int
+get_stdword (const char *s, void *v)
+{
+  struct e e, *r;
+
+  e.s = (char *)s;
+  e.n = -1;
+  r = (struct e *) bsearch (&e, inv_std_dict,
+			    sizeof(inv_std_dict)/sizeof(*inv_std_dict),
+			    sizeof(*inv_std_dict), cmp);
+  if (r)
+    return r->n;
+  else
+    return -1;
+}
+
+static void
+compress (OtpKey key, unsigned wn[])
+{
+  key[0] = wn[0] >> 3;
+  key[1] = ((wn[0] & 0x07) << 5) | (wn[1] >> 6);
+  key[2] = ((wn[1] & 0x3F) << 2) | (wn[2] >> 9);
+  key[3] = ((wn[2] >> 1) & 0xFF);
+  key[4] = ((wn[2] & 0x01) << 7) | (wn[3] >> 4);
+  key[5] = ((wn[3] & 0x0F) << 4) | (wn[4] >> 7);
+  key[6] = ((wn[4] & 0x7F) << 1) | (wn[5] >> 10);
+  key[7] = ((wn[5] >> 2) & 0xFF);
+}
+
+static int
+get_altword (const char *s, void *a)
+{
+  OtpAlgorithm *alg = (OtpAlgorithm *)a;
+  int ret;
+  unsigned char *res = malloc(alg->hashsize);
+
+  if (res == NULL)
+    return -1;
+  alg->hash (s, strlen(s), res);
+  ret = (unsigned)(res[alg->hashsize - 1]) | 
+      ((res[alg->hashsize - 2] & 0x03) << 8);
+  free (res);
+  return ret;
+}
+
+static int
+parse_words(unsigned wn[],
+	    const char *str,
+	    int (*convert)(const char *, void *),
+	    void *arg)
+{
+  unsigned char *w, *wend, c;
+  int i;
+  int tmp;
+
+  w = (unsigned char *)str;
+  for (i = 0; i < 6; ++i) {
+    while (isspace(*w))
+      ++w;
+    wend = w;
+    while (isalpha (*wend))
+      ++wend;
+    c = *wend;
+    *wend = '\0';
+    tmp = (*convert)((char *)w, arg);
+    *wend = c;
+    w = wend;
+    if (tmp < 0)
+      return -1;
+    wn[i] = tmp;
+  }
+  return 0;
+}
+
+static int
+otp_parse_internal (OtpKey key, const char *str,
+		    OtpAlgorithm *alg,
+		    int (*convert)(const char *, void *))
+{
+  unsigned wn[6];
+
+  if (parse_words (wn, str, convert, alg))
+    return -1;
+  compress (key, wn);
+  if (otp_checksum (key) != (wn[5] & 0x03))
+    return -1;
+  return 0;
+}
+
+int
+otp_parse_stddict (OtpKey key, const char *str)
+{
+  return otp_parse_internal (key, str, NULL, get_stdword);
+}
+
+int
+otp_parse_altdict (OtpKey key, const char *str, OtpAlgorithm *alg)
+{
+  return otp_parse_internal (key, str, alg, get_altword);
+}
+
+int
+otp_parse_hex (OtpKey key, const char *s)
+{
+  char buf[17], *b;
+  int is[8];
+  int i;
+
+  b = buf;
+  while (*s) {
+    if (strchr ("0123456789ABCDEFabcdef", *s)) {
+      if (b - buf >= 16)
+	return -1;
+      else
+	*b++ = tolower(*s);
+    }
+    s++;
+  }
+  *b = '\0';
+  if (sscanf (buf, "%2x%2x%2x%2x%2x%2x%2x%2x",
+	      &is[0], &is[1], &is[2], &is[3], &is[4],
+	      &is[5], &is[6], &is[7]) != 8)
+    return -1;
+  for (i = 0; i < OTPKEYSIZE; ++i)
+    key[i] = is[i];
+  return 0;
+}
+
+int
+otp_parse (OtpKey key, const char *s, OtpAlgorithm *alg)
+{
+  int ret;
+  int dohex = 1;
+
+  if (strncmp (s, OTP_HEXPREFIX, strlen(OTP_HEXPREFIX)) == 0)
+    return otp_parse_hex (key, s + strlen(OTP_HEXPREFIX));
+  if (strncmp (s, OTP_WORDPREFIX, strlen(OTP_WORDPREFIX)) == 0) {
+    s += strlen(OTP_WORDPREFIX);
+    dohex = 0;
+  }
+
+  ret = otp_parse_stddict (key, s);
+  if (ret)
+    ret = otp_parse_altdict (key, s, alg);
+  if (ret && dohex)
+    ret = otp_parse_hex (key, s);
+  return ret;
+}
+
+const char *const std_dict[2048] =
+{        "A",    "ABE",   "ACE",   "ACT",   "AD",    "ADA",   "ADD",
+"AGO",   "AID",  "AIM",   "AIR",   "ALL",   "ALP",   "AM",    "AMY",
+"AN",    "ANA",  "AND",   "ANN",   "ANT",   "ANY",   "APE",   "APS",
+"APT",   "ARC",  "ARE",   "ARK",   "ARM",   "ART",   "AS",    "ASH",
+"ASK",   "AT",   "ATE",   "AUG",   "AUK",   "AVE",   "AWE",   "AWK",
+"AWL",   "AWN",  "AX",    "AYE",   "BAD",   "BAG",   "BAH",   "BAM",
+"BAN",   "BAR",  "BAT",   "BAY",   "BE",    "BED",   "BEE",   "BEG",
+"BEN",   "BET",  "BEY",   "BIB",   "BID",   "BIG",   "BIN",   "BIT",
+"BOB",   "BOG",  "BON",   "BOO",   "BOP",   "BOW",   "BOY",   "BUB",
+"BUD",   "BUG",  "BUM",   "BUN",   "BUS",   "BUT",   "BUY",   "BY",
+"BYE",   "CAB",  "CAL",   "CAM",   "CAN",   "CAP",   "CAR",   "CAT",
+"CAW",   "COD",  "COG",   "COL",   "CON",   "COO",   "COP",   "COT",
+"COW",   "COY",  "CRY",   "CUB",   "CUE",   "CUP",   "CUR",   "CUT",
+"DAB",   "DAD",  "DAM",   "DAN",   "DAR",   "DAY",   "DEE",   "DEL",
+"DEN",   "DES",  "DEW",   "DID",   "DIE",   "DIG",   "DIN",   "DIP",
+"DO",    "DOE",  "DOG",   "DON",   "DOT",   "DOW",   "DRY",   "DUB",
+"DUD",   "DUE",  "DUG",   "DUN",   "EAR",   "EAT",   "ED",    "EEL",
+"EGG",   "EGO",  "ELI",   "ELK",   "ELM",   "ELY",   "EM",    "END",
+"EST",   "ETC",  "EVA",   "EVE",   "EWE",   "EYE",   "FAD",   "FAN",
+"FAR",   "FAT",  "FAY",   "FED",   "FEE",   "FEW",   "FIB",   "FIG",
+"FIN",   "FIR",  "FIT",   "FLO",   "FLY",   "FOE",   "FOG",   "FOR",
+"FRY",   "FUM",  "FUN",   "FUR",   "GAB",   "GAD",   "GAG",   "GAL",
+"GAM",   "GAP",  "GAS",   "GAY",   "GEE",   "GEL",   "GEM",   "GET",
+"GIG",   "GIL",  "GIN",   "GO",    "GOT",   "GUM",   "GUN",   "GUS",
+"GUT",   "GUY",  "GYM",   "GYP",   "HA",    "HAD",   "HAL",   "HAM",
+"HAN",   "HAP",  "HAS",   "HAT",   "HAW",   "HAY",   "HE",    "HEM",
+"HEN",   "HER",  "HEW",   "HEY",   "HI",    "HID",   "HIM",   "HIP",
+"HIS",   "HIT",  "HO",    "HOB",   "HOC",   "HOE",   "HOG",   "HOP",
+"HOT",   "HOW",  "HUB",   "HUE",   "HUG",   "HUH",   "HUM",   "HUT",
+"I",     "ICY",  "IDA",   "IF",    "IKE",   "ILL",   "INK",   "INN",
+"IO",    "ION",  "IQ",    "IRA",   "IRE",   "IRK",   "IS",    "IT",
+"ITS",   "IVY",  "JAB",   "JAG",   "JAM",   "JAN",   "JAR",   "JAW",
+"JAY",   "JET",  "JIG",   "JIM",   "JO",    "JOB",   "JOE",   "JOG",
+"JOT",   "JOY",  "JUG",   "JUT",   "KAY",   "KEG",   "KEN",   "KEY",
+"KID",   "KIM",  "KIN",   "KIT",   "LA",    "LAB",   "LAC",   "LAD",
+"LAG",   "LAM",  "LAP",   "LAW",   "LAY",   "LEA",   "LED",   "LEE",
+"LEG",   "LEN",  "LEO",   "LET",   "LEW",   "LID",   "LIE",   "LIN",
+"LIP",   "LIT",  "LO",    "LOB",   "LOG",   "LOP",   "LOS",   "LOT",
+"LOU",   "LOW",  "LOY",   "LUG",   "LYE",   "MA",    "MAC",   "MAD",
+"MAE",   "MAN",  "MAO",   "MAP",   "MAT",   "MAW",   "MAY",   "ME",
+"MEG",   "MEL",  "MEN",   "MET",   "MEW",   "MID",   "MIN",   "MIT",
+"MOB",   "MOD",  "MOE",   "MOO",   "MOP",   "MOS",   "MOT",   "MOW",
+"MUD",   "MUG",  "MUM",   "MY",    "NAB",   "NAG",   "NAN",   "NAP",
+"NAT",   "NAY",  "NE",    "NED",   "NEE",   "NET",   "NEW",   "NIB",
+"NIIL",  "NIP",  "NIT",   "NO",    "NOB",   "NOD",   "NON",   "NOR",
+"NOT",   "NOV",  "NOW",   "NU",    "NUN",   "NUT",   "O",     "OAF",
+"OAK",   "OAR",  "OAT",   "ODD",   "ODE",   "OF",    "OFF",   "OFT",
+"OH",    "OIL",  "OK",    "OLD",   "ON",    "ONE",   "OR",    "ORB",
+"ORE",   "ORR",  "OS",    "OTT",   "OUR",   "OUT",   "OVA",   "OW",
+"OWE",   "OWL",  "OWN",   "OX",    "PA",    "PAD",   "PAL",   "PAM",
+"PAN",   "PAP",  "PAR",   "PAT",   "PAW",   "PAY",   "PEA",   "PEG",
+"PEN",   "PEP",  "PER",   "PET",   "PEW",   "PHI",   "PI",    "PIE",
+"PIN",   "PIT",  "PLY",   "PO",    "POD",   "POE",   "POP",   "POT",
+"POW",   "PRO",  "PRY",   "PUB",   "PUG",   "PUN",   "PUP",   "PUT",
+"QUO",   "RAG",  "RAM",   "RAN",   "RAP",   "RAT",   "RAW",   "RAY",
+"REB",   "RED",  "REP",   "RET",   "RIB",   "RID",   "RIG",   "RIM",
+"RIO",   "RIP",  "ROB",   "ROD",   "ROE",   "RON",   "ROT",   "ROW",
+"ROY",   "RUB",  "RUE",   "RUG",   "RUM",   "RUN",   "RYE",   "SAC",
+"SAD",   "SAG",  "SAL",   "SAM",   "SAN",   "SAP",   "SAT",   "SAW",
+"SAY",   "SEA",  "SEC",   "SEE",   "SEN",   "SET",   "SEW",   "SHE",
+"SHY",   "SIN",  "SIP",   "SIR",   "SIS",   "SIT",   "SKI",   "SKY",
+"SLY",   "SO",   "SOB",   "SOD",   "SON",   "SOP",   "SOW",   "SOY",
+"SPA",   "SPY",  "SUB",   "SUD",   "SUE",   "SUM",   "SUN",   "SUP",
+"TAB",   "TAD",  "TAG",   "TAN",   "TAP",   "TAR",   "TEA",   "TED",
+"TEE",   "TEN",  "THE",   "THY",   "TIC",   "TIE",   "TIM",   "TIN",
+"TIP",   "TO",   "TOE",   "TOG",   "TOM",   "TON",   "TOO",   "TOP",
+"TOW",   "TOY",  "TRY",   "TUB",   "TUG",   "TUM",   "TUN",   "TWO",
+"UN",    "UP",   "US",    "USE",   "VAN",   "VAT",   "VET",   "VIE",
+"WAD",   "WAG",  "WAR",   "WAS",   "WAY",   "WE",    "WEB",   "WED",
+"WEE",   "WET",  "WHO",   "WHY",   "WIN",   "WIT",   "WOK",   "WON",
+"WOO",   "WOW",  "WRY",   "WU",    "YAM",   "YAP",   "YAW",   "YE",
+"YEA",   "YES",  "YET",   "YOU",   "ABED",  "ABEL",  "ABET",  "ABLE",
+"ABUT",  "ACHE",  "ACID", "ACME",  "ACRE",  "ACTA",  "ACTS",  "ADAM",
+"ADDS",  "ADEN",  "AFAR", "AFRO",  "AGEE",  "AHEM",  "AHOY",  "AIDA",
+"AIDE",  "AIDS",  "AIRY", "AJAR",  "AKIN",  "ALAN",  "ALEC",  "ALGA",
+"ALIA",  "ALLY",  "ALMA", "ALOE",  "ALSO",  "ALTO",  "ALUM",  "ALVA",
+"AMEN",  "AMES",  "AMID", "AMMO",  "AMOK",  "AMOS",  "AMRA",  "ANDY",
+"ANEW",  "ANNA",  "ANNE", "ANTE",  "ANTI",  "AQUA",  "ARAB",  "ARCH",
+"AREA",  "ARGO",  "ARID", "ARMY",  "ARTS",  "ARTY",  "ASIA",  "ASKS",
+"ATOM",  "AUNT",  "AURA", "AUTO",  "AVER",  "AVID",  "AVIS",  "AVON",
+"AVOW",  "AWAY",  "AWRY", "BABE",  "BABY",  "BACH",  "BACK",  "BADE",
+"BAIL",  "BAIT",  "BAKE", "BALD",  "BALE",  "BALI",  "BALK",  "BALL",
+"BALM",  "BAND",  "BANE", "BANG",  "BANK",  "BARB",  "BARD",  "BARE",
+"BARK",  "BARN",  "BARR", "BASE",  "BASH",  "BASK",  "BASS",  "BATE",
+"BATH",  "BAWD",  "BAWL", "BEAD",  "BEAK",  "BEAM",  "BEAN",  "BEAR",
+"BEAT",  "BEAU",  "BECK", "BEEF",  "BEEN",  "BEER",  "BEET",  "BELA",
+"BELL",  "BELT",  "BEND", "BENT",  "BERG",  "BERN",  "BERT",  "BESS",
+"BEST",  "BETA",  "BETH", "BHOY",  "BIAS",  "BIDE",  "BIEN",  "BILE",
+"BILK",  "BILL",  "BIND", "BING",  "BIRD",  "BITE",  "BITS",  "BLAB",
+"BLAT",  "BLED",  "BLEW", "BLOB",  "BLOC",  "BLOT",  "BLOW",  "BLUE",
+"BLUM",  "BLUR",  "BOAR", "BOAT",  "BOCA",  "BOCK",  "BODE",  "BODY",
+"BOGY",  "BOHR",  "BOIL", "BOLD",  "BOLO",  "BOLT",  "BOMB",  "BONA",
+"BOND",  "BONE",  "BONG", "BONN",  "BONY",  "BOOK",  "BOOM",  "BOON",
+"BOOT",  "BORE",  "BORG", "BORN",  "BOSE",  "BOSS",  "BOTH",  "BOUT",
+"BOWL",  "BOYD",  "BRAD", "BRAE",  "BRAG",  "BRAN",  "BRAY",  "BRED",
+"BREW",  "BRIG",  "BRIM", "BROW",  "BUCK",  "BUDD",  "BUFF",  "BULB",
+"BULK",  "BULL",  "BUNK", "BUNT",  "BUOY",  "BURG",  "BURL",  "BURN",
+"BURR",  "BURT",  "BURY", "BUSH",  "BUSS",  "BUST",  "BUSY",  "BYTE",
+"CADY",  "CAFE",  "CAGE", "CAIN",  "CAKE",  "CALF",  "CALL",  "CALM",
+"CAME",  "CANE",  "CANT", "CARD",  "CARE",  "CARL",  "CARR",  "CART",
+"CASE",  "CASH",  "CASK", "CAST",  "CAVE",  "CEIL",  "CELL",  "CENT",
+"CERN",  "CHAD",  "CHAR", "CHAT",  "CHAW",  "CHEF",  "CHEN",  "CHEW",
+"CHIC",  "CHIN",  "CHOU", "CHOW",  "CHUB",  "CHUG",  "CHUM",  "CITE",
+"CITY",  "CLAD",  "CLAM", "CLAN",  "CLAW",  "CLAY",  "CLOD",  "CLOG",
+"CLOT",  "CLUB",  "CLUE", "COAL",  "COAT",  "COCA",  "COCK",  "COCO",
+"CODA",  "CODE",  "CODY", "COED",  "COIL",  "COIN",  "COKE",  "COLA",
+"COLD",  "COLT",  "COMA", "COMB",  "COME",  "COOK",  "COOL",  "COON",
+"COOT",  "CORD",  "CORE", "CORK",  "CORN",  "COST",  "COVE",  "COWL",
+"CRAB",  "CRAG",  "CRAM", "CRAY",  "CREW",  "CRIB",  "CROW",  "CRUD",
+"CUBA",  "CUBE",  "CUFF", "CULL",  "CULT",  "CUNY",  "CURB",  "CURD",
+"CURE",  "CURL",  "CURT", "CUTS",  "DADE",  "DALE",  "DAME",  "DANA",
+"DANE",  "DANG",  "DANK", "DARE",  "DARK",  "DARN",  "DART",  "DASH",
+"DATA",  "DATE",  "DAVE", "DAVY",  "DAWN",  "DAYS",  "DEAD",  "DEAF",
+"DEAL",  "DEAN",  "DEAR", "DEBT",  "DECK",  "DEED",  "DEEM",  "DEER",
+"DEFT",  "DEFY",  "DELL", "DENT",  "DENY",  "DESK",  "DIAL",  "DICE",
+"DIED",  "DIET",  "DIME", "DINE",  "DING",  "DINT",  "DIRE",  "DIRT",
+"DISC",  "DISH",  "DISK", "DIVE",  "DOCK",  "DOES",  "DOLE",  "DOLL",
+"DOLT",  "DOME",  "DONE", "DOOM",  "DOOR",  "DORA",  "DOSE",  "DOTE",
+"DOUG",  "DOUR",  "DOVE", "DOWN",  "DRAB",  "DRAG",  "DRAM",  "DRAW",
+"DREW",  "DRUB",  "DRUG", "DRUM",  "DUAL",  "DUCK",  "DUCT",  "DUEL",
+"DUET",  "DUKE",  "DULL", "DUMB",  "DUNE",  "DUNK",  "DUSK",  "DUST",
+"DUTY",  "EACH",  "EARL", "EARN",  "EASE",  "EAST",  "EASY",  "EBEN",
+"ECHO",  "EDDY",  "EDEN", "EDGE",  "EDGY",  "EDIT",  "EDNA",  "EGAN",
+"ELAN",  "ELBA",  "ELLA", "ELSE",  "EMIL",  "EMIT",  "EMMA",  "ENDS",
+"ERIC",  "EROS",  "EVEN", "EVER",  "EVIL",  "EYED",  "FACE",  "FACT",
+"FADE",  "FAIL",  "FAIN", "FAIR",  "FAKE",  "FALL",  "FAME",  "FANG",
+"FARM",  "FAST",  "FATE", "FAWN",  "FEAR",  "FEAT",  "FEED",  "FEEL",
+"FEET",  "FELL",  "FELT", "FEND",  "FERN",  "FEST",  "FEUD",  "FIEF",
+"FIGS",  "FILE",  "FILL", "FILM",  "FIND",  "FINE",  "FINK",  "FIRE",
+"FIRM",  "FISH",  "FISK", "FIST",  "FITS",  "FIVE",  "FLAG",  "FLAK",
+"FLAM",  "FLAT",  "FLAW", "FLEA",  "FLED",  "FLEW",  "FLIT",  "FLOC",
+"FLOG",  "FLOW",  "FLUB", "FLUE",  "FOAL",  "FOAM",  "FOGY",  "FOIL",
+"FOLD",  "FOLK",  "FOND", "FONT",  "FOOD",  "FOOL",  "FOOT",  "FORD",
+"FORE",  "FORK",  "FORM", "FORT",  "FOSS",  "FOUL",  "FOUR",  "FOWL",
+"FRAU",  "FRAY",  "FRED", "FREE",  "FRET",  "FREY",  "FROG",  "FROM",
+"FUEL",  "FULL",  "FUME", "FUND",  "FUNK",  "FURY",  "FUSE",  "FUSS",
+"GAFF",  "GAGE",  "GAIL", "GAIN",  "GAIT",  "GALA",  "GALE",  "GALL",
+"GALT",  "GAME",  "GANG", "GARB",  "GARY",  "GASH",  "GATE",  "GAUL",
+"GAUR",  "GAVE",  "GAWK", "GEAR",  "GELD",  "GENE",  "GENT",  "GERM",
+"GETS",  "GIBE",  "GIFT", "GILD",  "GILL",  "GILT",  "GINA",  "GIRD",
+"GIRL",  "GIST",  "GIVE", "GLAD",  "GLEE",  "GLEN",  "GLIB",  "GLOB",
