2005-08-02:
	* src/acct.c(pam_sm_acct_mgmt): if v5_attempted is 0, then just
	return PAM_USER_UNKNOWN instead of checking if the principal is a
	valid one (#164794, related to #140325).
	* src/logstdio.c: abstract out the program name.
	* configure.ac,src/Makefile.am,src/harness.c: pull "harness" down from
	HEAD.
	* src/sly.c(sly_v4): actually save v4 creds.
	* src/sly.c(sly_v5): actually save v5 creds (#153257).
	* src/sly.c(_pam_krb5_sly_maybe_refresh): bail if $SUDO_COMMAND is
	set. Bail if we're setuid or setgid. Bail if the existing creds file
	is S_IRWXG or S_IRWXO. Get tokens last, and even if we didn't save
	any v4 creds.

2005-07-12:
	* src/password.c(pam_sm_chauthtok): check the result_code returned by
	krb5_change_password() as well as the return code (patch from Dan Perry)

2005-05-18:
	* src/minikafs.c(realm_of_cell): debug-log the IP->hostname conversion.
	* src/afs5log.1: add
	* src/Makefile.am: install afs5log and its man page

2005-05-09:
	* src/minikafs.c(realm_of_cell): debug-log failures in the whereis
	pioctl, stop looking at addresses if we hit 0.0.0.0.  From HEAD.

2005-05-09:
	* src/minikafs.c: add a wrapper for the ws_cell pioctl.
	* src/tokens.c,src/afs5log.c: use ws_cell to find the default cell
	instead of guessing by doing a cell_of_file on /afs
	* src/minikafs.c: correctly handle E2BIG errors from a WHEREIS pioctl,
	bug spotted by Lamont Granquist.  Handle multiple IPs coming back,
	and try to look up a host name and realm name in turn until we either
	succeed or run out of addresses.  From HEAD.
	* src/minikafs.c: if the default realm name differs from that of the
	derived realm name for a given cell, and that name is similar to the
	cell name, try getting tokens using afs@defaultrealm as the service
	principal, sort of from Christopher Allen Wing.  From HEAD.
	* src/options.c: don't leak the mappings when freeing options.

2005-03-16 nalin
	* pam_krb5.spec: remove long-unused byacc and flex buildprereqs
	* src/tokens.c: screen out "dynroot" when grabbing tokens.
	* src/acct.c: treat preauth errors like integrity check failures.

2005-02-28 nalin
	* src/minikafs.c: fix compilation against releases which didn't define
	KRB_TICKET_GRANTING_TICKET.
	* src/pagsh.c: add missing <stdio.h> inclusion.
	* src/minikafs.c: handle cases where krb_life_to_time() isn't available.

2005-02-25 nalin
	* create a 2.1 branch
	* src/minikafs.c: initialize use_ccache, not ccache, for use when
	obtaining tokens.  From HEAD.
	* configure.ac,src/init.c: don't call initialize_XXX_error_table for
	the Kerberos libraries -- currently that triggers SF #1150146.

2004-08-31 nalin
	* src/password.c(pam_sm_chauthtok): during the preliminary check phase,
	read the current password as the PAM_OLDAUTHTOK item, not PAM_AUTHTOK
	(Ludek Finstrle, #131246)

2004-08-27 nalin
	* src/userinfo.c(_pam_krb5_user_info_init): override the realm name to
	be the one which was passed in (#116198).

2004-08-27 nalin
	* src/minikafs.c: handle cases where the length of the realm name >
	length of the cell name.

2004-08-27 nalin
	* src/options.c(_pam_krb5_options_init): set the default realm for
	ctx (#116198).

2004-08-26 nalin
	* src/options.h,options.c: add an ignore_afs flag to the options
	structure, heavily based on Matthew Miller's patch (#126345).
	* auth.c, session.c, sly.c: obey ignore_afs.

