pull in just about all of the differences from the crypto-us telnet
suite (which includes Kerberos 4 and connection encryption support).
Also bring in the Kerberos 5 support from the Heimdal telnet, and
frob a little so that it can work with the non-Heimdal telnet suite.
There is still some work left to do, specifically:
- Add Heimdal's ticket forwarding support to the Berkeley Kerberos 4
module.
- Add connection encryption support to the Heimdal Kerberos 5
module. Hints on this can be taken from the MIT Kerberos 5
module which still exists in crypto-us.
However, even with the shortcomings listed above, this is a
better situation than using the stock Heimdal telnet suite,
which does not understand the IPSec policy stuff, and is also
based on much older code which contains bugs that we have already
fixed in the NetBSD sources.
des_new_random_key(), and des_init_random_number_generator()
from the crypto-us libdes.
While I'm here, fix a serious bug in des_init_random_number_generator()
whereby the accumlated data to be hashed was zero'd *before* actually
being hashed. NOTE: The bug only affects people who are not using the
rnd(4) in-kernel random number generator, and it is worth noting that
the resulting keys are not always the same, but are likely easy to
determine.
bindings and their descriptions
* manually add the output of 'sh ./makelist -m vi.c ed.c common.c' to
a new section in editrc(5) called `EDITOR COMMANDS'
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
in ${DESTDIR}/usr/include/kerberosIV/mit-copyright.h) and if so, tell
the operator to remove the contents of that directory in an error
message and abort.
matt