+"GLOM",  "GLOW",  "GLUE", "GLUM",  "GLUT",  "GOAD",  "GOAL",  "GOAT",
+"GOER",  "GOES",  "GOLD", "GOLF",  "GONE",  "GONG",  "GOOD",  "GOOF",
+"GORE",  "GORY",  "GOSH", "GOUT",  "GOWN",  "GRAB",  "GRAD",  "GRAY",
+"GREG",  "GREW",  "GREY", "GRID",  "GRIM",  "GRIN",  "GRIT",  "GROW",
+"GRUB",  "GULF",  "GULL", "GUNK",  "GURU",  "GUSH",  "GUST",  "GWEN",
+"GWYN",  "HAAG",  "HAAS", "HACK",  "HAIL",  "HAIR",  "HALE",  "HALF",
+"HALL",  "HALO",  "HALT", "HAND",  "HANG",  "HANK",  "HANS",  "HARD",
+"HARK",  "HARM",  "HART", "HASH",  "HAST",  "HATE",  "HATH",  "HAUL",
+"HAVE",  "HAWK",  "HAYS", "HEAD",  "HEAL",  "HEAR",  "HEAT",  "HEBE",
+"HECK",  "HEED",  "HEEL", "HEFT",  "HELD",  "HELL",  "HELM",  "HERB",
+"HERD",  "HERE",  "HERO", "HERS",  "HESS",  "HEWN",  "HICK",  "HIDE",
+"HIGH",  "HIKE",  "HILL", "HILT",  "HIND",  "HINT",  "HIRE",  "HISS",
+"HIVE",  "HOBO",  "HOCK", "HOFF",  "HOLD",  "HOLE",  "HOLM",  "HOLT",
+"HOME",  "HONE",  "HONK", "HOOD",  "HOOF",  "HOOK",  "HOOT",  "HORN",
+"HOSE",  "HOST",  "HOUR", "HOVE",  "HOWE",  "HOWL",  "HOYT",  "HUCK",
+"HUED",  "HUFF",  "HUGE", "HUGH",  "HUGO",  "HULK",  "HULL",  "HUNK",
+"HUNT",  "HURD",  "HURL", "HURT",  "HUSH",  "HYDE",  "HYMN",  "IBIS",
+"ICON",  "IDEA",  "IDLE", "IFFY",  "INCA",  "INCH",  "INTO",  "IONS",
+"IOTA",  "IOWA",  "IRIS", "IRMA",  "IRON",  "ISLE",  "ITCH",  "ITEM",
+"IVAN",  "JACK",  "JADE", "JAIL",  "JAKE",  "JANE",  "JAVA",  "JEAN",
+"JEFF",  "JERK",  "JESS", "JEST",  "JIBE",  "JILL",  "JILT",  "JIVE",
+"JOAN",  "JOBS",  "JOCK", "JOEL",  "JOEY",  "JOHN",  "JOIN",  "JOKE",
+"JOLT",  "JOVE",  "JUDD", "JUDE",  "JUDO",  "JUDY",  "JUJU",  "JUKE",
+"JULY",  "JUNE",  "JUNK", "JUNO",  "JURY",  "JUST",  "JUTE",  "KAHN",
+"KALE",  "KANE",  "KANT", "KARL",  "KATE",  "KEEL",  "KEEN",  "KENO",
+"KENT",  "KERN",  "KERR", "KEYS",  "KICK",  "KILL",  "KIND",  "KING",
+"KIRK",  "KISS",  "KITE", "KLAN",  "KNEE",  "KNEW",  "KNIT",  "KNOB",
+"KNOT",  "KNOW",  "KOCH", "KONG",  "KUDO",  "KURD",  "KURT",  "KYLE",
+"LACE",  "LACK",  "LACY", "LADY",  "LAID",  "LAIN",  "LAIR",  "LAKE",
+"LAMB",  "LAME",  "LAND", "LANE",  "LANG",  "LARD",  "LARK",  "LASS",
+"LAST",  "LATE",  "LAUD", "LAVA",  "LAWN",  "LAWS",  "LAYS",  "LEAD",
+"LEAF",  "LEAK",  "LEAN", "LEAR",  "LEEK",  "LEER",  "LEFT",  "LEND",
+"LENS",  "LENT",  "LEON", "LESK",  "LESS",  "LEST",  "LETS",  "LIAR",
+"LICE",  "LICK",  "LIED", "LIEN",  "LIES",  "LIEU",  "LIFE",  "LIFT",
+"LIKE",  "LILA",  "LILT", "LILY",  "LIMA",  "LIMB",  "LIME",  "LIND",
+"LINE",  "LINK",  "LINT", "LION",  "LISA",  "LIST",  "LIVE",  "LOAD",
+"LOAF",  "LOAM",  "LOAN", "LOCK",  "LOFT",  "LOGE",  "LOIS",  "LOLA",
+"LONE",  "LONG",  "LOOK", "LOON",  "LOOT",  "LORD",  "LORE",  "LOSE",
+"LOSS",  "LOST",  "LOUD", "LOVE",  "LOWE",  "LUCK",  "LUCY",  "LUGE",
+"LUKE",  "LULU",  "LUND", "LUNG",  "LURA",  "LURE",  "LURK",  "LUSH",
+"LUST",  "LYLE",  "LYNN", "LYON",  "LYRA",  "MACE",  "MADE",  "MAGI",
+"MAID",  "MAIL",  "MAIN", "MAKE",  "MALE",  "MALI",  "MALL",  "MALT",
+"MANA",  "MANN",  "MANY", "MARC",  "MARE",  "MARK",  "MARS",  "MART",
+"MARY",  "MASH",  "MASK", "MASS",  "MAST",  "MATE",  "MATH",  "MAUL",
+"MAYO",  "MEAD",  "MEAL", "MEAN",  "MEAT",  "MEEK",  "MEET",  "MELD",
+"MELT",  "MEMO",  "MEND", "MENU",  "MERT",  "MESH",  "MESS",  "MICE",
+"MIKE",  "MILD",  "MILE", "MILK",  "MILL",  "MILT",  "MIMI",  "MIND",
+"MINE",  "MINI",  "MINK", "MINT",  "MIRE",  "MISS",  "MIST",  "MITE",
+"MITT",  "MOAN",  "MOAT", "MOCK",  "MODE",  "MOLD",  "MOLE",  "MOLL",
+"MOLT",  "MONA",  "MONK", "MONT",  "MOOD",  "MOON",  "MOOR",  "MOOT",
+"MORE",  "MORN",  "MORT", "MOSS",  "MOST",  "MOTH",  "MOVE",  "MUCH",
+"MUCK",  "MUDD",  "MUFF", "MULE",  "MULL",  "MURK",  "MUSH",  "MUST",
+"MUTE",  "MUTT",  "MYRA", "MYTH",  "NAGY",  "NAIL",  "NAIR",  "NAME",
+"NARY",  "NASH",  "NAVE", "NAVY",  "NEAL",  "NEAR",  "NEAT",  "NECK",
+"NEED",  "NEIL",  "NELL", "NEON",  "NERO",  "NESS",  "NEST",  "NEWS",
+"NEWT",  "NIBS",  "NICE", "NICK",  "NILE",  "NINA",  "NINE",  "NOAH",
+"NODE",  "NOEL",  "NOLL", "NONE",  "NOOK",  "NOON",  "NORM",  "NOSE",
+"NOTE",  "NOUN",  "NOVA", "NUDE",  "NULL",  "NUMB",  "OATH",  "OBEY",
+"OBOE",  "ODIN",  "OHIO", "OILY",  "OINT",  "OKAY",  "OLAF",  "OLDY",
+"OLGA",  "OLIN",  "OMAN", "OMEN",  "OMIT",  "ONCE",  "ONES",  "ONLY",
+"ONTO",  "ONUS",  "ORAL", "ORGY",  "OSLO",  "OTIS",  "OTTO",  "OUCH",
+"OUST",  "OUTS",  "OVAL", "OVEN",  "OVER",  "OWLY",  "OWNS",  "QUAD",
+"QUIT",  "QUOD",  "RACE", "RACK",  "RACY",  "RAFT",  "RAGE",  "RAID",
+"RAIL",  "RAIN",  "RAKE", "RANK",  "RANT",  "RARE",  "RASH",  "RATE",
+"RAVE",  "RAYS",  "READ", "REAL",  "REAM",  "REAR",  "RECK",  "REED",
+"REEF",  "REEK",  "REEL", "REID",  "REIN",  "RENA",  "REND",  "RENT",
+"REST",  "RICE",  "RICH", "RICK",  "RIDE",  "RIFT",  "RILL",  "RIME",
+"RING",  "RINK",  "RISE", "RISK",  "RITE",  "ROAD",  "ROAM",  "ROAR",
+"ROBE",  "ROCK",  "RODE", "ROIL",  "ROLL",  "ROME",  "ROOD",  "ROOF",
+"ROOK",  "ROOM",  "ROOT", "ROSA",  "ROSE",  "ROSS",  "ROSY",  "ROTH",
+"ROUT",  "ROVE",  "ROWE", "ROWS",  "RUBE",  "RUBY",  "RUDE",  "RUDY",
+"RUIN",  "RULE",  "RUNG", "RUNS",  "RUNT",  "RUSE",  "RUSH",  "RUSK",
+"RUSS",  "RUST",  "RUTH", "SACK",  "SAFE",  "SAGE",  "SAID",  "SAIL",
+"SALE",  "SALK",  "SALT", "SAME",  "SAND",  "SANE",  "SANG",  "SANK",
+"SARA",  "SAUL",  "SAVE", "SAYS",  "SCAN",  "SCAR",  "SCAT",  "SCOT",
+"SEAL",  "SEAM",  "SEAR", "SEAT",  "SEED",  "SEEK",  "SEEM",  "SEEN",
+"SEES",  "SELF",  "SELL", "SEND",  "SENT",  "SETS",  "SEWN",  "SHAG",
+"SHAM",  "SHAW",  "SHAY", "SHED",  "SHIM",  "SHIN",  "SHOD",  "SHOE",
+"SHOT",  "SHOW",  "SHUN", "SHUT",  "SICK",  "SIDE",  "SIFT",  "SIGH",
+"SIGN",  "SILK",  "SILL", "SILO",  "SILT",  "SINE",  "SING",  "SINK",
+"SIRE",  "SITE",  "SITS", "SITU",  "SKAT",  "SKEW",  "SKID",  "SKIM",
+"SKIN",  "SKIT",  "SLAB", "SLAM",  "SLAT",  "SLAY",  "SLED",  "SLEW",
+"SLID",  "SLIM",  "SLIT", "SLOB",  "SLOG",  "SLOT",  "SLOW",  "SLUG",
+"SLUM",  "SLUR",  "SMOG", "SMUG",  "SNAG",  "SNOB",  "SNOW",  "SNUB",
+"SNUG",  "SOAK",  "SOAR", "SOCK",  "SODA",  "SOFA",  "SOFT",  "SOIL",
+"SOLD",  "SOME",  "SONG", "SOON",  "SOOT",  "SORE",  "SORT",  "SOUL",
+"SOUR",  "SOWN",  "STAB", "STAG",  "STAN",  "STAR",  "STAY",  "STEM",
+"STEW",  "STIR",  "STOW", "STUB",  "STUN",  "SUCH",  "SUDS",  "SUIT",
+"SULK",  "SUMS",  "SUNG", "SUNK",  "SURE",  "SURF",  "SWAB",  "SWAG",
+"SWAM",  "SWAN",  "SWAT", "SWAY",  "SWIM",  "SWUM",  "TACK",  "TACT",
+"TAIL",  "TAKE",  "TALE", "TALK",  "TALL",  "TANK",  "TASK",  "TATE",
+"TAUT",  "TEAL",  "TEAM", "TEAR",  "TECH",  "TEEM",  "TEEN",  "TEET",
+"TELL",  "TEND",  "TENT", "TERM",  "TERN",  "TESS",  "TEST",  "THAN",
+"THAT",  "THEE",  "THEM", "THEN",  "THEY",  "THIN",  "THIS",  "THUD",
+"THUG",  "TICK",  "TIDE", "TIDY",  "TIED",  "TIER",  "TILE",  "TILL",
+"TILT",  "TIME",  "TINA", "TINE",  "TINT",  "TINY",  "TIRE",  "TOAD",
+"TOGO",  "TOIL",  "TOLD", "TOLL",  "TONE",  "TONG",  "TONY",  "TOOK",
+"TOOL",  "TOOT",  "TORE", "TORN",  "TOTE",  "TOUR",  "TOUT",  "TOWN",
+"TRAG",  "TRAM",  "TRAY", "TREE",  "TREK",  "TRIG",  "TRIM",  "TRIO",
+"TROD",  "TROT",  "TROY", "TRUE",  "TUBA",  "TUBE",  "TUCK",  "TUFT",
+"TUNA",  "TUNE",  "TUNG", "TURF",  "TURN",  "TUSK",  "TWIG",  "TWIN",
+"TWIT",  "ULAN",  "UNIT", "URGE",  "USED",  "USER",  "USES",  "UTAH",
+"VAIL",  "VAIN",  "VALE", "VARY",  "VASE",  "VAST",  "VEAL",  "VEDA",
+"VEIL",  "VEIN",  "VEND", "VENT",  "VERB",  "VERY",  "VETO",  "VICE",
+"VIEW",  "VINE",  "VISE", "VOID",  "VOLT",  "VOTE",  "WACK",  "WADE",
+"WAGE",  "WAIL",  "WAIT", "WAKE",  "WALE",  "WALK",  "WALL",  "WALT",
+"WAND",  "WANE",  "WANG", "WANT",  "WARD",  "WARM",  "WARN",  "WART",
+"WASH",  "WAST",  "WATS", "WATT",  "WAVE",  "WAVY",  "WAYS",  "WEAK",
+"WEAL",  "WEAN",  "WEAR", "WEED",  "WEEK",  "WEIR",  "WELD",  "WELL",
+"WELT",  "WENT",  "WERE", "WERT",  "WEST",  "WHAM",  "WHAT",  "WHEE",
+"WHEN",  "WHET",  "WHOA", "WHOM",  "WICK",  "WIFE",  "WILD",  "WILL",
+"WIND",  "WINE",  "WING", "WINK",  "WINO",  "WIRE",  "WISE",  "WISH",
+"WITH",  "WOLF",  "WONT", "WOOD",  "WOOL",  "WORD",  "WORE",  "WORK",
+"WORM",  "WORN",  "WOVE", "WRIT",  "WYNN",  "YALE",  "YANG",  "YANK",
+"YARD",  "YARN",  "YAWL", "YAWN",  "YEAH",  "YEAR",  "YELL",  "YOGA",
+"YOKE"                         };
+
+const struct e inv_std_dict[2048] = {
+{"A", 0},
+{"ABE", 1},
+{"ABED", 571},
+{"ABEL", 572},
+{"ABET", 573},
+{"ABLE", 574},
+{"ABUT", 575},
+{"ACE", 2},
+{"ACHE", 576},
+{"ACID", 577},
+{"ACME", 578},
+{"ACRE", 579},
+{"ACT", 3},
+{"ACTA", 580},
+{"ACTS", 581},
+{"AD", 4},
+{"ADA", 5},
+{"ADAM", 582},
+{"ADD", 6},
+{"ADDS", 583},
+{"ADEN", 584},
+{"AFAR", 585},
+{"AFRO", 586},
+{"AGEE", 587},
+{"AGO", 7},
+{"AHEM", 588},
+{"AHOY", 589},
+{"AID", 8},
+{"AIDA", 590},
+{"AIDE", 591},
+{"AIDS", 592},
+{"AIM", 9},
+{"AIR", 10},
+{"AIRY", 593},
+{"AJAR", 594},
+{"AKIN", 595},
+{"ALAN", 596},
+{"ALEC", 597},
+{"ALGA", 598},
+{"ALIA", 599},
+{"ALL", 11},
+{"ALLY", 600},
+{"ALMA", 601},
+{"ALOE", 602},
+{"ALP", 12},
+{"ALSO", 603},
+{"ALTO", 604},
+{"ALUM", 605},
+{"ALVA", 606},
+{"AM", 13},
+{"AMEN", 607},
+{"AMES", 608},
+{"AMID", 609},
+{"AMMO", 610},
+{"AMOK", 611},
+{"AMOS", 612},
+{"AMRA", 613},
+{"AMY", 14},
+{"AN", 15},
+{"ANA", 16},
+{"AND", 17},
+{"ANDY", 614},
+{"ANEW", 615},
+{"ANN", 18},
+{"ANNA", 616},
+{"ANNE", 617},
+{"ANT", 19},
+{"ANTE", 618},
+{"ANTI", 619},
+{"ANY", 20},
+{"APE", 21},
+{"APS", 22},
+{"APT", 23},
+{"AQUA", 620},
+{"ARAB", 621},
+{"ARC", 24},
+{"ARCH", 622},
+{"ARE", 25},
+{"AREA", 623},
+{"ARGO", 624},
+{"ARID", 625},
+{"ARK", 26},
+{"ARM", 27},
+{"ARMY", 626},
+{"ART", 28},
+{"ARTS", 627},
+{"ARTY", 628},
+{"AS", 29},
+{"ASH", 30},
+{"ASIA", 629},
+{"ASK", 31},
+{"ASKS", 630},
+{"AT", 32},
+{"ATE", 33},
+{"ATOM", 631},
+{"AUG", 34},
+{"AUK", 35},
+{"AUNT", 632},
+{"AURA", 633},
+{"AUTO", 634},
+{"AVE", 36},
+{"AVER", 635},
+{"AVID", 636},
+{"AVIS", 637},
+{"AVON", 638},
+{"AVOW", 639},
+{"AWAY", 640},
+{"AWE", 37},
+{"AWK", 38},
+{"AWL", 39},
+{"AWN", 40},
+{"AWRY", 641},
+{"AX", 41},
+{"AYE", 42},
+{"BABE", 642},
+{"BABY", 643},
+{"BACH", 644},
+{"BACK", 645},
+{"BAD", 43},
+{"BADE", 646},
+{"BAG", 44},
+{"BAH", 45},
+{"BAIL", 647},
+{"BAIT", 648},
+{"BAKE", 649},
+{"BALD", 650},
+{"BALE", 651},
+{"BALI", 652},
+{"BALK", 653},
+{"BALL", 654},
+{"BALM", 655},
+{"BAM", 46},
+{"BAN", 47},
+{"BAND", 656},
+{"BANE", 657},
+{"BANG", 658},
+{"BANK", 659},
+{"BAR", 48},
+{"BARB", 660},
+{"BARD", 661},
+{"BARE", 662},
+{"BARK", 663},
+{"BARN", 664},
+{"BARR", 665},
+{"BASE", 666},
+{"BASH", 667},
+{"BASK", 668},
+{"BASS", 669},
+{"BAT", 49},
+{"BATE", 670},
+{"BATH", 671},
+{"BAWD", 672},
+{"BAWL", 673},
+{"BAY", 50},
+{"BE", 51},
+{"BEAD", 674},
+{"BEAK", 675},
+{"BEAM", 676},
+{"BEAN", 677},
+{"BEAR", 678},
+{"BEAT", 679},
+{"BEAU", 680},
+{"BECK", 681},
+{"BED", 52},
+{"BEE", 53},
+{"BEEF", 682},
+{"BEEN", 683},
+{"BEER", 684},
+{"BEET", 685},
+{"BEG", 54},
+{"BELA", 686},
+{"BELL", 687},
+{"BELT", 688},
+{"BEN", 55},
+{"BEND", 689},
+{"BENT", 690},
+{"BERG", 691},
+{"BERN", 692},
+{"BERT", 693},
+{"BESS", 694},
+{"BEST", 695},
+{"BET", 56},
+{"BETA", 696},
+{"BETH", 697},
+{"BEY", 57},
+{"BHOY", 698},
+{"BIAS", 699},
+{"BIB", 58},
+{"BID", 59},
+{"BIDE", 700},
+{"BIEN", 701},
+{"BIG", 60},
+{"BILE", 702},
+{"BILK", 703},
+{"BILL", 704},
+{"BIN", 61},
+{"BIND", 705},
+{"BING", 706},
+{"BIRD", 707},
+{"BIT", 62},
+{"BITE", 708},
+{"BITS", 709},
+{"BLAB", 710},
+{"BLAT", 711},
+{"BLED", 712},
+{"BLEW", 713},
+{"BLOB", 714},
+{"BLOC", 715},
+{"BLOT", 716},
+{"BLOW", 717},
+{"BLUE", 718},
+{"BLUM", 719},
+{"BLUR", 720},
+{"BOAR", 721},
+{"BOAT", 722},
+{"BOB", 63},
+{"BOCA", 723},
+{"BOCK", 724},
+{"BODE", 725},
+{"BODY", 726},
+{"BOG", 64},
+{"BOGY", 727},
+{"BOHR", 728},
+{"BOIL", 729},
+{"BOLD", 730},
+{"BOLO", 731},
+{"BOLT", 732},
+{"BOMB", 733},
+{"BON", 65},
+{"BONA", 734},
+{"BOND", 735},
+{"BONE", 736},
+{"BONG", 737},
+{"BONN", 738},
+{"BONY", 739},
+{"BOO", 66},
+{"BOOK", 740},
+{"BOOM", 741},
+{"BOON", 742},
+{"BOOT", 743},
+{"BOP", 67},
+{"BORE", 744},
+{"BORG", 745},
+{"BORN", 746},
+{"BOSE", 747},
+{"BOSS", 748},
+{"BOTH", 749},
+{"BOUT", 750},
+{"BOW", 68},
+{"BOWL", 751},
+{"BOY", 69},
+{"BOYD", 752},
+{"BRAD", 753},
+{"BRAE", 754},
+{"BRAG", 755},
+{"BRAN", 756},
+{"BRAY", 757},
+{"BRED", 758},
+{"BREW", 759},
+{"BRIG", 760},
+{"BRIM", 761},
+{"BROW", 762},
+{"BUB", 70},
+{"BUCK", 763},
+{"BUD", 71},
+{"BUDD", 764},
+{"BUFF", 765},
+{"BUG", 72},
+{"BULB", 766},
+{"BULK", 767},
+{"BULL", 768},
+{"BUM", 73},
+{"BUN", 74},
+{"BUNK", 769},
+{"BUNT", 770},
+{"BUOY", 771},
+{"BURG", 772},
+{"BURL", 773},
+{"BURN", 774},
+{"BURR", 775},
+{"BURT", 776},
+{"BURY", 777},
+{"BUS", 75},
+{"BUSH", 778},
+{"BUSS", 779},
+{"BUST", 780},
+{"BUSY", 781},
+{"BUT", 76},
+{"BUY", 77},
+{"BY", 78},
+{"BYE", 79},
+{"BYTE", 782},
+{"CAB", 80},
+{"CADY", 783},
+{"CAFE", 784},
+{"CAGE", 785},
+{"CAIN", 786},
+{"CAKE", 787},
+{"CAL", 81},
+{"CALF", 788},
+{"CALL", 789},
+{"CALM", 790},
+{"CAM", 82},
+{"CAME", 791},
+{"CAN", 83},
+{"CANE", 792},
+{"CANT", 793},
+{"CAP", 84},
+{"CAR", 85},
+{"CARD", 794},
+{"CARE", 795},
+{"CARL", 796},
+{"CARR", 797},
+{"CART", 798},
+{"CASE", 799},