2004-08-26 nalin
	* src/acct.c(pam_sm_acct_mgmt): skip .k5login check of user_check was
	disabled -- it's not as if we can expect an unknown user to have a home
	directory.

2004-08-26 nalin
	* src/conv.c(_pam_krb5_conv_call): return PAM_BAD_ITEM instead of
	PAM_CONV_ERR if the application didn't define a conversation function.

2004-08-26 nalin
	* src/minikafs.c(minikafs_ioctlcall): add, from Alexander Bostrom
	(#127529).
	* src/minikafs.c(minikafs_call): add, calling afs_ioctlcall or
	afs_syscall as appropriate, from Alexander Bostrom (#127529).  The
	setpag and pioctl functions now call this function instead of our
	afs_syscall.
	* src/minikafs.c(minikafs_has_afs): check for ioctl-based interface to
	Arla or OpenAFS for Linux 2.6, from Alexander Bostrom (#127529).

2004-08-26 nalin
	* src/password.c(pam_sm_chauthtok): prompt for the user's current
	password when use_first_pass isn't flagged, ignoring use_authtok
	during the initial-authentication pass (#130950).

2004-06-14 nalin
	* src/session.c(pam_sm_open_session,pam_sm_close_session): log what
	we return, and why, if debugging is enabled.

2004-06-14 nalin
	* src/acct.c(pam_sm_acct_mgmt): likewise, catch and log specific error
	information for EAGAIN, KRB5_REALM_CANT_RESOLVE, and KRB5_KDC_UNREACH
	errors.

2004-06-14 nalin
	* src/v5.c(v5_get_creds): return PAM_AUTHINFO_UNAVAIL if we got EAGAIN,
	which is triggered by a transient hostname resolution error (John
	Dennis).  Also do this for KRB5_REALM_CANT_RESOLVE and KRB5_KDC_UNREACH
	error cases.

2004-04-21 nalin
	* Makefile.am: make configure depend on pam_krb5.spec.
	* autogen: run with --enable-maintainer-mode so that the dependency
	gets honored when autogen is used.
	* pam_krb5.spec: bump version.

2004-04-21 nalin
	* src/minikafs.c: print debug messages when doing realmofcell stuff.

2004-04-21 nalin
	* configure.ac: perform all checks for Kerberos functions with all of
	the libraries we've found.

2004-04-21 nalin
	* configure.ac: escape sed expressions correctly so that LDFLAGS doesn't
	include -l flags for Kerberos, skip all krb4 checks if --without-krb4
	is passed in.
	* src/Makefile.am: add KRB5_LIBS and KRB4_LIBS as needed.
	* src/minikafs.c: use krb524_convert_creds_kdc if krb5_524_convert_creds
	isn't available.  Force v5 mode on if USE_KRB4 is not defined.

2004-04-21 nalin
	* configure.ac: search for PAM libraries separately
	* src/Makefile.am: use a convenience library to compile code only once
	* src/afs5log.c: supply a non-bogus ccache and options argument to
	minikafs, provide local logging functions which use stdio.

2004-04-15 nalin
	* configure.ac: default krb5-config and krb4-config to ':', add non
	library arguments output by --libs to LIBS
	* src/minikafs.c: add missing <stdio.h> include.
	* src/stash.c: fix compile for non-USE_KRB4 case.
	* src/v4.c: fix compile for non-USE_KRB4 case.
	* src/v5.c(v5_cc_retrieve_match): add.
	* src/v5.c(v5_creds_key_length): add.
	* src/v5.c(v5_creds_key_contents): add.

2004-03-23 nalin
	* configure.ac: remove kafs/krbafs checks.
	* src/Makefile.am: add EXTRA_PROGRAMS target for afs5log.
	* src/afs5log.c: add a test program for exercising minikafs.
	* src/minikafs.c, src/minikafs.h: add a less-portable but more-flexible
	krbafs implementation.
	* src/options.c(_pam_krb5_options_init): distinguish between v4 for
	general use and v4 because we're using AFS.