+{"CASH", 800},
+{"CASK", 801},
+{"CAST", 802},
+{"CAT", 86},
+{"CAVE", 803},
+{"CAW", 87},
+{"CEIL", 804},
+{"CELL", 805},
+{"CENT", 806},
+{"CERN", 807},
+{"CHAD", 808},
+{"CHAR", 809},
+{"CHAT", 810},
+{"CHAW", 811},
+{"CHEF", 812},
+{"CHEN", 813},
+{"CHEW", 814},
+{"CHIC", 815},
+{"CHIN", 816},
+{"CHOU", 817},
+{"CHOW", 818},
+{"CHUB", 819},
+{"CHUG", 820},
+{"CHUM", 821},
+{"CITE", 822},
+{"CITY", 823},
+{"CLAD", 824},
+{"CLAM", 825},
+{"CLAN", 826},
+{"CLAW", 827},
+{"CLAY", 828},
+{"CLOD", 829},
+{"CLOG", 830},
+{"CLOT", 831},
+{"CLUB", 832},
+{"CLUE", 833},
+{"COAL", 834},
+{"COAT", 835},
+{"COCA", 836},
+{"COCK", 837},
+{"COCO", 838},
+{"COD", 88},
+{"CODA", 839},
+{"CODE", 840},
+{"CODY", 841},
+{"COED", 842},
+{"COG", 89},
+{"COIL", 843},
+{"COIN", 844},
+{"COKE", 845},
+{"COL", 90},
+{"COLA", 846},
+{"COLD", 847},
+{"COLT", 848},
+{"COMA", 849},
+{"COMB", 850},
+{"COME", 851},
+{"CON", 91},
+{"COO", 92},
+{"COOK", 852},
+{"COOL", 853},
+{"COON", 854},
+{"COOT", 855},
+{"COP", 93},
+{"CORD", 856},
+{"CORE", 857},
+{"CORK", 858},
+{"CORN", 859},
+{"COST", 860},
+{"COT", 94},
+{"COVE", 861},
+{"COW", 95},
+{"COWL", 862},
+{"COY", 96},
+{"CRAB", 863},
+{"CRAG", 864},
+{"CRAM", 865},
+{"CRAY", 866},
+{"CREW", 867},
+{"CRIB", 868},
+{"CROW", 869},
+{"CRUD", 870},
+{"CRY", 97},
+{"CUB", 98},
+{"CUBA", 871},
+{"CUBE", 872},
+{"CUE", 99},
+{"CUFF", 873},
+{"CULL", 874},
+{"CULT", 875},
+{"CUNY", 876},
+{"CUP", 100},
+{"CUR", 101},
+{"CURB", 877},
+{"CURD", 878},
+{"CURE", 879},
+{"CURL", 880},
+{"CURT", 881},
+{"CUT", 102},
+{"CUTS", 882},
+{"DAB", 103},
+{"DAD", 104},
+{"DADE", 883},
+{"DALE", 884},
+{"DAM", 105},
+{"DAME", 885},
+{"DAN", 106},
+{"DANA", 886},
+{"DANE", 887},
+{"DANG", 888},
+{"DANK", 889},
+{"DAR", 107},
+{"DARE", 890},
+{"DARK", 891},
+{"DARN", 892},
+{"DART", 893},
+{"DASH", 894},
+{"DATA", 895},
+{"DATE", 896},
+{"DAVE", 897},
+{"DAVY", 898},
+{"DAWN", 899},
+{"DAY", 108},
+{"DAYS", 900},
+{"DEAD", 901},
+{"DEAF", 902},
+{"DEAL", 903},
+{"DEAN", 904},
+{"DEAR", 905},
+{"DEBT", 906},
+{"DECK", 907},
+{"DEE", 109},
+{"DEED", 908},
+{"DEEM", 909},
+{"DEER", 910},
+{"DEFT", 911},
+{"DEFY", 912},
+{"DEL", 110},
+{"DELL", 913},
+{"DEN", 111},
+{"DENT", 914},
+{"DENY", 915},
+{"DES", 112},
+{"DESK", 916},
+{"DEW", 113},
+{"DIAL", 917},
+{"DICE", 918},
+{"DID", 114},
+{"DIE", 115},
+{"DIED", 919},
+{"DIET", 920},
+{"DIG", 116},
+{"DIME", 921},
+{"DIN", 117},
+{"DINE", 922},
+{"DING", 923},
+{"DINT", 924},
+{"DIP", 118},
+{"DIRE", 925},
+{"DIRT", 926},
+{"DISC", 927},
+{"DISH", 928},
+{"DISK", 929},
+{"DIVE", 930},
+{"DO", 119},
+{"DOCK", 931},
+{"DOE", 120},
+{"DOES", 932},
+{"DOG", 121},
+{"DOLE", 933},
+{"DOLL", 934},
+{"DOLT", 935},
+{"DOME", 936},
+{"DON", 122},
+{"DONE", 937},
+{"DOOM", 938},
+{"DOOR", 939},
+{"DORA", 940},
+{"DOSE", 941},
+{"DOT", 123},
+{"DOTE", 942},
+{"DOUG", 943},
+{"DOUR", 944},
+{"DOVE", 945},
+{"DOW", 124},
+{"DOWN", 946},
+{"DRAB", 947},
+{"DRAG", 948},
+{"DRAM", 949},
+{"DRAW", 950},
+{"DREW", 951},
+{"DRUB", 952},
+{"DRUG", 953},
+{"DRUM", 954},
+{"DRY", 125},
+{"DUAL", 955},
+{"DUB", 126},
+{"DUCK", 956},
+{"DUCT", 957},
+{"DUD", 127},
+{"DUE", 128},
+{"DUEL", 958},
+{"DUET", 959},
+{"DUG", 129},
+{"DUKE", 960},
+{"DULL", 961},
+{"DUMB", 962},
+{"DUN", 130},
+{"DUNE", 963},
+{"DUNK", 964},
+{"DUSK", 965},
+{"DUST", 966},
+{"DUTY", 967},
+{"EACH", 968},
+{"EAR", 131},
+{"EARL", 969},
+{"EARN", 970},
+{"EASE", 971},
+{"EAST", 972},
+{"EASY", 973},
+{"EAT", 132},
+{"EBEN", 974},
+{"ECHO", 975},
+{"ED", 133},
+{"EDDY", 976},
+{"EDEN", 977},
+{"EDGE", 978},
+{"EDGY", 979},
+{"EDIT", 980},
+{"EDNA", 981},
+{"EEL", 134},
+{"EGAN", 982},
+{"EGG", 135},
+{"EGO", 136},
+{"ELAN", 983},
+{"ELBA", 984},
+{"ELI", 137},
+{"ELK", 138},
+{"ELLA", 985},
+{"ELM", 139},
+{"ELSE", 986},
+{"ELY", 140},
+{"EM", 141},
+{"EMIL", 987},
+{"EMIT", 988},
+{"EMMA", 989},
+{"END", 142},
+{"ENDS", 990},
+{"ERIC", 991},
+{"EROS", 992},
+{"EST", 143},
+{"ETC", 144},
+{"EVA", 145},
+{"EVE", 146},
+{"EVEN", 993},
+{"EVER", 994},
+{"EVIL", 995},
+{"EWE", 147},
+{"EYE", 148},
+{"EYED", 996},
+{"FACE", 997},
+{"FACT", 998},
+{"FAD", 149},
+{"FADE", 999},
+{"FAIL", 1000},
+{"FAIN", 1001},
+{"FAIR", 1002},
+{"FAKE", 1003},
+{"FALL", 1004},
+{"FAME", 1005},
+{"FAN", 150},
+{"FANG", 1006},
+{"FAR", 151},
+{"FARM", 1007},
+{"FAST", 1008},
+{"FAT", 152},
+{"FATE", 1009},
+{"FAWN", 1010},
+{"FAY", 153},
+{"FEAR", 1011},
+{"FEAT", 1012},
+{"FED", 154},
+{"FEE", 155},
+{"FEED", 1013},
+{"FEEL", 1014},
+{"FEET", 1015},
+{"FELL", 1016},
+{"FELT", 1017},
+{"FEND", 1018},
+{"FERN", 1019},
+{"FEST", 1020},
+{"FEUD", 1021},
+{"FEW", 156},
+{"FIB", 157},
+{"FIEF", 1022},
+{"FIG", 158},
+{"FIGS", 1023},
+{"FILE", 1024},
+{"FILL", 1025},
+{"FILM", 1026},
+{"FIN", 159},
+{"FIND", 1027},
+{"FINE", 1028},
+{"FINK", 1029},
+{"FIR", 160},
+{"FIRE", 1030},
+{"FIRM", 1031},
+{"FISH", 1032},
+{"FISK", 1033},
+{"FIST", 1034},
+{"FIT", 161},
+{"FITS", 1035},
+{"FIVE", 1036},
+{"FLAG", 1037},
+{"FLAK", 1038},
+{"FLAM", 1039},
+{"FLAT", 1040},
+{"FLAW", 1041},
+{"FLEA", 1042},
+{"FLED", 1043},
+{"FLEW", 1044},
+{"FLIT", 1045},
+{"FLO", 162},
+{"FLOC", 1046},
+{"FLOG", 1047},
+{"FLOW", 1048},
+{"FLUB", 1049},
+{"FLUE", 1050},
+{"FLY", 163},
+{"FOAL", 1051},
+{"FOAM", 1052},
+{"FOE", 164},
+{"FOG", 165},
+{"FOGY", 1053},
+{"FOIL", 1054},
+{"FOLD", 1055},
+{"FOLK", 1056},
+{"FOND", 1057},
+{"FONT", 1058},
+{"FOOD", 1059},
+{"FOOL", 1060},
+{"FOOT", 1061},
+{"FOR", 166},
+{"FORD", 1062},
+{"FORE", 1063},
+{"FORK", 1064},
+{"FORM", 1065},
+{"FORT", 1066},
+{"FOSS", 1067},
+{"FOUL", 1068},
+{"FOUR", 1069},
+{"FOWL", 1070},
+{"FRAU", 1071},
+{"FRAY", 1072},
+{"FRED", 1073},
+{"FREE", 1074},
+{"FRET", 1075},
+{"FREY", 1076},
+{"FROG", 1077},
+{"FROM", 1078},
+{"FRY", 167},
+{"FUEL", 1079},
+{"FULL", 1080},
+{"FUM", 168},
+{"FUME", 1081},
+{"FUN", 169},
+{"FUND", 1082},
+{"FUNK", 1083},
+{"FUR", 170},
+{"FURY", 1084},
+{"FUSE", 1085},
+{"FUSS", 1086},
+{"GAB", 171},
+{"GAD", 172},
+{"GAFF", 1087},
+{"GAG", 173},
+{"GAGE", 1088},
+{"GAIL", 1089},
+{"GAIN", 1090},
+{"GAIT", 1091},
+{"GAL", 174},
+{"GALA", 1092},
+{"GALE", 1093},
+{"GALL", 1094},
+{"GALT", 1095},
+{"GAM", 175},
+{"GAME", 1096},
+{"GANG", 1097},
+{"GAP", 176},
+{"GARB", 1098},
+{"GARY", 1099},
+{"GAS", 177},
+{"GASH", 1100},
+{"GATE", 1101},
+{"GAUL", 1102},
+{"GAUR", 1103},
+{"GAVE", 1104},
+{"GAWK", 1105},
+{"GAY", 178},
+{"GEAR", 1106},
+{"GEE", 179},
+{"GEL", 180},
+{"GELD", 1107},
+{"GEM", 181},
+{"GENE", 1108},
+{"GENT", 1109},
+{"GERM", 1110},
+{"GET", 182},
+{"GETS", 1111},
+{"GIBE", 1112},
+{"GIFT", 1113},
+{"GIG", 183},
+{"GIL", 184},
+{"GILD", 1114},
+{"GILL", 1115},
+{"GILT", 1116},
+{"GIN", 185},
+{"GINA", 1117},
+{"GIRD", 1118},
+{"GIRL", 1119},
+{"GIST", 1120},
+{"GIVE", 1121},
+{"GLAD", 1122},
+{"GLEE", 1123},
+{"GLEN", 1124},
+{"GLIB", 1125},
+{"GLOB", 1126},
+{"GLOM", 1127},
+{"GLOW", 1128},
+{"GLUE", 1129},
+{"GLUM", 1130},
+{"GLUT", 1131},
+{"GO", 186},
+{"GOAD", 1132},
+{"GOAL", 1133},
+{"GOAT", 1134},
+{"GOER", 1135},
+{"GOES", 1136},
+{"GOLD", 1137},
+{"GOLF", 1138},
+{"GONE", 1139},
+{"GONG", 1140},
+{"GOOD", 1141},
+{"GOOF", 1142},
+{"GORE", 1143},
+{"GORY", 1144},
+{"GOSH", 1145},
+{"GOT", 187},
+{"GOUT", 1146},
+{"GOWN", 1147},
+{"GRAB", 1148},
+{"GRAD", 1149},
+{"GRAY", 1150},
+{"GREG", 1151},
+{"GREW", 1152},
+{"GREY", 1153},
+{"GRID", 1154},
+{"GRIM", 1155},
+{"GRIN", 1156},
+{"GRIT", 1157},
+{"GROW", 1158},
+{"GRUB", 1159},
+{"GULF", 1160},
+{"GULL", 1161},
+{"GUM", 188},
+{"GUN", 189},
+{"GUNK", 1162},
+{"GURU", 1163},
+{"GUS", 190},
+{"GUSH", 1164},
+{"GUST", 1165},
+{"GUT", 191},
+{"GUY", 192},
+{"GWEN", 1166},
+{"GWYN", 1167},
+{"GYM", 193},
+{"GYP", 194},
+{"HA", 195},
+{"HAAG", 1168},
+{"HAAS", 1169},
+{"HACK", 1170},
+{"HAD", 196},
+{"HAIL", 1171},
+{"HAIR", 1172},
+{"HAL", 197},
+{"HALE", 1173},
+{"HALF", 1174},
+{"HALL", 1175},
+{"HALO", 1176},
+{"HALT", 1177},
+{"HAM", 198},
+{"HAN", 199},
+{"HAND", 1178},
+{"HANG", 1179},
+{"HANK", 1180},
+{"HANS", 1181},
+{"HAP", 200},
+{"HARD", 1182},
+{"HARK", 1183},
+{"HARM", 1184},
+{"HART", 1185},
+{"HAS", 201},
+{"HASH", 1186},
+{"HAST", 1187},
+{"HAT", 202},
+{"HATE", 1188},
+{"HATH", 1189},
+{"HAUL", 1190},
+{"HAVE", 1191},
+{"HAW", 203},
+{"HAWK", 1192},
+{"HAY", 204},
+{"HAYS", 1193},
+{"HE", 205},
+{"HEAD", 1194},
+{"HEAL", 1195},
+{"HEAR", 1196},
+{"HEAT", 1197},
+{"HEBE", 1198},
+{"HECK", 1199},
+{"HEED", 1200},
+{"HEEL", 1201},
+{"HEFT", 1202},
+{"HELD", 1203},
+{"HELL", 1204},
+{"HELM", 1205},
+{"HEM", 206},
+{"HEN", 207},
+{"HER", 208},
+{"HERB", 1206},
+{"HERD", 1207},
+{"HERE", 1208},
+{"HERO", 1209},
+{"HERS", 1210},
+{"HESS", 1211},
+{"HEW", 209},
+{"HEWN", 1212},
+{"HEY", 210},
+{"HI", 211},
+{"HICK", 1213},
+{"HID", 212},
+{"HIDE", 1214},
+{"HIGH", 1215},
+{"HIKE", 1216},
+{"HILL", 1217},
+{"HILT", 1218},
+{"HIM", 213},
+{"HIND", 1219},
+{"HINT", 1220},
+{"HIP", 214},
+{"HIRE", 1221},
+{"HIS", 215},
+{"HISS", 1222},
+{"HIT", 216},
+{"HIVE", 1223},
+{"HO", 217},
+{"HOB", 218},
+{"HOBO", 1224},
+{"HOC", 219},
+{"HOCK", 1225},
+{"HOE", 220},
+{"HOFF", 1226},
+{"HOG", 221},
+{"HOLD", 1227},
+{"HOLE", 1228},
+{"HOLM", 1229},
+{"HOLT", 1230},
+{"HOME", 1231},
+{"HONE", 1232},
+{"HONK", 1233},
+{"HOOD", 1234},
+{"HOOF", 1235},
+{"HOOK", 1236},
+{"HOOT", 1237},
+{"HOP", 222},
+{"HORN", 1238},
+{"HOSE", 1239},
+{"HOST", 1240},
+{"HOT", 223},
+{"HOUR", 1241},
+{"HOVE", 1242},
+{"HOW", 224},
+{"HOWE", 1243},
+{"HOWL", 1244},
+{"HOYT", 1245},
+{"HUB", 225},
+{"HUCK", 1246},
+{"HUE", 226},
+{"HUED", 1247},
+{"HUFF", 1248},
+{"HUG", 227},
+{"HUGE", 1249},
+{"HUGH", 1250},
+{"HUGO", 1251},
+{"HUH", 228},
+{"HULK", 1252},
+{"HULL", 1253},
+{"HUM", 229},
+{"HUNK", 1254},
+{"HUNT", 1255},
+{"HURD", 1256},
+{"HURL", 1257},
+{"HURT", 1258},
+{"HUSH", 1259},
+{"HUT", 230},
+{"HYDE", 1260},
+{"HYMN", 1261},
+{"I", 231},
+{"IBIS", 1262},
+{"ICON", 1263},
+{"ICY", 232},
+{"IDA", 233},
+{"IDEA", 1264},
+{"IDLE", 1265},
+{"IF", 234},
+{"IFFY", 1266},
+{"IKE", 235},
+{"ILL", 236},
+{"INCA", 1267},
+{"INCH", 1268},
+{"INK", 237},
+{"INN", 238},
+{"INTO", 1269},
+{"IO", 239},
+{"ION", 240},
+{"IONS", 1270},
+{"IOTA", 1271},
+{"IOWA", 1272},
+{"IQ", 241},
+{"IRA", 242},
+{"IRE", 243},
+{"IRIS", 1273},
+{"IRK", 244},
+{"IRMA", 1274},
+{"IRON", 1275},
+{"IS", 245},
+{"ISLE", 1276},
+{"IT", 246},
+{"ITCH", 1277},
+{"ITEM", 1278},
+{"ITS", 247},
+{"IVAN", 1279},
+{"IVY", 248},
+{"JAB", 249},
+{"JACK", 1280},
+{"JADE", 1281},
+{"JAG", 250},
+{"JAIL", 1282},
+{"JAKE", 1283},
+{"JAM", 251},
+{"JAN", 252},
+{"JANE", 1284},
+{"JAR", 253},
+{"JAVA", 1285},
+{"JAW", 254},
+{"JAY", 255},
+{"JEAN", 1286},
+{"JEFF", 1287},
+{"JERK", 1288},
+{"JESS", 1289},
+{"JEST", 1290},
+{"JET", 256},
+{"JIBE", 1291},
+{"JIG", 257},
+{"JILL", 1292},
+{"JILT", 1293},
+{"JIM", 258},
+{"JIVE", 1294},
+{"JO", 259},
+{"JOAN", 1295},
+{"JOB", 260},
+{"JOBS", 1296},
+{"JOCK", 1297},
+{"JOE", 261},
+{"JOEL", 1298},
+{"JOEY", 1299},
+{"JOG", 262},
+{"JOHN", 1300},
+{"JOIN", 1301},
+{"JOKE", 1302},
+{"JOLT", 1303},
+{"JOT", 263},
+{"JOVE", 1304},
+{"JOY", 264},
+{"JUDD", 1305},
+{"JUDE", 1306},
+{"JUDO", 1307},
+{"JUDY", 1308},
+{"JUG", 265},
+{"JUJU", 1309},
+{"JUKE", 1310},
+{"JULY", 1311},
+{"JUNE", 1312},
+{"JUNK", 1313},
+{"JUNO", 1314},
+{"JURY", 1315},
+{"JUST", 1316},
+{"JUT", 266},
+{"JUTE", 1317},
+{"KAHN", 1318},
+{"KALE", 1319},
+{"KANE", 1320},
+{"KANT", 1321},
+{"KARL", 1322},
+{"KATE", 1323},
+{"KAY", 267},
+{"KEEL", 1324},
+{"KEEN", 1325},
+{"KEG", 268},
+{"KEN", 269},
+{"KENO", 1326},
+{"KENT", 1327},
+{"KERN", 1328},
+{"KERR", 1329},
+{"KEY", 270},
+{"KEYS", 1330},
+{"KICK", 1331},
+{"KID", 271},
+{"KILL", 1332},
+{"KIM", 272},
+{"KIN", 273},
+{"KIND", 1333},
+{"KING", 1334},
+{"KIRK", 1335},
+{"KISS", 1336},
+{"KIT", 274},
+{"KITE", 1337},
+{"KLAN", 1338},
+{"KNEE", 1339},
+{"KNEW", 1340},
+{"KNIT", 1341},
+{"KNOB", 1342},
+{"KNOT", 1343},
+{"KNOW", 1344},
+{"KOCH", 1345},
+{"KONG", 1346},
+{"KUDO", 1347},
+{"KURD", 1348},
+{"KURT", 1349},
+{"KYLE", 1350},
+{"LA", 275},
+{"LAB", 276},
+{"LAC", 277},
+{"LACE", 1351},
+{"LACK", 1352},
+{"LACY", 1353},
+{"LAD", 278},
+{"LADY", 1354},
+{"LAG", 279},
+{"LAID", 1355},
+{"LAIN", 1356},
+{"LAIR", 1357},
+{"LAKE", 1358},
+{"LAM", 280},
+{"LAMB", 1359},
+{"LAME", 1360},
+{"LAND", 1361},
+{"LANE", 1362},
+{"LANG", 1363},
+{"LAP", 281},
+{"LARD", 1364},
+{"LARK", 1365},
+{"LASS", 1366},
+{"LAST", 1367},
+{"LATE", 1368},
+{"LAUD", 1369},
+{"LAVA", 1370},
+{"LAW", 282},
+{"LAWN", 1371},
+{"LAWS", 1372},
+{"LAY", 283},
+{"LAYS", 1373},
+{"LEA", 284},
+{"LEAD", 1374},
+{"LEAF", 1375},
+{"LEAK", 1376},
+{"LEAN", 1377},
+{"LEAR", 1378},
+{"LED", 285},
+{"LEE", 286},
+{"LEEK", 1379},
+{"LEER", 1380},
+{"LEFT", 1381},
+{"LEG", 287},
+{"LEN", 288},
+{"LEND", 1382},
+{"LENS", 1383},
+{"LENT", 1384},
+{"LEO", 289},
+{"LEON", 1385},
+{"LESK", 1386},
+{"LESS", 1387},
+{"LEST", 1388},
+{"LET", 290},
+{"LETS", 1389},
+{"LEW", 291},
+{"LIAR", 1390},
+{"LICE", 1391},
+{"LICK", 1392},
+{"LID", 292},
+{"LIE", 293},
+{"LIED", 1393},
+{"LIEN", 1394},
+{"LIES", 1395},
+{"LIEU", 1396},
+{"LIFE", 1397},
+{"LIFT", 1398},
+{"LIKE", 1399},
+{"LILA", 1400},