2004-03-16 nalin
	* src/pam_krb5_storetmp.c: remove the file if it's not a valid mkstemp
	pattern, even if we were passed a UID/GID.

2004-03-16 nalin
	* src/storetmp.c: drop privileges before we exec the helper.

2004-03-16 nalin
	* src/pam_krb5_storetmp.c: only attempt to change to the required
	UID/GID if we are not already running with that UID/GID, and only
	attempt to clear the supplemental groups list if uid == 0 (we're root).

2004-03-16 nalin
	* src/session.c: remove explict calls to chown(), which would be denied
	by SELinux in enforcing mode, instead expecting the helper to handle it
	all.
	* src/v5.c: remove explict calls to chown(), which would be denied by
	SELinux in enforcing mode, instead expecting the helper to handle it
	all.
	* src/v4.c: remove explict calls to chown(), which would be denied by
	SELinux in enforcing mode, instead expecting the helper to handle it
	all.
	* src/storetmp.c: pass the user's uid and gid to the helper, it already
	knows what to do.
	* src/tokens.c(tokens_useful): add.
	* src/session.c: when opening a session, create temporary tickets for
	grabbing tokens with the current permissions so that libkrb4 doesn't
	reject them, then clean them up, then create those for the user.

2004-03-10 nalin
	* src/pam_krb5_storetmp.c: if the filename pattern supplied is not a
	valid pattern (does not end with XXXXXX), delete the file instead,
	reporting success in the same way.
	* src/session.c(pam_sm_close_session): note ticket file deletions when
	debugging.
	* src/storetmp.c(_pam_krb5_storetmp_delete): add, to invoke the helper
	for removal of a file.
	* src/stash.c(_pam_krb5_stash_clean): add, to attempt to remove a file
	using the helper, falling back to unlink() if the helper fails.
	* src/v4.c(v4_destroy): use _pam_krb5_stash_clean instead of unlink()
	to remove ticket files.
	* src/v5.c(v5_destroy): use _pam_krb5_stash_clean instead of unlink()
	to remove ccache files.

2004-02-27 nalin
	* src/session.c(pam_sm_open_session): only set variables if the ticket
	files have non-zero-length filenames.

2004-02-27 nalin
	* src/storetmp.c(_pam_krb5_storetmp_data): open /dev/null three times to
	ensure that pipe() won't give us any stdio descriptors.  Reintroduce the
	call to execl() which got dropped earlier.

2004-02-27 nalin
	* src/pam_krb5_storetmp.c: add this helper, which creates a file using
	mkstemp, filling it with supplied data.
	* src/storetmp.c: add routines for using pam_krb5_storetmp to create
	copies of session-specific ticket files after crossing an exec(), so
	that a new SELinux context can apply to the new file.
	* everything: update copyright statements to include this year.
	* src/stash.c(_pam_krb5_stash_clone_v5): add, to call
	_pam_krb5_storetmp_file to copy the ccache.
	* src/v5.c(v5_save): clone the ticket file after creating it.
	* src/stash.c(_pam_krb5_stash_clone_v4): add, to call
	_pam_krb5_storetmp_file to copy the ccache.
	* src/v4.c(v4_save): clone the ticket file after creating it.

2004-01-07 nalin
	* src/stash.h: always have a v4present field in the structure.
	* src/v4.h: don't try 524 conversion if we don't have krb4 -- we
	wouldn't be able to do anything with the results.  Noted by Jörg
	Albert.

2004-01-07 nalin
	* src/v4.c(v4_save): make the stub v4_save function match the
	non-stub's prototype.  Noted by Jörg Albert.
	* src/v4.c(v4_destroy): don't return a value from this function, which
	returns void.  Noted by Jörg Albert.