+{"LILT", 1401},
+{"LILY", 1402},
+{"LIMA", 1403},
+{"LIMB", 1404},
+{"LIME", 1405},
+{"LIN", 294},
+{"LIND", 1406},
+{"LINE", 1407},
+{"LINK", 1408},
+{"LINT", 1409},
+{"LION", 1410},
+{"LIP", 295},
+{"LISA", 1411},
+{"LIST", 1412},
+{"LIT", 296},
+{"LIVE", 1413},
+{"LO", 297},
+{"LOAD", 1414},
+{"LOAF", 1415},
+{"LOAM", 1416},
+{"LOAN", 1417},
+{"LOB", 298},
+{"LOCK", 1418},
+{"LOFT", 1419},
+{"LOG", 299},
+{"LOGE", 1420},
+{"LOIS", 1421},
+{"LOLA", 1422},
+{"LONE", 1423},
+{"LONG", 1424},
+{"LOOK", 1425},
+{"LOON", 1426},
+{"LOOT", 1427},
+{"LOP", 300},
+{"LORD", 1428},
+{"LORE", 1429},
+{"LOS", 301},
+{"LOSE", 1430},
+{"LOSS", 1431},
+{"LOST", 1432},
+{"LOT", 302},
+{"LOU", 303},
+{"LOUD", 1433},
+{"LOVE", 1434},
+{"LOW", 304},
+{"LOWE", 1435},
+{"LOY", 305},
+{"LUCK", 1436},
+{"LUCY", 1437},
+{"LUG", 306},
+{"LUGE", 1438},
+{"LUKE", 1439},
+{"LULU", 1440},
+{"LUND", 1441},
+{"LUNG", 1442},
+{"LURA", 1443},
+{"LURE", 1444},
+{"LURK", 1445},
+{"LUSH", 1446},
+{"LUST", 1447},
+{"LYE", 307},
+{"LYLE", 1448},
+{"LYNN", 1449},
+{"LYON", 1450},
+{"LYRA", 1451},
+{"MA", 308},
+{"MAC", 309},
+{"MACE", 1452},
+{"MAD", 310},
+{"MADE", 1453},
+{"MAE", 311},
+{"MAGI", 1454},
+{"MAID", 1455},
+{"MAIL", 1456},
+{"MAIN", 1457},
+{"MAKE", 1458},
+{"MALE", 1459},
+{"MALI", 1460},
+{"MALL", 1461},
+{"MALT", 1462},
+{"MAN", 312},
+{"MANA", 1463},
+{"MANN", 1464},
+{"MANY", 1465},
+{"MAO", 313},
+{"MAP", 314},
+{"MARC", 1466},
+{"MARE", 1467},
+{"MARK", 1468},
+{"MARS", 1469},
+{"MART", 1470},
+{"MARY", 1471},
+{"MASH", 1472},
+{"MASK", 1473},
+{"MASS", 1474},
+{"MAST", 1475},
+{"MAT", 315},
+{"MATE", 1476},
+{"MATH", 1477},
+{"MAUL", 1478},
+{"MAW", 316},
+{"MAY", 317},
+{"MAYO", 1479},
+{"ME", 318},
+{"MEAD", 1480},
+{"MEAL", 1481},
+{"MEAN", 1482},
+{"MEAT", 1483},
+{"MEEK", 1484},
+{"MEET", 1485},
+{"MEG", 319},
+{"MEL", 320},
+{"MELD", 1486},
+{"MELT", 1487},
+{"MEMO", 1488},
+{"MEN", 321},
+{"MEND", 1489},
+{"MENU", 1490},
+{"MERT", 1491},
+{"MESH", 1492},
+{"MESS", 1493},
+{"MET", 322},
+{"MEW", 323},
+{"MICE", 1494},
+{"MID", 324},
+{"MIKE", 1495},
+{"MILD", 1496},
+{"MILE", 1497},
+{"MILK", 1498},
+{"MILL", 1499},
+{"MILT", 1500},
+{"MIMI", 1501},
+{"MIN", 325},
+{"MIND", 1502},
+{"MINE", 1503},
+{"MINI", 1504},
+{"MINK", 1505},
+{"MINT", 1506},
+{"MIRE", 1507},
+{"MISS", 1508},
+{"MIST", 1509},
+{"MIT", 326},
+{"MITE", 1510},
+{"MITT", 1511},
+{"MOAN", 1512},
+{"MOAT", 1513},
+{"MOB", 327},
+{"MOCK", 1514},
+{"MOD", 328},
+{"MODE", 1515},
+{"MOE", 329},
+{"MOLD", 1516},
+{"MOLE", 1517},
+{"MOLL", 1518},
+{"MOLT", 1519},
+{"MONA", 1520},
+{"MONK", 1521},
+{"MONT", 1522},
+{"MOO", 330},
+{"MOOD", 1523},
+{"MOON", 1524},
+{"MOOR", 1525},
+{"MOOT", 1526},
+{"MOP", 331},
+{"MORE", 1527},
+{"MORN", 1528},
+{"MORT", 1529},
+{"MOS", 332},
+{"MOSS", 1530},
+{"MOST", 1531},
+{"MOT", 333},
+{"MOTH", 1532},
+{"MOVE", 1533},
+{"MOW", 334},
+{"MUCH", 1534},
+{"MUCK", 1535},
+{"MUD", 335},
+{"MUDD", 1536},
+{"MUFF", 1537},
+{"MUG", 336},
+{"MULE", 1538},
+{"MULL", 1539},
+{"MUM", 337},
+{"MURK", 1540},
+{"MUSH", 1541},
+{"MUST", 1542},
+{"MUTE", 1543},
+{"MUTT", 1544},
+{"MY", 338},
+{"MYRA", 1545},
+{"MYTH", 1546},
+{"NAB", 339},
+{"NAG", 340},
+{"NAGY", 1547},
+{"NAIL", 1548},
+{"NAIR", 1549},
+{"NAME", 1550},
+{"NAN", 341},
+{"NAP", 342},
+{"NARY", 1551},
+{"NASH", 1552},
+{"NAT", 343},
+{"NAVE", 1553},
+{"NAVY", 1554},
+{"NAY", 344},
+{"NE", 345},
+{"NEAL", 1555},
+{"NEAR", 1556},
+{"NEAT", 1557},
+{"NECK", 1558},
+{"NED", 346},
+{"NEE", 347},
+{"NEED", 1559},
+{"NEIL", 1560},
+{"NELL", 1561},
+{"NEON", 1562},
+{"NERO", 1563},
+{"NESS", 1564},
+{"NEST", 1565},
+{"NET", 348},
+{"NEW", 349},
+{"NEWS", 1566},
+{"NEWT", 1567},
+{"NIB", 350},
+{"NIBS", 1568},
+{"NICE", 1569},
+{"NICK", 1570},
+{"NIIL", 351},
+{"NILE", 1571},
+{"NINA", 1572},
+{"NINE", 1573},
+{"NIP", 352},
+{"NIT", 353},
+{"NO", 354},
+{"NOAH", 1574},
+{"NOB", 355},
+{"NOD", 356},
+{"NODE", 1575},
+{"NOEL", 1576},
+{"NOLL", 1577},
+{"NON", 357},
+{"NONE", 1578},
+{"NOOK", 1579},
+{"NOON", 1580},
+{"NOR", 358},
+{"NORM", 1581},
+{"NOSE", 1582},
+{"NOT", 359},
+{"NOTE", 1583},
+{"NOUN", 1584},
+{"NOV", 360},
+{"NOVA", 1585},
+{"NOW", 361},
+{"NU", 362},
+{"NUDE", 1586},
+{"NULL", 1587},
+{"NUMB", 1588},
+{"NUN", 363},
+{"NUT", 364},
+{"O", 365},
+{"OAF", 366},
+{"OAK", 367},
+{"OAR", 368},
+{"OAT", 369},
+{"OATH", 1589},
+{"OBEY", 1590},
+{"OBOE", 1591},
+{"ODD", 370},
+{"ODE", 371},
+{"ODIN", 1592},
+{"OF", 372},
+{"OFF", 373},
+{"OFT", 374},
+{"OH", 375},
+{"OHIO", 1593},
+{"OIL", 376},
+{"OILY", 1594},
+{"OINT", 1595},
+{"OK", 377},
+{"OKAY", 1596},
+{"OLAF", 1597},
+{"OLD", 378},
+{"OLDY", 1598},
+{"OLGA", 1599},
+{"OLIN", 1600},
+{"OMAN", 1601},
+{"OMEN", 1602},
+{"OMIT", 1603},
+{"ON", 379},
+{"ONCE", 1604},
+{"ONE", 380},
+{"ONES", 1605},
+{"ONLY", 1606},
+{"ONTO", 1607},
+{"ONUS", 1608},
+{"OR", 381},
+{"ORAL", 1609},
+{"ORB", 382},
+{"ORE", 383},
+{"ORGY", 1610},
+{"ORR", 384},
+{"OS", 385},
+{"OSLO", 1611},
+{"OTIS", 1612},
+{"OTT", 386},
+{"OTTO", 1613},
+{"OUCH", 1614},
+{"OUR", 387},
+{"OUST", 1615},
+{"OUT", 388},
+{"OUTS", 1616},
+{"OVA", 389},
+{"OVAL", 1617},
+{"OVEN", 1618},
+{"OVER", 1619},
+{"OW", 390},
+{"OWE", 391},
+{"OWL", 392},
+{"OWLY", 1620},
+{"OWN", 393},
+{"OWNS", 1621},
+{"OX", 394},
+{"PA", 395},
+{"PAD", 396},
+{"PAL", 397},
+{"PAM", 398},
+{"PAN", 399},
+{"PAP", 400},
+{"PAR", 401},
+{"PAT", 402},
+{"PAW", 403},
+{"PAY", 404},
+{"PEA", 405},
+{"PEG", 406},
+{"PEN", 407},
+{"PEP", 408},
+{"PER", 409},
+{"PET", 410},
+{"PEW", 411},
+{"PHI", 412},
+{"PI", 413},
+{"PIE", 414},
+{"PIN", 415},
+{"PIT", 416},
+{"PLY", 417},
+{"PO", 418},
+{"POD", 419},
+{"POE", 420},
+{"POP", 421},
+{"POT", 422},
+{"POW", 423},
+{"PRO", 424},
+{"PRY", 425},
+{"PUB", 426},
+{"PUG", 427},
+{"PUN", 428},
+{"PUP", 429},
+{"PUT", 430},
+{"QUAD", 1622},
+{"QUIT", 1623},
+{"QUO", 431},
+{"QUOD", 1624},
+{"RACE", 1625},
+{"RACK", 1626},
+{"RACY", 1627},
+{"RAFT", 1628},
+{"RAG", 432},
+{"RAGE", 1629},
+{"RAID", 1630},
+{"RAIL", 1631},
+{"RAIN", 1632},
+{"RAKE", 1633},
+{"RAM", 433},
+{"RAN", 434},
+{"RANK", 1634},
+{"RANT", 1635},
+{"RAP", 435},
+{"RARE", 1636},
+{"RASH", 1637},
+{"RAT", 436},
+{"RATE", 1638},
+{"RAVE", 1639},
+{"RAW", 437},
+{"RAY", 438},
+{"RAYS", 1640},
+{"READ", 1641},
+{"REAL", 1642},
+{"REAM", 1643},
+{"REAR", 1644},
+{"REB", 439},
+{"RECK", 1645},
+{"RED", 440},
+{"REED", 1646},
+{"REEF", 1647},
+{"REEK", 1648},
+{"REEL", 1649},
+{"REID", 1650},
+{"REIN", 1651},
+{"RENA", 1652},
+{"REND", 1653},
+{"RENT", 1654},
+{"REP", 441},
+{"REST", 1655},
+{"RET", 442},
+{"RIB", 443},
+{"RICE", 1656},
+{"RICH", 1657},
+{"RICK", 1658},
+{"RID", 444},
+{"RIDE", 1659},
+{"RIFT", 1660},
+{"RIG", 445},
+{"RILL", 1661},
+{"RIM", 446},
+{"RIME", 1662},
+{"RING", 1663},
+{"RINK", 1664},
+{"RIO", 447},
+{"RIP", 448},
+{"RISE", 1665},
+{"RISK", 1666},
+{"RITE", 1667},
+{"ROAD", 1668},
+{"ROAM", 1669},
+{"ROAR", 1670},
+{"ROB", 449},
+{"ROBE", 1671},
+{"ROCK", 1672},
+{"ROD", 450},
+{"RODE", 1673},
+{"ROE", 451},
+{"ROIL", 1674},
+{"ROLL", 1675},
+{"ROME", 1676},
+{"RON", 452},
+{"ROOD", 1677},
+{"ROOF", 1678},
+{"ROOK", 1679},
+{"ROOM", 1680},
+{"ROOT", 1681},
+{"ROSA", 1682},
+{"ROSE", 1683},
+{"ROSS", 1684},
+{"ROSY", 1685},
+{"ROT", 453},
+{"ROTH", 1686},
+{"ROUT", 1687},
+{"ROVE", 1688},
+{"ROW", 454},
+{"ROWE", 1689},
+{"ROWS", 1690},
+{"ROY", 455},
+{"RUB", 456},
+{"RUBE", 1691},
+{"RUBY", 1692},
+{"RUDE", 1693},
+{"RUDY", 1694},
+{"RUE", 457},
+{"RUG", 458},
+{"RUIN", 1695},
+{"RULE", 1696},
+{"RUM", 459},
+{"RUN", 460},
+{"RUNG", 1697},
+{"RUNS", 1698},
+{"RUNT", 1699},
+{"RUSE", 1700},
+{"RUSH", 1701},
+{"RUSK", 1702},
+{"RUSS", 1703},
+{"RUST", 1704},
+{"RUTH", 1705},
+{"RYE", 461},
+{"SAC", 462},
+{"SACK", 1706},
+{"SAD", 463},
+{"SAFE", 1707},
+{"SAG", 464},
+{"SAGE", 1708},
+{"SAID", 1709},
+{"SAIL", 1710},
+{"SAL", 465},
+{"SALE", 1711},
+{"SALK", 1712},
+{"SALT", 1713},
+{"SAM", 466},
+{"SAME", 1714},
+{"SAN", 467},
+{"SAND", 1715},
+{"SANE", 1716},
+{"SANG", 1717},
+{"SANK", 1718},
+{"SAP", 468},
+{"SARA", 1719},
+{"SAT", 469},
+{"SAUL", 1720},
+{"SAVE", 1721},
+{"SAW", 470},
+{"SAY", 471},
+{"SAYS", 1722},
+{"SCAN", 1723},
+{"SCAR", 1724},
+{"SCAT", 1725},
+{"SCOT", 1726},
+{"SEA", 472},
+{"SEAL", 1727},
+{"SEAM", 1728},
+{"SEAR", 1729},
+{"SEAT", 1730},
+{"SEC", 473},
+{"SEE", 474},
+{"SEED", 1731},
+{"SEEK", 1732},
+{"SEEM", 1733},
+{"SEEN", 1734},
+{"SEES", 1735},
+{"SELF", 1736},
+{"SELL", 1737},
+{"SEN", 475},
+{"SEND", 1738},
+{"SENT", 1739},
+{"SET", 476},
+{"SETS", 1740},
+{"SEW", 477},
+{"SEWN", 1741},
+{"SHAG", 1742},
+{"SHAM", 1743},
+{"SHAW", 1744},
+{"SHAY", 1745},
+{"SHE", 478},
+{"SHED", 1746},
+{"SHIM", 1747},
+{"SHIN", 1748},
+{"SHOD", 1749},
+{"SHOE", 1750},
+{"SHOT", 1751},
+{"SHOW", 1752},
+{"SHUN", 1753},
+{"SHUT", 1754},
+{"SHY", 479},
+{"SICK", 1755},
+{"SIDE", 1756},
+{"SIFT", 1757},
+{"SIGH", 1758},
+{"SIGN", 1759},
+{"SILK", 1760},
+{"SILL", 1761},
+{"SILO", 1762},
+{"SILT", 1763},
+{"SIN", 480},
+{"SINE", 1764},
+{"SING", 1765},
+{"SINK", 1766},
+{"SIP", 481},
+{"SIR", 482},
+{"SIRE", 1767},
+{"SIS", 483},
+{"SIT", 484},
+{"SITE", 1768},
+{"SITS", 1769},
+{"SITU", 1770},
+{"SKAT", 1771},
+{"SKEW", 1772},
+{"SKI", 485},
+{"SKID", 1773},
+{"SKIM", 1774},
+{"SKIN", 1775},
+{"SKIT", 1776},
+{"SKY", 486},
+{"SLAB", 1777},
+{"SLAM", 1778},
+{"SLAT", 1779},
+{"SLAY", 1780},
+{"SLED", 1781},
+{"SLEW", 1782},
+{"SLID", 1783},
+{"SLIM", 1784},
+{"SLIT", 1785},
+{"SLOB", 1786},
+{"SLOG", 1787},
+{"SLOT", 1788},
+{"SLOW", 1789},
+{"SLUG", 1790},
+{"SLUM", 1791},
+{"SLUR", 1792},
+{"SLY", 487},
+{"SMOG", 1793},
+{"SMUG", 1794},
+{"SNAG", 1795},
+{"SNOB", 1796},
+{"SNOW", 1797},
+{"SNUB", 1798},
+{"SNUG", 1799},
+{"SO", 488},
+{"SOAK", 1800},
+{"SOAR", 1801},
+{"SOB", 489},
+{"SOCK", 1802},
+{"SOD", 490},
+{"SODA", 1803},
+{"SOFA", 1804},
+{"SOFT", 1805},
+{"SOIL", 1806},
+{"SOLD", 1807},
+{"SOME", 1808},
+{"SON", 491},
+{"SONG", 1809},
+{"SOON", 1810},
+{"SOOT", 1811},
+{"SOP", 492},
+{"SORE", 1812},
+{"SORT", 1813},
+{"SOUL", 1814},
+{"SOUR", 1815},
+{"SOW", 493},
+{"SOWN", 1816},
+{"SOY", 494},
+{"SPA", 495},
+{"SPY", 496},
+{"STAB", 1817},
+{"STAG", 1818},
+{"STAN", 1819},
+{"STAR", 1820},
+{"STAY", 1821},
+{"STEM", 1822},
+{"STEW", 1823},
+{"STIR", 1824},
+{"STOW", 1825},
+{"STUB", 1826},
+{"STUN", 1827},
+{"SUB", 497},
+{"SUCH", 1828},
+{"SUD", 498},
+{"SUDS", 1829},
+{"SUE", 499},
+{"SUIT", 1830},
+{"SULK", 1831},
+{"SUM", 500},
+{"SUMS", 1832},
+{"SUN", 501},
+{"SUNG", 1833},
+{"SUNK", 1834},
+{"SUP", 502},
+{"SURE", 1835},
+{"SURF", 1836},
+{"SWAB", 1837},
+{"SWAG", 1838},
+{"SWAM", 1839},
+{"SWAN", 1840},
+{"SWAT", 1841},
+{"SWAY", 1842},
+{"SWIM", 1843},
+{"SWUM", 1844},
+{"TAB", 503},
+{"TACK", 1845},
+{"TACT", 1846},
+{"TAD", 504},
+{"TAG", 505},
+{"TAIL", 1847},
+{"TAKE", 1848},
+{"TALE", 1849},
+{"TALK", 1850},
+{"TALL", 1851},
+{"TAN", 506},
+{"TANK", 1852},
+{"TAP", 507},
+{"TAR", 508},
+{"TASK", 1853},
+{"TATE", 1854},
+{"TAUT", 1855},
+{"TEA", 509},
+{"TEAL", 1856},
+{"TEAM", 1857},
+{"TEAR", 1858},
+{"TECH", 1859},
+{"TED", 510},
+{"TEE", 511},
+{"TEEM", 1860},
+{"TEEN", 1861},
+{"TEET", 1862},
+{"TELL", 1863},
+{"TEN", 512},
+{"TEND", 1864},
+{"TENT", 1865},
+{"TERM", 1866},
+{"TERN", 1867},
+{"TESS", 1868},
+{"TEST", 1869},
+{"THAN", 1870},
+{"THAT", 1871},
+{"THE", 513},
+{"THEE", 1872},
+{"THEM", 1873},
+{"THEN", 1874},
+{"THEY", 1875},
+{"THIN", 1876},
+{"THIS", 1877},
+{"THUD", 1878},
+{"THUG", 1879},
+{"THY", 514},
+{"TIC", 515},
+{"TICK", 1880},
+{"TIDE", 1881},
+{"TIDY", 1882},
+{"TIE", 516},
+{"TIED", 1883},
+{"TIER", 1884},
+{"TILE", 1885},
+{"TILL", 1886},
+{"TILT", 1887},
+{"TIM", 517},
+{"TIME", 1888},
+{"TIN", 518},
+{"TINA", 1889},
+{"TINE", 1890},
+{"TINT", 1891},
+{"TINY", 1892},
+{"TIP", 519},
+{"TIRE", 1893},
+{"TO", 520},
+{"TOAD", 1894},
+{"TOE", 521},
+{"TOG", 522},
+{"TOGO", 1895},
+{"TOIL", 1896},
+{"TOLD", 1897},
+{"TOLL", 1898},
+{"TOM", 523},
+{"TON", 524},
+{"TONE", 1899},
+{"TONG", 1900},
+{"TONY", 1901},
+{"TOO", 525},
+{"TOOK", 1902},
+{"TOOL", 1903},
+{"TOOT", 1904},
+{"TOP", 526},
+{"TORE", 1905},
+{"TORN", 1906},
+{"TOTE", 1907},
+{"TOUR", 1908},
+{"TOUT", 1909},
+{"TOW", 527},
+{"TOWN", 1910},
+{"TOY", 528},
+{"TRAG", 1911},
+{"TRAM", 1912},
+{"TRAY", 1913},
+{"TREE", 1914},
+{"TREK", 1915},
+{"TRIG", 1916},
+{"TRIM", 1917},
+{"TRIO", 1918},
+{"TROD", 1919},
+{"TROT", 1920},
+{"TROY", 1921},
+{"TRUE", 1922},
+{"TRY", 529},
+{"TUB", 530},
+{"TUBA", 1923},
+{"TUBE", 1924},
+{"TUCK", 1925},
+{"TUFT", 1926},
+{"TUG", 531},
+{"TUM", 532},
+{"TUN", 533},
+{"TUNA", 1927},
+{"TUNE", 1928},
+{"TUNG", 1929},
+{"TURF", 1930},
+{"TURN", 1931},
+{"TUSK", 1932},
+{"TWIG", 1933},
+{"TWIN", 1934},
+{"TWIT", 1935},
+{"TWO", 534},
+{"ULAN", 1936},
+{"UN", 535},
+{"UNIT", 1937},
+{"UP", 536},
+{"URGE", 1938},
+{"US", 537},
+{"USE", 538},
+{"USED", 1939},
+{"USER", 1940},
+{"USES", 1941},
+{"UTAH", 1942},
+{"VAIL", 1943},
+{"VAIN", 1944},
+{"VALE", 1945},
+{"VAN", 539},
+{"VARY", 1946},
+{"VASE", 1947},
+{"VAST", 1948},
+{"VAT", 540},
+{"VEAL", 1949},
+{"VEDA", 1950},
+{"VEIL", 1951},
+{"VEIN", 1952},
+{"VEND", 1953},
+{"VENT", 1954},
+{"VERB", 1955},