2003-11-25 nalin
	* README: updates

2003-11-20 nalin
	* src/userinfo.c, src/userinfo.h: when setting things up for a user,
	obey "mappings" settings.  Because we can't be certain that the
	generated principal will pass through aname_to_lname correctly, don't
	do that any more.

2003-11-20 nalin
	* src/initopts.c(_pam_krb5_set_init_opts): set the ticket lifetime,
	if configured, as an initopt.  This change lets us fix #109331.

2003-11-20 nalin
	* src/options.c, src/options.h: add code for parsing a "mappings"
	setting.  Reintroduce ticket_lifetime, which I mistakenly thought was
	a libdefault setting now.

2003-11-20 nalin
	* src/map.c, src/map.h: add mapping functions which mimic OpenLDAP's
	saslRegexp functionality for mapping local user names to principal
	names.

2003-11-20 nalin
	* src/init.c: instead of forcing the realm when parsing principals,
	make realm= set the default realm.

2003-11-19 nalin
	* src/v5.c(v5_get_creds): use the realm from the unparsed version of
	the principal name when constructing service principals.

2003-09-22 nalin
	* src/session.c: actually return where we were supposed to return.

2003-09-19 nalin
	* src/session.c: if v5attempted is 0 or v5result is not 0, don't
	mess with tokens or credentials.  This allows apps which change their
	UIDs to keep tokens unless they obtained some of their own.
	* src/auth.c: before attempting authentication, reset v5attempted so
	that we don't count a previous authentication failure as a failure
	forever.
	* src/acct.c: if v5attempted is not set in the user's stash, attempt
	to get initial credentials for the user.  If the password check fails,
	assume the user name is valid.

2003-09-05 nalin
	* src/stash.h: add a v5attempted field to track whether or not we've
	attempted to get v5 creds for this user. add an afspag field to track
	whether or not we've created an afs PAG.
	* src/stash.c: initialize v5attempted and other fields, even if it's
	redundant after using memset to clear the whole structure.
	* src/auth.c: set v5attempted in the user's stash immediately after
	all calls to v5_get_creds.
	* src/acct.c: if v5attempted is not set in the user's stash, just
	return PAM_IGNORE.
	* src/tokens.c: only delete tokens on session close if we created a
	pag, lest we lose tokens when reverting back in su.  Only warn about
	errors getting tokens if v5attempted was set (else these become debug
	messages).
	* src/pam_krb5.8.in: note the behavior of the module in acct stacks.

2003-09-05 nalin
	* configure.ac: check for krb_time_to_life.
	* src/v4.c: use krb_time_to_life to convert lifetimes from seconds to
	bytes, not krb_life_to_time, which does the opposite.

2003-08-14 nalin
	* configure.ac: check for __posix_getpwnam_r.
	* src/userinfo.c(get_pw): use __posix_getpwnam_r if it is available and
	getpwnam_r isn't available

2003-08-14 nalin
	* src/session.c(pam_close_session), src/sly.c: return PAM_USER_UNKNOWN
	instead of PAM_SERVICE_ERR if we fail to get information about the user.

2003-08-14 nalin
	* src/auth.c(pam_sm_authenticate): log the PAM error code we're
	returning if we're returning a failure after all attempts have been
	made.  Save the password entered by the user in the normal we-prompted
	case.
	* pam_krb5.spec: bump version to 2.0.1

2003-08-14 nalin
	* src/auth.c, src/acct.c, src/session.c(pam_open_session),
	src/password.c: return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR if
	we fail to get information about the user.
	
2003-08-14 nalin
	* tests/run-tests: leave some time between expiring of passwords and
	attempts to check if they've truly been expired, in case the server
	implementation considers expiration time to be the end of the second
	instead of the start

2003-08-13 nalin
	* src/xstr.c, src/xstr.h: add xstrfree().
	* src/auth.c, src/options.c, src/password.c, src/prompter.c,
	src/stash.c, src/userinfo.c, src/v4.c, src/v5.c: use xstrfree() to
	free strings.