+{"VERY", 1956},
+{"VET", 541},
+{"VETO", 1957},
+{"VICE", 1958},
+{"VIE", 542},
+{"VIEW", 1959},
+{"VINE", 1960},
+{"VISE", 1961},
+{"VOID", 1962},
+{"VOLT", 1963},
+{"VOTE", 1964},
+{"WACK", 1965},
+{"WAD", 543},
+{"WADE", 1966},
+{"WAG", 544},
+{"WAGE", 1967},
+{"WAIL", 1968},
+{"WAIT", 1969},
+{"WAKE", 1970},
+{"WALE", 1971},
+{"WALK", 1972},
+{"WALL", 1973},
+{"WALT", 1974},
+{"WAND", 1975},
+{"WANE", 1976},
+{"WANG", 1977},
+{"WANT", 1978},
+{"WAR", 545},
+{"WARD", 1979},
+{"WARM", 1980},
+{"WARN", 1981},
+{"WART", 1982},
+{"WAS", 546},
+{"WASH", 1983},
+{"WAST", 1984},
+{"WATS", 1985},
+{"WATT", 1986},
+{"WAVE", 1987},
+{"WAVY", 1988},
+{"WAY", 547},
+{"WAYS", 1989},
+{"WE", 548},
+{"WEAK", 1990},
+{"WEAL", 1991},
+{"WEAN", 1992},
+{"WEAR", 1993},
+{"WEB", 549},
+{"WED", 550},
+{"WEE", 551},
+{"WEED", 1994},
+{"WEEK", 1995},
+{"WEIR", 1996},
+{"WELD", 1997},
+{"WELL", 1998},
+{"WELT", 1999},
+{"WENT", 2000},
+{"WERE", 2001},
+{"WERT", 2002},
+{"WEST", 2003},
+{"WET", 552},
+{"WHAM", 2004},
+{"WHAT", 2005},
+{"WHEE", 2006},
+{"WHEN", 2007},
+{"WHET", 2008},
+{"WHO", 553},
+{"WHOA", 2009},
+{"WHOM", 2010},
+{"WHY", 554},
+{"WICK", 2011},
+{"WIFE", 2012},
+{"WILD", 2013},
+{"WILL", 2014},
+{"WIN", 555},
+{"WIND", 2015},
+{"WINE", 2016},
+{"WING", 2017},
+{"WINK", 2018},
+{"WINO", 2019},
+{"WIRE", 2020},
+{"WISE", 2021},
+{"WISH", 2022},
+{"WIT", 556},
+{"WITH", 2023},
+{"WOK", 557},
+{"WOLF", 2024},
+{"WON", 558},
+{"WONT", 2025},
+{"WOO", 559},
+{"WOOD", 2026},
+{"WOOL", 2027},
+{"WORD", 2028},
+{"WORE", 2029},
+{"WORK", 2030},
+{"WORM", 2031},
+{"WORN", 2032},
+{"WOVE", 2033},
+{"WOW", 560},
+{"WRIT", 2034},
+{"WRY", 561},
+{"WU", 562},
+{"WYNN", 2035},
+{"YALE", 2036},
+{"YAM", 563},
+{"YANG", 2037},
+{"YANK", 2038},
+{"YAP", 564},
+{"YARD", 2039},
+{"YARN", 2040},
+{"YAW", 565},
+{"YAWL", 2041},
+{"YAWN", 2042},
+{"YE", 566},
+{"YEA", 567},
+{"YEAH", 2043},
+{"YEAR", 2044},
+{"YELL", 2045},
+{"YES", 568},
+{"YET", 569},
+{"YOGA", 2046},
+{"YOKE", 2047},
+{"YOU", 570}
+};
diff --git a/crypto/heimdal/lib/otp/otp_print.c b/crypto/heimdal/lib/otp/otp_print.c
new file mode 100644
index 0000000..701a74c
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_print.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp_print.c,v 1.14 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include "otp_locl.h"
+
+extern const char *const std_dict[];
+
+unsigned
+otp_checksum (OtpKey key)
+{
+  int i;
+  unsigned sum = 0;
+
+  for (i = 0; i < OTPKEYSIZE; ++i)
+    sum += ((key[i] >> 0) & 0x03)
+      + ((key[i] >> 2) & 0x03) 
+      + ((key[i] >> 4) & 0x03)
+      + ((key[i] >> 6) & 0x03);
+  sum &= 0x03;
+  return sum;
+}
+
+void
+otp_print_stddict (OtpKey key, char *str, size_t sz)
+{
+  unsigned sum;
+
+  sum = otp_checksum (key);
+  snprintf (str, sz,
+	    "%s %s %s %s %s %s",
+	    std_dict[(key[0] << 3) | (key[1] >> 5)],
+	    std_dict[((key[1] & 0x1F) << 6) | (key[2] >> 2)],
+	    std_dict[((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7)],
+	    std_dict[((key[4] & 0x7F) << 4) | (key[5] >> 4)],
+	    std_dict[((key[5] & 0x0F) << 7) | (key[6] >> 1)],
+	    std_dict[((key[6] & 0x01) << 10) | (key[7] << 2) | sum]);
+}
+
+void
+otp_print_hex (OtpKey key, char *str, size_t sz)
+{
+  snprintf (str, sz,
+	    "%02x%02x%02x%02x%02x%02x%02x%02x",
+	    key[0], key[1], key[2], key[3], 
+	    key[4], key[5], key[6], key[7]);
+}
+
+void
+otp_print_hex_extended (OtpKey key, char *str, size_t sz)
+{
+  strlcpy (str, OTP_HEXPREFIX, sz);
+  otp_print_hex (key,
+		 str + strlen(OTP_HEXPREFIX),
+		 sz - strlen(OTP_HEXPREFIX));
+}
+
+void
+otp_print_stddict_extended (OtpKey key, char *str, size_t sz)
+{
+  strlcpy (str, OTP_WORDPREFIX, sz);
+  otp_print_stddict (key,
+		     str + strlen(OTP_WORDPREFIX),
+		     sz - strlen(OTP_WORDPREFIX));
+}
diff --git a/crypto/heimdal/lib/otp/otp_verify.c b/crypto/heimdal/lib/otp/otp_verify.c
new file mode 100644
index 0000000..5fec82e
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otp_verify.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otp_verify.c,v 1.7 2000/07/01 13:58:38 assar Exp $");
+#endif
+
+#include "otp_locl.h"
+
+int
+otp_verify_user_1 (OtpContext *ctx, const char *passwd)
+{
+  OtpKey key1, key2;
+
+  if (otp_parse (key1, passwd, ctx->alg)) {
+    ctx->err = "Syntax error in reply";
+    return -1;
+  }
+  memcpy (key2, key1, sizeof(key1));
+  ctx->alg->next (key2);
+  if (memcmp (ctx->key, key2, sizeof(key2)) == 0) {
+    --ctx->n;
+    memcpy (ctx->key, key1, sizeof(key1));
+    return 0;
+  } else
+    return -1;
+}
+
+int
+otp_verify_user (OtpContext *ctx, const char *passwd)
+{
+  void *dbm;
+  int ret;
+
+  if (!ctx->challengep)
+    return -1;
+  ret = otp_verify_user_1 (ctx, passwd);
+  dbm = otp_db_open ();
+  if (dbm == NULL) {
+    free(ctx->user);
+    return -1;
+  }
+  otp_put (dbm, ctx);
+  free(ctx->user);
+  otp_db_close (dbm);
+  return ret;
+}
diff --git a/crypto/heimdal/lib/otp/otptest.c b/crypto/heimdal/lib/otp/otptest.c
new file mode 100644
index 0000000..4eb342c
--- /dev/null
+++ b/crypto/heimdal/lib/otp/otptest.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+RCSID("$Id: otptest.c,v 1.6 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <otp.h>
+
+static int
+test_one(OtpKey key1, char *name, char *val,
+	 void (*print)(OtpKey,char*, size_t),
+	 OtpAlgorithm *alg)
+{
+  char buf[256];
+  OtpKey key2;
+
+  (*print)(key1, buf, sizeof(buf));
+  printf ("%s: %s, ", name, buf);
+  if (strcmp (buf, val) != 0) {
+    printf ("failed(*%s* != *%s*)\n", buf, val);
+    return 1;
+  }
+  if (otp_parse (key2, buf, alg)) {
+    printf ("parse of %s failed\n", name);
+    return 1;
+  }
+  if (memcmp (key1, key2, OTPKEYSIZE) != 0) {
+    printf ("key1 != key2, ");
+  }
+  printf ("success\n");
+  return 0;
+}
+
+static int
+test (void)
+{
+  struct test {
+    char *alg;
+    char *passphrase;
+    char *seed;
+    int count;
+    char *hex;
+    char *word;
+  } tests[] = {
+
+    /* md4 */
+    {"md4", "This is a test.", "TeSt", 0, "d1854218ebbb0b51", "ROME MUG FRED SCAN LIVE LACE"},
+    {"md4", "This is a test.", "TeSt", 1, "63473ef01cd0b444", "CARD SAD MINI RYE COL KIN"},
+    {"md4", "This is a test.", "TeSt", 99, "c5e612776e6c237a", "NOTE OUT IBIS SINK NAVE MODE"},
+    {"md4", "AbCdEfGhIjK", "alpha1", 0, "50076f47eb1ade4e", "AWAY SEN ROOK SALT LICE MAP"},
+    {"md4", "AbCdEfGhIjK", "alpha1", 1, "65d20d1949b5f7ab", "CHEW GRIM WU HANG BUCK SAID"},
+    {"md4", "AbCdEfGhIjK", "alpha1", 99, "d150c82cce6f62d1", "ROIL FREE COG HUNK WAIT COCA"},
+    {"md4", "OTP's are good", "correct", 0, "849c79d4f6f55388", "FOOL STEM DONE TOOL BECK NILE"},
+    {"md4", "OTP's are good", "correct", 1, "8c0992fb250847b1", "GIST AMOS MOOT AIDS FOOD SEEM"},
+    {"md4", "OTP's are good", "correct",99, "3f3bf4b4145fd74b", "TAG SLOW NOV MIN WOOL KENO"},
+
+
+    /* md5 */
+    {"md5", "This is a test.", "TeSt", 0, "9e876134d90499dd", "INCH SEA ANNE LONG AHEM TOUR"},
+    {"md5", "This is a test.", "TeSt", 1, "7965e05436f5029f", "EASE OIL FUM CURE AWRY AVIS"},
+    {"md5", "This is a test.", "TeSt", 99, "50fe1962c4965880", "BAIL TUFT BITS GANG CHEF THY"},
+    {"md5", "AbCdEfGhIjK", "alpha1",  0, "87066dd9644bf206", "FULL PEW DOWN ONCE MORT ARC"},
+    {"md5", "AbCdEfGhIjK", "alpha1",   1, "7cd34c1040add14b", "FACT HOOF AT FIST SITE KENT"},
+    {"md5", "AbCdEfGhIjK", "alpha1",  99, "5aa37a81f212146c", "BODE HOP JAKE STOW JUT RAP"},
+    {"md5", "OTP's are good", "correct", 0,  "f205753943de4cf9", "ULAN NEW ARMY FUSE SUIT EYED"},
+    {"md5", "OTP's are good", "correct", 1, "ddcdac956f234937", "SKIM CULT LOB SLAM POE HOWL"},
+    {"md5", "OTP's are good", "correct",99, "b203e28fa525be47", "LONG IVY JULY AJAR BOND LEE"},
+
+    /* sha */
+    {"sha", "This is a test.", "TeSt", 0, "bb9e6ae1979d8ff4", "MILT VARY MAST OK SEES WENT"},
+    {"sha", "This is a test.", "TeSt", 1, "63d936639734385b", "CART OTTO HIVE ODE VAT NUT"},
+    {"sha", "This is a test.", "TeSt", 99, "87fec7768b73ccf9", "GAFF WAIT SKID GIG SKY EYED"},
+    {"sha", "AbCdEfGhIjK", "alpha1", 0, "ad85f658ebe383c9", "LEST OR HEEL SCOT ROB SUIT"},
+    {"sha", "AbCdEfGhIjK", "alpha1", 1, "d07ce229b5cf119b", "RITE TAKE GELD COST TUNE RECK"},
+    {"sha", "AbCdEfGhIjK", "alpha1", 99, "27bc71035aaf3dc6", "MAY STAR TIN LYON VEDA STAN"},
+    {"sha", "OTP's are good", "correct", 0, "d51f3e99bf8e6f0b", "RUST WELT KICK FELL TAIL FRAU"},
+    {"sha", "OTP's are good", "correct", 1, "82aeb52d943774e4", "FLIT DOSE ALSO MEW DRUM DEFY"},
+    {"sha", "OTP's are good", "correct", 99, "4f296a74fe1567ec", "AURA ALOE HURL WING BERG WAIT"},
+    {NULL}
+  };
+
+  struct test *t;
+  int sum = 0;
+
+  for(t = tests; t->alg; ++t) {
+    int i;
+    OtpAlgorithm *alg = otp_find_alg (t->alg);
+    OtpKey key;
+
+    if (alg == NULL) {
+      printf ("Could not find alg %s\n", t->alg);
+      return 1;
+    }
+    if(alg->init (key, t->passphrase, t->seed))
+      return 1;
+    for (i = 0; i < t->count; ++i) {
+      if (alg->next (key))
+	return 1;
+    }
+    sum += test_one (key, "hexadecimal", t->hex, otp_print_hex,
+		     alg) +
+      test_one (key, "standard_word", t->word, otp_print_stddict, alg);
+  }
+  return sum;
+}
+
+int
+main (void)
+{
+  return test ();
+}
diff --git a/crypto/heimdal/lib/otp/roken_rename.h b/crypto/heimdal/lib/otp/roken_rename.h
new file mode 100644
index 0000000..202b9a6
--- /dev/null
+++ b/crypto/heimdal/lib/otp/roken_rename.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.2 1999/12/02 16:58:45 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#ifndef HAVE_SNPRINTF
+#define snprintf _otp_snprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _otp_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _otp_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _otp_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _otp_vasnprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _otp_vsnprintf
+#endif
+#ifndef HAVE_STRCASECMP
+#define strcasecmp _otp_strcasecmp
+#endif
+#ifndef HAVE_STRNCASECMP
+#define strncasecmp _otp_strncasecmp
+#endif
+#ifndef HAVE_STRLWR
+#define strlwr _otp_strlwr
+#endif
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog
index 2e3ee9d..cbc7393 100644
--- a/crypto/heimdal/lib/roken/ChangeLog
+++ b/crypto/heimdal/lib/roken/ChangeLog
@@ -1,3 +1,77 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: bump version to 12:0:3
+	* roken.h.in: re-add set_progname and get_progname for backwards
+	compatability
+	* warnerr.c: re-add set_progname and get_progname for backwards
+	compatability
+
+2001-05-12  Assar Westerlund  <assar@sics.se>
+
+	* glob.c: add limits.h, from <shadow@dementia.org>
+
+2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
+
+	* Makefile.am: bswap.c
+	
+	* bswap.c: bswap{16,32}
+	
+2001-05-08  Assar Westerlund  <assar@sics.se>
+
+	* freeaddrinfo.c (freeaddrinfo): also free every `struct
+	addrinfo'.  from <tmartin@mirapoint.com>
+
+2001-04-25  Assar Westerlund  <assar@sics.se>
+
+	* getarg.h (free_getarg_strings): add prototype
+	* getarg.c (free_getarg_strings): add function
+
+2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* getarg.c: pack short flag options togther, to shorten the usage
+	string
+
+2001-04-17  Johan Danielsson  <joda@pdc.kth.se>
+
+	* getifaddrs.c (getifaddrs2): close socket when done
+
+2001-03-26  Johan Danielsson  <joda@pdc.kth.se>
+
+	* roken.awk: END has to be last with Sun's awk
+
+2001-03-26  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (parse_something): do not check the return value
+	from strtod, it might return != 0.0 when the string has no digits.
+	just testing if it consumed any characters is enough and more
+	resilient
+	* glob.c: add GLOB_LIMIT (from NetBSD)
+
+2001-02-20  Assar Westerlund  <assar@sics.se>
+
+	* warnerr.c (warnerr): do not use __progname
+	* roken.h.in (setprogname, getprogname): add prototypes
+	* warnerr.c (setprogname, getprogname): rename to. change all
+	callers
+	
+2001-02-12  Assar Westerlund  <assar@sics.se>
+
+	* getnameinfo_verified.c (getnameinfo_verified): do the first
+	getnameinfo with NI_NUMERICSERV to avoid the error that bind 8.2.3
+	reports on not finding the service
+	(ENI_NOSERVNAME).  reported by Ake Sandgren <ake@cs.umu.se>
+
+2001-02-09  Assar Westerlund  <assar@sics.se>
+
+	* getnameinfo.c (doit): call inet_ntop with correct af, noted by
+	Ake Sandgren <ake@cs.umu.se>
+
+2001-02-08  Assar Westerlund  <assar@sics.se>
+
+	* getnameinfo_verified.c (getnameinfo_verified): always capture
+	the service from getnameinfo so it can be sent back to getaddrinfo
+	and set socktype to avoid getaddrinfo not returning any addresses
+
 2001-01-30  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am (libroken_la_LDFLAGS): bump version to 11:1:2
diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am
index 23f2d59..ce874b0 100644
--- a/crypto/heimdal/lib/roken/Makefile.am
+++ b/crypto/heimdal/lib/roken/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.94 2001/01/30 01:53:30 assar Exp $
+# $Id: Makefile.am,v 1.96 2001/05/16 23:57:10 assar Exp $
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
 
@@ -10,7 +10,7 @@ ACLOCAL_AMFLAGS = -I ../../cf
 CLEANFILES = roken.h make-roken.c $(XHEADERS)
 
 lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 11:1:2
+libroken_la_LDFLAGS = -version-info 12:0:3
 
 noinst_PROGRAMS = make-roken
 
@@ -34,6 +34,7 @@ parse_bytes_test_LDADD = $(common_LDADD)
 
 libroken_la_SOURCES =		\
 	base64.c		\
+	bswap.c			\
 	concat.c		\
 	emalloc.c		\
 	environment.c		\
diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in
index c779d46..b72df46 100644
--- a/crypto/heimdal/lib/roken/Makefile.in
+++ b/crypto/heimdal/lib/roken/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,7 +114,7 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.94 2001/01/30 01:53:30 assar Exp $
+# $Id: Makefile.am,v 1.96 2001/05/16 23:57:10 assar Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -125,7 +126,7 @@ ACLOCAL_AMFLAGS = -I ../../cf
 CLEANFILES = roken.h make-roken.c $(XHEADERS)
 
 lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 11:1:2
+libroken_la_LDFLAGS = -version-info 12:0:3
 
 noinst_PROGRAMS = make-roken
 
@@ -148,6 +149,7 @@ parse_bytes_test_LDADD = $(common_LDADD)
 
 libroken_la_SOURCES = \
 	base64.c		\
+	bswap.c			\
 	concat.c		\
 	emalloc.c		\
 	environment.c		\
@@ -314,8 +316,8 @@ X_LIBS = @X_LIBS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 libroken_la_DEPENDENCIES =  @LTLIBOBJS@
-am_libroken_la_OBJECTS =  base64.lo concat.lo emalloc.lo environment.lo \
-eread.lo erealloc.lo esetenv.lo estrdup.lo ewrite.lo \
+am_libroken_la_OBJECTS =  base64.lo bswap.lo concat.lo emalloc.lo \
+environment.lo eread.lo erealloc.lo esetenv.lo estrdup.lo ewrite.lo \
 getaddrinfo_hostspec.lo get_default_username.lo get_window_size.lo \
 getarg.lo getnameinfo_verified.lo issuid.lo k_getpwnam.lo k_getpwuid.lo \
 mini_inetd.lo net_read.lo net_write.lo parse_bytes.lo parse_time.lo \
@@ -358,7 +360,7 @@ HEADERS =  $(include_HEADERS) $(nodist_include_HEADERS)
 
 depcomp = 
 DIST_COMMON =  $(include_HEADERS) ChangeLog Makefile.am Makefile.in \
-acinclude.m4 getcap.c getcwd.c getnameinfo.c glob.c install-sh \
+acinclude.m4 getcap.c getnameinfo.c glob.c install-sh \
 make-print-version.c missing mkinstalldirs
 
 
@@ -370,7 +372,7 @@ OBJECTS = $(am_libroken_la_OBJECTS) getaddrinfo-test.$(OBJEXT) $(nodist_make_rok
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .c .h .hin .lo .o .obj
+.SUFFIXES: .hin .c .h .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) 
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/roken/Makefile
 
@@ -529,6 +531,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -616,6 +623,9 @@ check-am: all-am
 check: check-am
 installcheck-am:
 installcheck: installcheck-am
+all-recursive-am: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
 install-exec-am: install-libLTLIBRARIES
 install-exec: install-exec-am
 
@@ -693,9 +703,9 @@ maintainer-clean-noinstPROGRAMS uninstall-includeHEADERS \
 install-includeHEADERS uninstall-nodist_includeHEADERS \
 install-nodist_includeHEADERS tags mostlyclean-tags distclean-tags \
 clean-tags maintainer-clean-tags check-TESTS distdir info-am info \
-dvi-am dvi check check-am installcheck-am installcheck install-exec-am \
-install-exec install-data-am install-data install-am install \
-uninstall-am uninstall all-redirect all-am all install-strip \
+dvi-am dvi check check-am installcheck-am installcheck all-recursive-am \
+install-exec-am install-exec install-data-am install-data install-am \
+install uninstall-am uninstall all-redirect all-am all install-strip \
 installdirs mostlyclean-generic distclean-generic clean-generic \
 maintainer-clean-generic clean mostlyclean distclean maintainer-clean
 
diff --git a/crypto/heimdal/lib/roken/bswap.c b/crypto/heimdal/lib/roken/bswap.c
new file mode 100644
index 0000000..c57dc6f
--- /dev/null
+++ b/crypto/heimdal/lib/roken/bswap.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: bswap.c,v 1.3 2001/05/18 15:32:11 joda Exp $");
+
+#ifndef HAVE_BSWAP32
+
+unsigned int
+bswap32 (unsigned int val)
+{
+    return (val & 0xff) << 24 |
+	(val & 0xff00) << 8 |
+	(val & 0xff0000) >> 8 |
+	(val & 0xff000000) >> 24;
+}
+#endif
+
+#ifndef HAVE_BSWAP16
+
+unsigned short
+bswap16 (unsigned short val)
+{
+    return (val & 0xff) << 8 |
+	(val & 0xff00) >> 8;
+}
+#endif
diff --git a/crypto/heimdal/lib/roken/freeaddrinfo.c b/crypto/heimdal/lib/roken/freeaddrinfo.c
index f963d15..56124e5 100644
--- a/crypto/heimdal/lib/roken/freeaddrinfo.c
+++ b/crypto/heimdal/lib/roken/freeaddrinfo.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: freeaddrinfo.c,v 1.2 1999/12/03 04:10:06 assar Exp $");
+RCSID("$Id: freeaddrinfo.c,v 1.4 2001/05/11 09:10:32 joda Exp $");
 #endif
 
 #include "roken.h"
@@ -45,8 +45,13 @@ RCSID("$Id: freeaddrinfo.c,v 1.2 1999/12/03 04:10:06 assar Exp $");
 void
 freeaddrinfo(struct addrinfo *ai)
 {
-    for (; ai != NULL; ai = ai->ai_next) {
+    struct addrinfo *tofree;
+
+    while(ai != NULL) {
 	free (ai->ai_canonname);
 	free (ai->ai_addr);
+	tofree = ai;
+	ai = ai->ai_next;
+	free (tofree);
     }
 }
diff --git a/crypto/heimdal/lib/roken/getaddrinfo-test.c b/crypto/heimdal/lib/roken/getaddrinfo-test.c
index 0e3afc5..4274081 100644
--- a/crypto/heimdal/lib/roken/getaddrinfo-test.c
+++ b/crypto/heimdal/lib/roken/getaddrinfo-test.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getaddrinfo-test.c,v 1.3 2000/07/08 14:22:09 assar Exp $");
+RCSID("$Id: getaddrinfo-test.c,v 1.4 2001/02/20 01:44:54 assar Exp $");
 #endif
 
 #include "roken.h"
@@ -112,7 +112,7 @@ main(int argc, char **argv)
     int optind = 0;
     int i;
 
-    set_progname (argv[0]);
+    setprogname (argv[0]);
 
     if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
 		&optind))
@@ -122,7 +122,7 @@ main(int argc, char **argv)
 	usage (0);
 
     if (version_flag) {
-	fprintf (stderr, "%s from %s-%s)\n", __progname, PACKAGE, VERSION);
+	fprintf (stderr, "%s from %s-%s)\n", getprogname(), PACKAGE, VERSION);
 	return 0;
     }
 
diff --git a/crypto/heimdal/lib/roken/getarg.c b/crypto/heimdal/lib/roken/getarg.c
index 342388e..dc2df50 100644
--- a/crypto/heimdal/lib/roken/getarg.c
+++ b/crypto/heimdal/lib/roken/getarg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getarg.c,v 1.37 2000/12/25 17:03:15 assar Exp $");
+RCSID("$Id: getarg.c,v 1.40 2001/04/25 12:06:10 assar Exp $");
 #endif
 
 #include <stdio.h>
@@ -211,7 +211,7 @@ arg_printusage (struct getargs *args,
     struct winsize ws;
 
     if (progname == NULL)
-	progname = __progname;
+	progname = getprogname();
 
     if(getenv("GETARGMANDOC")){
 	mandoc_template(args, num_args, progname, extra_string);
@@ -223,6 +223,23 @@ arg_printusage (struct getargs *args,
 	columns = 80;
     col = 0;
     col += fprintf (stderr, "Usage: %s", progname);
+    buf[0] = '\0';
+    for (i = 0; i < num_args; ++i) {
+	if(args[i].short_name && ISFLAG(args[i])) {
+	    char s[2];
+	    if(buf[0] == '\0')
+		strlcpy(buf, "[-", sizeof(buf));
+	    s[0] = args[i].short_name;
+	    s[1] = '\0';
+	    strlcat(buf, s, sizeof(buf));
+	}
+    }
+    if(buf[0] != '\0') {
+	strlcat(buf, "]", sizeof(buf));
+	col = check_column(stderr, col, strlen(buf) + 1, columns);
+	col += fprintf(stderr, " %s", buf);
+    }
+
     for (i = 0; i < num_args; ++i) {
 	size_t len = 0;
 
@@ -244,7 +261,7 @@ arg_printusage (struct getargs *args,
 	    col = check_column(stderr, col, strlen(buf) + 1, columns);
 	    col += fprintf(stderr, " %s", buf);
 	}
-	if (args[i].short_name) {
+	if (args[i].short_name && !ISFLAG(args[i])) {
 	    snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
 	    len += 2;
 	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
@@ -528,6 +545,12 @@ getarg(struct getargs *args, size_t num_args,
     return ret;
 }
 
+void
+free_getarg_strings (getarg_strings *s)
+{
+    free (s->strings);
+}
+
 #if TEST
 int foo_flag = 2;
 int flag1 = 0;
diff --git a/crypto/heimdal/lib/roken/getarg.h b/crypto/heimdal/lib/roken/getarg.h
index 7fd374b..3892eb4 100644
--- a/crypto/heimdal/lib/roken/getarg.h
+++ b/crypto/heimdal/lib/roken/getarg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: getarg.h,v 1.10 1999/12/02 16:58:46 joda Exp $ */
+/* $Id: getarg.h,v 1.11 2001/04/25 12:06:37 assar Exp $ */
 
 #ifndef __GETARG_H__
 #define __GETARG_H__
@@ -86,4 +86,6 @@ void arg_printusage (struct getargs *args,
 		     const char *progname,
 		     const char *extra_string);
 
+void free_getarg_strings (getarg_strings *);
+
 #endif /* __GETARG_H__ */
diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c
index e8e3e54..04935ed 100644
--- a/crypto/heimdal/lib/roken/getifaddrs.c
+++ b/crypto/heimdal/lib/roken/getifaddrs.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getifaddrs.c,v 1.4 2001/01/28 23:02:46 assar Exp $");
+RCSID("$Id: getifaddrs.c,v 1.5 2001/04/17 08:27:47 joda Exp $");
 #endif
 #include "roken.h"
 
@@ -170,9 +170,11 @@ getifaddrs2(struct ifaddrs **ifap,
 	
     }
     *ifap = start;
+    close(fd);
     free(buf);
     return 0;
   error_out:
+    close(fd);
     free(buf);
     errno = ret;
     return -1;
diff --git a/crypto/heimdal/lib/roken/getnameinfo.c b/crypto/heimdal/lib/roken/getnameinfo.c
index 7e2d232..0f0cbd1 100644
--- a/crypto/heimdal/lib/roken/getnameinfo.c
+++ b/crypto/heimdal/lib/roken/getnameinfo.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getnameinfo.c,v 1.2 1999/12/03 04:10:07 assar Exp $");
+RCSID("$Id: getnameinfo.c,v 1.3 2001/02/09 14:45:30 assar Exp $");
 #endif
 
 #include "roken.h"
@@ -64,7 +64,7 @@ doit (int af,
 		}
 	    } else if (flags & NI_NAMEREQD) {
 		return EAI_NONAME;
-	    } else if (inet_ntop (AF_INET, addr, host, hostlen) == NULL)
+	    } else if (inet_ntop (af, addr, host, hostlen) == NULL)
 		return EAI_SYSTEM;
 	}
     }
diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c
index 30384ed..de3c8bf 100644
--- a/crypto/heimdal/lib/roken/getnameinfo_verified.c
+++ b/crypto/heimdal/lib/roken/getnameinfo_verified.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getnameinfo_verified.c,v 1.3 2000/06/28 01:21:53 assar Exp $");
+RCSID("$Id: getnameinfo_verified.c,v 1.5 2001/02/12 13:55:07 assar Exp $");
 #endif
 
 #include "roken.h"
@@ -46,14 +46,25 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
 {
     int ret;
     struct addrinfo *ai, *a;
+    char servbuf[NI_MAXSERV];
+    struct addrinfo hints;
 
     if (host == NULL)
 	return EAI_NONAME;
 
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, flags);
+    if (serv == NULL) {
+	serv = servbuf;
+	servlen = sizeof(servbuf);
+    }
+
+    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
+		       flags | NI_NUMERICSERV);
     if (ret)
 	return ret;
-    ret = getaddrinfo (host, serv, NULL, &ai);
+
+    memset (&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_STREAM;
+    ret = getaddrinfo (host, serv, &hints, &ai);
     if (ret)
 	return ret;
     for (a = ai; a != NULL; a = a->ai_next) {
diff --git a/crypto/heimdal/lib/roken/glob.c b/crypto/heimdal/lib/roken/glob.c
index 66e8ec6..e4bc0dc 100644
--- a/crypto/heimdal/lib/roken/glob.c
+++ b/crypto/heimdal/lib/roken/glob.c
@@ -87,6 +87,9 @@
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
 
 #include "glob.h"
 #include "roken.h"
@@ -145,16 +148,16 @@ static int	 compare (const void *, const void *);
 static void	 g_Ctoc (const Char *, char *);
 static int	 g_lstat (Char *, struct stat *, glob_t *);
 static DIR	*g_opendir (Char *, glob_t *);
-static Char	*g_strchr (Char *, int);
+static Char	*g_strchr (const Char *, int);
 #ifdef notdef
 static Char	*g_strcat (Char *, const Char *);
 #endif
 static int	 g_stat (Char *, struct stat *, glob_t *);
 static int	 glob0 (const Char *, glob_t *);
-static int	 glob1 (Char *, glob_t *);
-static int	 glob2 (Char *, Char *, Char *, glob_t *);
-static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *);
-static int	 globextend (const Char *, glob_t *);
+static int	 glob1 (Char *, glob_t *, size_t *);
+static int	 glob2 (Char *, Char *, Char *, glob_t *, size_t *);
+static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *, size_t *);
+static int	 globextend (const Char *, glob_t *, size_t *);
 static const Char *	 globtilde (const Char *, Char *, glob_t *);
 static int	 globexp1 (const Char *, glob_t *);
 static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
@@ -173,7 +176,7 @@ glob(const char *pattern,
 	int c;
 	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
 
-	patnext = (u_char *) pattern;
+	patnext = (const u_char *) pattern;
 	if (!(flags & GLOB_APPEND)) {
 		pglob->gl_pathc = 0;
 		pglob->gl_pathv = NULL;
@@ -224,7 +227,7 @@ static int globexp1(const Char *pattern, glob_t *pglob)
 	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
 		return glob0(pattern, pglob);
 
-	while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
+	while ((ptr = (const Char *) g_strchr(ptr, CHAR_LBRACE)) != NULL)
 		if (!globexp2(ptr, pattern, pglob, &rv))
 			return rv;
 
@@ -405,6 +408,7 @@ glob0(const Char *pattern, glob_t *pglob)
 	const Char *qpatnext;
 	int c, err, oldpathc;
 	Char *bufnext, patbuf[MaxPathLen+1];
+	size_t limit = 0;
 
 	qpatnext = globtilde(pattern, patbuf, pglob);
 	oldpathc = pglob->gl_pathc;
@@ -418,7 +422,7 @@ glob0(const Char *pattern, glob_t *pglob)
 			if (c == CHAR_NOT)
 				++qpatnext;
 			if (*qpatnext == CHAR_EOS ||
-			    g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
+			    g_strchr(qpatnext+1, CHAR_RBRACKET) == NULL) {
 				*bufnext++ = CHAR_LBRACKET;
 				if (c == CHAR_NOT)
 					--qpatnext;
@@ -462,7 +466,7 @@ glob0(const Char *pattern, glob_t *pglob)
 	qprintf("glob0:", patbuf);
 #endif
 
-	if ((err = glob1(patbuf, pglob)) != 0)
+	if ((err = glob1(patbuf, pglob, &limit)) != 0)
 		return(err);
 
 	/*
@@ -475,7 +479,7 @@ glob0(const Char *pattern, glob_t *pglob)
 	    ((pglob->gl_flags & GLOB_NOCHECK) || 
 	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
 	       !(pglob->gl_flags & GLOB_MAGCHAR))))
-		return(globextend(pattern, pglob));
+		return(globextend(pattern, pglob, &limit));
 	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
 		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
 		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
@@ -489,14 +493,14 @@ compare(const void *p, const void *q)
 }
 
 static int
-glob1(Char *pattern, glob_t *pglob)
+glob1(Char *pattern, glob_t *pglob, size_t *limit)
 {
 	Char pathbuf[MaxPathLen+1];
 
 	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
 	if (*pattern == CHAR_EOS)
 		return(0);
-	return(glob2(pathbuf, pathbuf, pattern, pglob));
+	return(glob2(pathbuf, pathbuf, pattern, pglob, limit));
 }
 
 /*
@@ -514,7 +518,8 @@ glob1(Char *pattern, glob_t *pglob)
 #endif
 
 static int
-glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
+glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob,
+      size_t *limit)
 {
 	struct stat sb;
 	Char *p, *q;
@@ -539,7 +544,7 @@ glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
 				*pathend = CHAR_EOS;
 			}
 			++pglob->gl_matchc;
-			return(globextend(pathbuf, pglob));
+			return(globextend(pathbuf, pglob, limit));
 		}
 
 		/* Find end of next segment, copy tentatively to pathend. */
@@ -557,14 +562,15 @@ glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
 			while (*pattern == CHAR_SEP)
 				*pathend++ = *pattern++;
 		} else			/* Need expansion, recurse. */
-			return(glob3(pathbuf, pathend, pattern, p, pglob));
+			return(glob3(pathbuf, pathend, pattern, p, pglob,
+			    limit));
 	}
-	/* CHAR_NOTREACHED */
+	/* NOTREACHED */
 }
 
 static int
 glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
-      glob_t *pglob)
+      glob_t *pglob, size_t *limit)
 {
 	struct dirent *dp;
 	DIR *dirp;
@@ -614,7 +620,7 @@ glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern,
 			*pathend = CHAR_EOS;
 			continue;
 		}
-		err = glob2(pathbuf, --dc, restpattern, pglob);
+		err = glob2(pathbuf, --dc, restpattern, pglob, limit);
 		if (err)
 			break;
 	}
@@ -642,11 +648,11 @@ glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern,
  *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
  */
 static int
-globextend(const Char *path, glob_t *pglob)
+globextend(const Char *path, glob_t *pglob, size_t *limit)
 {
 	char **pathv;
 	int i;
-	u_int newsize;
+	size_t newsize, len;
 	char *copy;
 	const Char *p;
 
@@ -667,11 +673,19 @@ globextend(const Char *path, glob_t *pglob)
 
 	for (p = path; *p++;)
 		continue;
-	if ((copy = malloc(p - path)) != NULL) {
+	len = (size_t)(p - path);
+	*limit += len;
+	if ((copy = malloc(len)) != NULL) {
 		g_Ctoc(path, copy);
 		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
 	}
 	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+
+	if ((pglob->gl_flags & GLOB_LIMIT) && (newsize + *limit) >= ARG_MAX) {
+		errno = 0;
+		return(GLOB_NOSPACE);
+	}
+
 	return(copy == NULL ? GLOB_NOSPACE : 0);
 }
 
@@ -739,6 +753,7 @@ globfree(glob_t *pglob)
 			if (*pp)
 				free(*pp);
 		free(pglob->gl_pathv);
+		pglob->gl_pathv = NULL;
 	}
 }
 
@@ -781,11 +796,11 @@ g_stat(Char *fn, struct stat *sb, glob_t *pglob)
 }
 
 static Char *
-g_strchr(Char *str, int ch)
+g_strchr(const Char *str, int ch)
 {
 	do {
 		if (*str == ch)
-			return (str);
+			return (Char *)str;
 	} while (*str++);
 	return (NULL);
 }
diff --git a/crypto/heimdal/lib/roken/glob.hin b/crypto/heimdal/lib/roken/glob.hin
index bece48a..98d8796 100644
--- a/crypto/heimdal/lib/roken/glob.hin
+++ b/crypto/heimdal/lib/roken/glob.hin
@@ -74,6 +74,7 @@ typedef struct {
 #define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
 #define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
 #define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
+#define GLOB_LIMIT	0x1000	/* Limit memory used by matches to ARG_MAX */
 
 #define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
 #define	GLOB_ABEND	(-2)	/* Unignored error. */
diff --git a/crypto/heimdal/lib/roken/inet_ntop.c b/crypto/heimdal/lib/roken/inet_ntop.c
index 382b351..63c99a5 100644
--- a/crypto/heimdal/lib/roken/inet_ntop.c
+++ b/crypto/heimdal/lib/roken/inet_ntop.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: inet_ntop.c,v 1.4 2000/07/27 16:24:00 assar Exp $");
+RCSID("$Id: inet_ntop.c,v 1.5 2001/04/04 23:58:01 assar Exp $");
 #endif
 
 #include <roken.h>
@@ -92,7 +92,7 @@ inet_ntop_v6 (const void *src, char *dst, size_t size)
 	return NULL;
     }
     for (i = 0; i < 8; ++i) {
-	int non_zerop = 1;
+	int non_zerop = 0;
 
 	if (non_zerop || (ptr[0] >> 4)) {
 	    *dst++ = xdigits[ptr[0] >> 4];
@@ -106,10 +106,7 @@ inet_ntop_v6 (const void *src, char *dst, size_t size)
 	    *dst++ = xdigits[ptr[1] >> 4];
 	    non_zerop = 1;
 	}
-	if (non_zerop || (ptr[1] & 0x0F)) {
-	    *dst++ = xdigits[ptr[1] & 0x0F];
-	    non_zerop = 1;
-	}
+	*dst++ = xdigits[ptr[1] & 0x0F];
 	if (i != 7)
 	    *dst++ = ':';
 	ptr += 2;
diff --git a/crypto/heimdal/lib/roken/parse_units.c b/crypto/heimdal/lib/roken/parse_units.c
index 34c5030..2b32ad6 100644
--- a/crypto/heimdal/lib/roken/parse_units.c
+++ b/crypto/heimdal/lib/roken/parse_units.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: parse_units.c,v 1.12 1999/12/02 16:58:51 joda Exp $");
+RCSID("$Id: parse_units.c,v 1.13 2001/03/26 00:47:06 assar Exp $");
 #endif
 
 #include <stdio.h>
@@ -84,7 +84,8 @@ parse_something (const char *s, const struct units *units,
 	    ++p;
 
 	val = strtod (p, &next); /* strtol(p, &next, 0); */
-	if (val == 0 && p == next) {
+	if (p == next) {
+	    val = 0;
 	    if(!accept_no_val_p)
 		return -1;
 	    no_val_p = 1;
diff --git a/crypto/heimdal/lib/roken/print_version.c b/crypto/heimdal/lib/roken/print_version.c
index 8b505fa..b5ce816 100644
--- a/crypto/heimdal/lib/roken/print_version.c
+++ b/crypto/heimdal/lib/roken/print_version.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: print_version.c,v 1.7 2001/01/30 03:05:29 assar Exp $");
+RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
 #endif
 #include "roken.h"
 
@@ -49,7 +49,7 @@ print_version(const char *progname)
     int i;
     
     if(progname == NULL)
-	progname = __progname;
+	progname = getprogname();
     
     if(num_args == 0)
 	msg = "no version information";
diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk
index c1676f7..057b4fd 100644
--- a/crypto/heimdal/lib/roken/roken.awk
+++ b/crypto/heimdal/lib/roken/roken.awk
@@ -1,4 +1,4 @@
-# $Id: roken.awk,v 1.6 2000/08/16 01:56:30 assar Exp $
+# $Id: roken.awk,v 1.7 2001/03/26 09:26:35 joda Exp $
 
 BEGIN {
 	print "#include <stdio.h>"
@@ -14,13 +14,6 @@ BEGIN {
 	print "puts(\"#define __ROKEN_H__\");"
 	print "puts(\"\");"
 }
-END {
-	print "puts(\"#define ROKEN_VERSION \" VERSION );"
-	print "puts(\"\");"
-	print "puts(\"#endif /* __ROKEN_H__ */\");"
-	print "return 0;"
-	print "}"
-}
 
 $1 == "\#ifdef" || $1 == "\#ifndef" || $1 == "\#if" || $1 == "\#else" || $1 == "\#elif" || $1 == "\#endif" || $1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#elif" || $1 == "#endif" {
 	print $0;
@@ -37,3 +30,11 @@ $1 == "\#ifdef" || $1 == "\#ifndef" || $1 == "\#if" || $1 == "\#else" || $1 == "
 	}
 	print "puts(\"" s "\");"
 }
+
+END {
+	print "puts(\"#define ROKEN_VERSION \" VERSION );"
+	print "puts(\"\");"
+	print "puts(\"#endif /* __ROKEN_H__ */\");"
+	print "return 0;"
+	print "}"
+}
diff --git a/crypto/heimdal/lib/roken/roken.h.in b/crypto/heimdal/lib/roken/roken.h.in
index b16ae5d..538a530 100644
--- a/crypto/heimdal/lib/roken/roken.h.in
+++ b/crypto/heimdal/lib/roken/roken.h.in
@@ -32,7 +32,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: roken.h.in,v 1.148 2001/01/27 05:28:09 assar Exp $ */
+/* $Id: roken.h.in,v 1.157 2001/05/18 18:00:12 assar Exp $ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -47,9 +47,21 @@ struct sockaddr_dl;
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -352,6 +364,14 @@ mkstemp(char *template);
 void pidfile (const char*);
 #endif
 
+#ifndef HAVE_BSWAP32
+unsigned int bswap32(unsigned int);
+#endif
+
+#ifndef HAVE_BSWAP16
+unsigned short bswap16(unsigned short);
+#endif
+
 #ifndef HAVE_FLOCK
 #ifndef LOCK_SH
 #define LOCK_SH   1		/* Shared lock */
@@ -587,6 +607,14 @@ struct hostent* roken_gethostbyaddr(const void*, size_t, int);
 #define roken_getsockname(a,b,c) getsockname(a, b, (void*)c)
 #endif
 
+#ifndef HAVE_SETPROGNAME
+void setprogname(const char *argv0);
+#endif
+
+#ifndef HAVE_GETPROGNAME
+const char *getprogname(void);
+#endif
+
 void set_progname(char *argv0);
 const char *get_progname(void);
 
diff --git a/crypto/heimdal/lib/roken/warnerr.c b/crypto/heimdal/lib/roken/warnerr.c
index f57c90e..0ebae25 100644
--- a/crypto/heimdal/lib/roken/warnerr.c
+++ b/crypto/heimdal/lib/roken/warnerr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan 
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan 
  * (Royal Institute of Technology, Stockholm, Sweden).  
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: warnerr.c,v 1.9 2000/07/25 09:54:05 joda Exp $");
+RCSID("$Id: warnerr.c,v 1.13 2001/05/16 23:54:19 assar Exp $");
 #endif
 
 #include "roken.h"
@@ -43,14 +43,17 @@ RCSID("$Id: warnerr.c,v 1.9 2000/07/25 09:54:05 joda Exp $");
 const char *__progname;
 #endif
 
+#ifndef HAVE_GETPROGNAME
 const char *
-get_progname(void)
+getprogname(void)
 {
     return __progname;
 }
+#endif
 
+#ifndef HAVE_SETPROGNAME
 void
-set_progname(char *argv0)
+setprogname(const char *argv0)
 {
 #ifndef HAVE___PROGNAME
     char *p;
@@ -64,13 +67,28 @@ set_progname(char *argv0)
     __progname = p;
 #endif
 }
+#endif /* HAVE_SETPROGNAME */
+
+void
+set_progname(char *argv0)
+{
+    setprogname ((const char *)argv0);
+}
+
+const char *
+get_progname (void)
+{
+    return getprogname ();
+}
 
 void
 warnerr(int doerrno, const char *fmt, va_list ap)
 {
     int sverrno = errno;
-    if(__progname != NULL){
-	fprintf(stderr, "%s", __progname);
+    const char *progname = getprogname();
+
+    if(progname != NULL){
+	fprintf(stderr, "%s", progname);
 	if(fmt != NULL || doerrno)
 	    fprintf(stderr, ": ");
     }
diff --git a/crypto/heimdal/lib/roken/write_pid.c b/crypto/heimdal/lib/roken/write_pid.c
index 7d4fa24..ce02506 100644
--- a/crypto/heimdal/lib/roken/write_pid.c
+++ b/crypto/heimdal/lib/roken/write_pid.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: write_pid.c,v 1.4 2000/08/04 11:19:41 joda Exp $");
+RCSID("$Id: write_pid.c,v 1.5 2001/02/20 01:44:55 assar Exp $");
 #endif
 
 #include <stdio.h>
@@ -88,7 +88,7 @@ pidfile(const char *basename)
     if(pidfile_path != NULL)
 	return;
     if(basename == NULL)
-	basename = __progname;
+	basename = getprogname();
     pidfile_path = pid_file_write(basename);
     atexit(pidfile_cleanup);
 }
diff --git a/crypto/heimdal/lib/sl/ChangeLog b/crypto/heimdal/lib/sl/ChangeLog
index 1893e1c..249ac09 100644
--- a/crypto/heimdal/lib/sl/ChangeLog
+++ b/crypto/heimdal/lib/sl/ChangeLog
@@ -1,3 +1,19 @@
+2001-05-17  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: bump versions to 1:2:1 and 1:4:1
+
+2001-05-06  Assar Westerlund  <assar@sics.se>
+
+	* roken_rename.h (strdup): add
+
+2001-03-06  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: re do the roken-renaming properly
+
+2001-02-13  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: add more functions to rename
+
 2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
 
 	* sl.h: proto
diff --git a/crypto/heimdal/lib/sl/Makefile.am b/crypto/heimdal/lib/sl/Makefile.am
index df01306..07faf4e 100644
--- a/crypto/heimdal/lib/sl/Makefile.am
+++ b/crypto/heimdal/lib/sl/Makefile.am
@@ -1,39 +1,38 @@
-# $Id: Makefile.am,v 1.21 2001/01/26 15:00:09 joda Exp $
+# $Id: Makefile.am,v 1.24 2001/05/16 23:58:12 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
+if do_roken_rename
+IS = -DROKEN_RENAME
+ES = strtok_r.c snprintf.c strdup.c strupr.c
+endif
+
+INCLUDES += $(IS)
+
 YFLAGS = -d
 
 include_HEADERS = sl.h
 
 lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 1:1:1
-libss_la_LDFLAGS = -version-info 1:3:1
+libsl_la_LDFLAGS = -version-info 1:2:1
+libss_la_LDFLAGS = -version-info 1:4:1
 
 libsl_la_LIBADD = @LIB_readline@
 libss_la_LIBADD = @LIB_readline@
 
-RENAME_SRC = roken_rename.h strtok_r.c snprintf.c
-
-libsl_la_SOURCES = sl_locl.h sl.c
+libsl_la_SOURCES = sl_locl.h sl.c $(ES)
 libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
 
-EXTRA_libsl_la_SOURCES = strtok_r.c snprintf.c roken_rename.h
-
 # install these?
 
 bin_PROGRAMS = mk_cmds
 
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-
-RENAME_mk_cmds_SRC = roken_rename.h snprintf.c
-
-EXTRA_mk_cmds_SOURCES = snprintf.c roken_rename.h
+mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l $(ES)
 
 ssincludedir = $(includedir)/ss
 ssinclude_HEADERS = ss.h
 
-CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c
+CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c strdup.c strupr.c
 
 $(mk_cmds_OBJECTS): parse.h
 
@@ -45,3 +44,7 @@ strtok_r.c:
 	$(LN_S) $(srcdir)/../roken/strtok_r.c .
 snprintf.c:
 	$(LN_S) $(srcdir)/../roken/snprintf.c .
+strdup.c:
+	$(LN_S) $(srcdir)/../roken/strdup.c .
+strupr.c:
+	$(LN_S) $(srcdir)/../roken/strupr.c .
diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in
index 6c1088b..0f59a37 100644
--- a/crypto/heimdal/lib/sl/Makefile.in
+++ b/crypto/heimdal/lib/sl/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -113,20 +114,20 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@
 dpagaix_LDADD = @dpagaix_LDADD@
 install_sh = @install_sh@
 
-# $Id: Makefile.am,v 1.21 2001/01/26 15:00:09 joda Exp $
+# $Id: Makefile.am,v 1.24 2001/05/16 23:58:12 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
 
 SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(IS)
 
 AM_CFLAGS =  $(WFLAGS)
 
@@ -185,40 +186,37 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
+@do_roken_rename_TRUE@IS = @do_roken_rename_TRUE@-DROKEN_RENAME
+@do_roken_rename_TRUE@ES = @do_roken_rename_TRUE@strtok_r.c snprintf.c strdup.c strupr.c
+
 YFLAGS = -d
 
 include_HEADERS = sl.h
 
 lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 1:1:1
-libss_la_LDFLAGS = -version-info 1:3:1
+libsl_la_LDFLAGS = -version-info 1:2:1
+libss_la_LDFLAGS = -version-info 1:4:1
 
 libsl_la_LIBADD = @LIB_readline@
 libss_la_LIBADD = @LIB_readline@
 
-RENAME_SRC = roken_rename.h strtok_r.c snprintf.c
-
-libsl_la_SOURCES = sl_locl.h sl.c
+libsl_la_SOURCES = sl_locl.h sl.c $(ES)
 libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
 
-EXTRA_libsl_la_SOURCES = strtok_r.c snprintf.c roken_rename.h
-
 # install these?
 
 bin_PROGRAMS = mk_cmds
 
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-
-RENAME_mk_cmds_SRC = roken_rename.h snprintf.c
-
-EXTRA_mk_cmds_SOURCES = snprintf.c roken_rename.h
+mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l $(ES)
 
 ssincludedir = $(includedir)/ss
 ssinclude_HEADERS = ss.h
 
-CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c
+CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c strdup.c strupr.c
 
 LDADD = \
 	$(LIB_roken)				\
@@ -239,15 +237,24 @@ X_LIBS = @X_LIBS@
 X_EXTRA_LIBS = @X_EXTRA_LIBS@
 X_PRE_LIBS = @X_PRE_LIBS@
 libsl_la_DEPENDENCIES = 
-am_libsl_la_OBJECTS =  sl.lo
+@do_roken_rename_FALSE@am_libsl_la_OBJECTS =  sl.lo
+@do_roken_rename_TRUE@am_libsl_la_OBJECTS =  sl.lo strtok_r.lo \
+@do_roken_rename_TRUE@snprintf.lo strdup.lo strupr.lo
 libsl_la_OBJECTS =  $(am_libsl_la_OBJECTS)
 libss_la_DEPENDENCIES = 
-am_libss_la_OBJECTS =  sl.lo ss.lo
+@do_roken_rename_FALSE@am_libss_la_OBJECTS =  sl.lo ss.lo
+@do_roken_rename_TRUE@am_libss_la_OBJECTS =  sl.lo strtok_r.lo \
+@do_roken_rename_TRUE@snprintf.lo strdup.lo strupr.lo ss.lo
 libss_la_OBJECTS =  $(am_libss_la_OBJECTS)
 bin_PROGRAMS =  mk_cmds$(EXEEXT)
 PROGRAMS =  $(bin_PROGRAMS)
 
-am_mk_cmds_OBJECTS =  make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT)
+@do_roken_rename_FALSE@am_mk_cmds_OBJECTS =  make_cmds.$(OBJEXT) \
+@do_roken_rename_FALSE@parse.$(OBJEXT) lex.$(OBJEXT)
+@do_roken_rename_TRUE@am_mk_cmds_OBJECTS =  make_cmds.$(OBJEXT) \
+@do_roken_rename_TRUE@parse.$(OBJEXT) lex.$(OBJEXT) strtok_r.$(OBJEXT) \
+@do_roken_rename_TRUE@snprintf.$(OBJEXT) strdup.$(OBJEXT) \
+@do_roken_rename_TRUE@strupr.$(OBJEXT)
 mk_cmds_OBJECTS =  $(am_mk_cmds_OBJECTS)
 mk_cmds_LDADD = $(LDADD)
 mk_cmds_DEPENDENCIES = 
@@ -258,8 +265,8 @@ CFLAGS = @CFLAGS@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 CCLD = $(CC)
 LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =  $(libsl_la_SOURCES) $(EXTRA_libsl_la_SOURCES) \
-$(libss_la_SOURCES) $(mk_cmds_SOURCES) $(EXTRA_mk_cmds_SOURCES)
+DIST_SOURCES =  $(libsl_la_SOURCES) $(libss_la_SOURCES) \
+$(mk_cmds_SOURCES)
 HEADERS =  $(include_HEADERS) $(ssinclude_HEADERS)
 
 depcomp = 
@@ -270,12 +277,12 @@ Makefile.am Makefile.in lex.c parse.c parse.h
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 
 GZIP_ENV = --best
-SOURCES = $(libsl_la_SOURCES) $(EXTRA_libsl_la_SOURCES) $(libss_la_SOURCES) $(mk_cmds_SOURCES) $(EXTRA_mk_cmds_SOURCES)
+SOURCES = $(libsl_la_SOURCES) $(libss_la_SOURCES) $(mk_cmds_SOURCES)
 OBJECTS = $(am_libsl_la_OBJECTS) $(am_libss_la_OBJECTS) $(am_mk_cmds_OBJECTS)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .l .lo .o .obj .x .y
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .l .lo .o .obj .y
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/sl/Makefile
 
@@ -444,6 +451,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
@@ -477,6 +489,8 @@ check-am: all-am
 check: check-am
 installcheck-am:
 installcheck: installcheck-am
+install-binPROGRAMS: install-libLTLIBRARIES
+
 install-exec-am: install-libLTLIBRARIES install-binPROGRAMS
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
@@ -693,6 +707,10 @@ strtok_r.c:
 	$(LN_S) $(srcdir)/../roken/strtok_r.c .
 snprintf.c:
 	$(LN_S) $(srcdir)/../roken/snprintf.c .
+strdup.c:
+	$(LN_S) $(srcdir)/../roken/strdup.c .
+strupr.c:
+	$(LN_S) $(srcdir)/../roken/strupr.c .
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/crypto/heimdal/lib/sl/make_cmds.c b/crypto/heimdal/lib/sl/make_cmds.c
index 492e9e6..723dfdc 100644
--- a/crypto/heimdal/lib/sl/make_cmds.c
+++ b/crypto/heimdal/lib/sl/make_cmds.c
@@ -34,7 +34,7 @@
 #include "make_cmds.h"
 #include <getarg.h>
 
-RCSID("$Id: make_cmds.c,v 1.6 1999/12/02 16:58:55 joda Exp $");
+RCSID("$Id: make_cmds.c,v 1.7 2001/02/20 01:44:55 assar Exp $");
 
 #include <roken.h>
 #include <err.h>
@@ -213,7 +213,7 @@ main(int argc, char **argv)
 {
     int optind = 0;
 
-    set_progname(argv[0]);
+    setprogname(argv[0]);
     if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);
     if(help_flag)
diff --git a/crypto/heimdal/lib/sl/roken_rename.h b/crypto/heimdal/lib/sl/roken_rename.h
index 1d3d893..17837fb 100644
--- a/crypto/heimdal/lib/sl/roken_rename.h
+++ b/crypto/heimdal/lib/sl/roken_rename.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: roken_rename.h,v 1.4 2000/05/31 20:07:56 assar Exp $ */
+/* $Id: roken_rename.h,v 1.5 2001/05/06 21:47:54 assar Exp $ */
 
 #ifndef __roken_rename_h__
 #define __roken_rename_h__
@@ -60,5 +60,8 @@
 #ifndef HAVE_STRUPR
 #define strupr _sl_strupr
 #endif
+#ifndef HAVE_STRDUP
+#define strdup _sl_strdup
+#endif
 
 #endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/sl/sl.c b/crypto/heimdal/lib/sl/sl.c
index ebc7657..98b101c 100644
--- a/crypto/heimdal/lib/sl/sl.c
+++ b/crypto/heimdal/lib/sl/sl.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: sl.c,v 1.28 2001/01/26 14:58:26 joda Exp $");
+RCSID("$Id: sl.c,v 1.29 2001/02/20 01:44:55 assar Exp $");
 #endif
 
 #include "sl_locl.h"
@@ -76,8 +76,8 @@ mandoc_template(SL_cmd *cmds,
     t = time(NULL);
     strftime(timestr, sizeof(timestr), "%b %d, %Y", localtime(&t));
     printf(".Dd %s\n", timestr);
-    p = strrchr(__progname, '/');
-    if(p) p++; else p = __progname;
+    p = strrchr(getprogname(), '/');
+    if(p) p++; else p = getprogname();
     strncpy(cmd, p, sizeof(cmd));
     cmd[sizeof(cmd)-1] = '\0';
     strupr(cmd);
diff --git a/crypto/heimdal/lib/vers/ChangeLog b/crypto/heimdal/lib/vers/ChangeLog
index 459c940..0de5d15 100644
--- a/crypto/heimdal/lib/vers/ChangeLog
+++ b/crypto/heimdal/lib/vers/ChangeLog
@@ -1,3 +1,7 @@
+2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* print_version.c: 2001
+
 2001-01-31  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am: remove -static turning this into a convenience
diff --git a/crypto/heimdal/lib/vers/Makefile.in b/crypto/heimdal/lib/vers/Makefile.in
index 8b8da03..1dffc80 100644
--- a/crypto/heimdal/lib/vers/Makefile.in
+++ b/crypto/heimdal/lib/vers/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 CLEANFILES = print_version.h
@@ -241,7 +244,7 @@ OBJECTS = $(am_libvers_la_OBJECTS) make-print-version.$(OBJEXT)
 
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/vers/Makefile
 
@@ -326,6 +329,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
 	  || etags $(ETAGS_ARGS) $$tags  $$unique $(LISP)
 
+GTAGS:
+	here=`CDPATH=: && cd $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $$here
+
 mostlyclean-tags:
 
 clean-tags:
diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c
index 5d62cc6..6102e75 100644
--- a/crypto/heimdal/lib/vers/make-print-version.c
+++ b/crypto/heimdal/lib/vers/make-print-version.c
@@ -42,7 +42,7 @@ RCSID("$Id: make-print-version.c,v 1.2 2000/07/08 10:46:36 assar Exp $");
 extern const char *heimdal_version;
 #endif
 #ifdef KRB4
-extern char *krb4_version;
+extern const char *krb4_version;
 #endif
 #include <version.h>
 
diff --git a/crypto/heimdal/lib/vers/print_version.c b/crypto/heimdal/lib/vers/print_version.c
index cb324d0..8ece96b 100644
--- a/crypto/heimdal/lib/vers/print_version.c
+++ b/crypto/heimdal/lib/vers/print_version.c
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: print_version.c,v 1.1 2000/07/01 19:47:35 assar Exp $");
+RCSID("$Id: print_version.c,v 1.3 2001/04/21 16:05:48 joda Exp $");
 #endif
 #include "roken.h"
 
@@ -49,7 +49,7 @@ print_version(const char *progname)
     int i;
     
     if(progname == NULL)
-	progname = __progname;
+	progname = getprogname();
     
     if(num_args == 0)
 	msg = "no version information";
@@ -72,7 +72,7 @@ print_version(const char *progname)
 	}
     }
     fprintf(stderr, "%s (%s)\n", progname, msg);
-    fprintf(stderr, "Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan\n");
+    fprintf(stderr, "Copyright (c) 1999-2001 Kungliga Tekniska Högskolan\n");
     if(num_args != 0)
 	free(msg);
 }
diff --git a/crypto/heimdal/tools/Makefile.in b/crypto/heimdal/tools/Makefile.in
index 85afdc4..c189730 100644
--- a/crypto/heimdal/tools/Makefile.in
+++ b/crypto/heimdal/tools/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
 
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
 
 
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
 
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
 @KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
 @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
 
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
 CHECK_LOCAL = $(PROGRAMS)
 
 EXTRA_DIST = krb5-config.1
@@ -217,7 +220,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 GZIP_ENV = --best
 all: all-redirect
 .SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
 $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
 	cd $(top_srcdir) && $(AUTOMAKE) --foreign tools/Makefile
 
diff --git a/crypto/heimdal/tools/krb5-config.1 b/crypto/heimdal/tools/krb5-config.1
index 7b04601..e87176c 100644
--- a/crypto/heimdal/tools/krb5-config.1
+++ b/crypto/heimdal/tools/krb5-config.1
@@ -1,4 +1,4 @@
-.\" $Id: krb5-config.1,v 1.3 2000/12/01 04:59:53 assar Exp $
+.\" $Id: krb5-config.1,v 1.4 2001/05/02 08:59:23 assar Exp $
 .\"
 .Dd November 30, 2000
 .Dt KRB5-CONFIG 1
diff --git a/crypto/heimdal/tools/krb5-config.cat1 b/crypto/heimdal/tools/krb5-config.cat1
new file mode 100644
index 0000000..298f57b
--- /dev/null
+++ b/crypto/heimdal/tools/krb5-config.cat1
@@ -0,0 +1,52 @@
+
+KRB5-CONFIG(1)               UNIX Reference Manual              KRB5-CONFIG(1)
+
+NNAAMMEE
+     kkrrbb55--ccoonnffiigg - give information on how to link code against Heimdal li-
+     braries
+
+SSYYNNOOPPSSIISS
+     kkrrbb55--ccoonnffiigg [----pprreeffiixx[=_d_i_r]] [----eexxeecc--pprreeffiixx[=_d_i_r]] [----lliibbss] [----ccffllaaggss]
+     [_l_i_b_r_a_r_i_e_s]
+
+DDEESSCCRRIIPPTTIIOONN
+     kkrrbb55--ccoonnffiigg tells the application programmer what special flags to use to
+     compile and link programs against the libraries installed by Heimdal.
+
+     Options supported:
+
+     ----pprreeffiixx[=_d_i_r]
+             Print the prefix if no _d_i_r is specified, otherwise set prefix to
+             _d_i_r.
+
+     ----eexxeecc--pprreeffiixx[=_d_i_r]
+             Print the exec-prefix if no _d_i_r is specified, otherwise set exec-
+             prefix to _d_i_r.
+
+     ----lliibbss  Output the set of libraries that should be linked against.
+
+     ----ccffllaaggss
+             Output the set of flags to give to the C compiler when using the
+             Heimdal libraries.
+
+     By default kkrrbb55--ccoonnffiigg will output the set of flags and libraries to be
+     used by a normal program using the krb5 API.  The user can also supply a
+     library to be used, the supported ones are:
+
+     krb5    (the default)
+
+     gssapi  use the krb5 gssapi mechanism
+
+     kadm-client
+             use the client-side kadmin libraries
+
+     kadm-server
+             use the server-side kadmin libraries
+
+SSEEEE AALLSSOO
+     cc(1)
+
+HHIISSTTOORRYY
+     kkrrbb55--ccoonnffiigg appeared in Heimdal 0.3d.
+
+ HEIMDAL                       November 30, 2000                             1