Thu Aug  7 2003 nalin
- Major overhaul and refactoring of everything.

Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- Fix uninitialized pointer crash when we fail to retrieve cached return values.

Wed Jan 29 2003 Nalin Dahyabhai <nalin@redhat.com>
- Fix accidental double-free because libpam doesn't appear to make copies of
  the names for data items.

Fri Aug 23 2002 Nalin Dahyabhai <nalin@redhat.com>
- Update docs on the location of the anoncvs tree.
- Add warnings to the list of options we invoke $(CC) with.
- Use per-user stash and stored return value names.

Wed Aug  7 2002 Nalin Dahyabhai <nalin@redhat.com>
- Treat PAM_REFRESH_CRED like PAM_REINITIALIZE_CRED.  From Jason Heiss.

Fri May 24 2002 Nalin Dahyabhai <nalin@redhat.com>
- Fix a parser bug, pointed out by Balazs GAL.

Wed May 22 2002 Nalin Dahyabhai <nalin@redhat.com>
- Guess that the current cell name is the same as the realm name, lower-cased.

Fri Feb 15 2002 Nalin Dahyabhai <nalin@redhat.com>
- Update docs to give info about the account management function.

Mon Feb 11 2002 Nalin Dahyabhai <nalin@redhat.com>
- Add account management, which checks for key expiration and .k5login files.

Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fix parsing of options which have multiple whitespace-separated values,
  like afs_cells.

Wed Sep  5 2001 Nalin Dahyabhai <nalin@redhat.com>
- Link with libresolv to get res_search, tip from Justin McNutt, who
  built it statically.
- Explicitly link with libdes425.
- Handle cases where getpwnam_r fails but still sets the result pointer.
- If use_authtok is given and there is no authtok, error out.

Mon Aug 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- Set the default realm when a default realm is specified.

Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- Only use Kerberos error codes when there is no PAM error yet.

Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add minimum UID support. (#52358)
- Don't link pam_krb5 with libkrbafs; that dependency should only exist for
  pam_krb5afs.

Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add minimum UID support (suggested by Matthew Miller).
- Don't link pam_krb5 with libkrbafs.
- Make all options in krb5.conf available as PAM config options.  This should
  make things more interesting.

Tue Jul 31 2001 Nalin Dahyabhai <nalin@redhat.com>
- Merge patch from Chris Chiappa for building with Heimdal.

Mon Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- Note that we had to prepend the current directory to a given path in
  dlopen.c when we had to (noted by Onime Clement).

Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- Return PAM_NEW_AUTHTOK_REQD when attempts to get initial credentials
  fail with KRB5KDC_ERR_KEY_EXP (noted by Onime Clement).

Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add info about accessing the CVS repository to the README.
- Parser cleanups (thanks to Dane Skow for a more complicated sample).

Fri Jul  6 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't set forwardable and assorted other flags when getting password-
  changing service ticket (noted, and fix supplied, by Onime Clement).
- Try __posix_getpwnam_r on Solaris before we try getpwnam_r, which may
  or may not be expecting the same number/type of arguments (noted by
  Onime Clement).
- Use krb5_aname_to_localname to convert the principal to a login name
  and set PAM_USER to the result when authenticating.
- Some autoconf fixes for failure cases.

Wed Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- Use krb5_change_password() to change passwords.

Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- Use getpwnam_r instead of getpwnam when available.

Fri Jun  8 2001 Nalin Dahyabhai <nalin@redhat.com>
- Cleanup some autoconf checks.

Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't call initialize_krb5_error_table() or initialize_ovk_error_table()
  if they're not found at compile-time (reported for RHL 6.x by Chris Riley).

Thu May 31 2001 Nalin Dahyabhai <nalin@redhat.com>
- Note that [pam] is still checked in addition to [appdefaults].
- Note that AFS and Kerberos IV support requires working Kerberos IV
  configuration files (i.e., kinit -4 needs to work) (doc changes
  suggested by Martin Schulz).

Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add max_timeout, timeout_shift, initial_timeout, and addressless options
  (patches from Simon Wilkinson).
- Fix the README to document the [appdefaults] section instead of [pam].
- Change example host and cell names in the README to use example domains.

Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't delete tokens unless we're also removing ticket files (report and
  patch from Sean Dilda).
- Report initialization errors better.

Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- Treat semicolons as a comment character, like hash marks (bug reported by
  Greg Francis at Gonzaga University).
- Use the [:blank:] equivalence class to simplify the configuration file parser.
- Don't mess with the real environment.
- Implement mostly-complete aging support.

Sat Apr  7 2001 Nalin Dahyabhai <nalin@redhat.com>
- Tweak the man page (can't use italics and bold simultaneously).

Fri Apr  6 2001 Nalin Dahyabhai <nalin@redhat.com>
- Restore the default TGS value (#35015).

Wed Mar 28 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fix a debug message.
- Fix uninitialized pointer error.

Mon Mar 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't fail to fixup the krb5 ccache if something goes wrong obtaining
  v4 credentials or creating a krb4 ticket file (#33262).

Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fixup the man page.
- Log return code from k_setpag() when debugging.
- Create credentials and get tokens when setcred is called for REINITIALIZE.

Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't twiddle ownerships until after we get AFS tokens.
- Use the current time instead of the issue time when storing v4 creds, since
  we don't know the issuing host's byte order.
- Depend on a PAM development header again instead of pam-devel.

Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- Add a separate config file parser for compatibility with settings that
  predate the appdefault API.
- Use a version script under Linux to avoid polluting the global namespace.
- Don't have a default for afs_cells.
- Need to close the file when we succeed in fixing permissions (noted by
  jlkatz@eos.ncsu.edu).

Mon Mar 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- Use the appdefault API to read krb5.conf if available.
- Create v4 tickets in such a way as to allow 1.2.2 to not think there's
  something fishy going on.

Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't log unknown user names to syslog -- they might be sensitive information.

Fri Feb  9 2001 Nalin Dahyabhai <nalin@redhat.com>
- Handle cases where krb5_init_context() fails.

Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- Be more careful around memory allocation (fixes from David J. MacKenzie).

Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- No fair trying to make me authenticate '(null)'!

Wed Nov  7 2000 Nalin Dahyabhai <nalin@redhat.com>
- Only try to delete ccache files once.
- Ignore extra data in v4 TGTs, but do log it.
- Require "validate" to be true to try validating, and fail if validation fails.

Thu Aug 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix handing of null passwords.

Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
- Integrate some fixes for Solaris 7 from Trevor Schroeder (flock.c is
  entirely his).

Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- Integrate Seth Vidal's "no_user_check" argument, so that non-privileged
  users (i.e., secure web servers) can also do checks.

Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- Make errors chown()ing ccache files non-fatal if (getuid() != 0), suggested
  by Steve Langasek.

Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- Attempt to get initial Kerberos IV credentials when we get Kerberos 5 creds

Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- Chris Chiappa's modifications for customizing the ccache directory

Wed Apr 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- Mark Dawson's fix for krb4_convert not being forced on when afs_cells defined

Thu March 23 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix problem with leftover ticket files after multiple setcred() calls

Mon March 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- add proper copyright statements
- save password for modules later in the stack

Fri March 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- clean up prompter

Thu March 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- add krbafs as a requirement

Fri February 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- pick up non-afs PAM config files again

Wed February 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- autoconf and putenv() fixes for broken apps
- fix for compressed man pages

Fri January 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix stupid bug in password-changing
- add check that user exists in Kerberos before prompting to make password-
  changing sane for mixed environments

Thu January 6 2000 Nalin Dahyabhai <nalin@redhat.com>
- merge in spelling and other fixes from Michael K. Johnson
- modify to build both normal and AFS-aware version if krbafs.h is found

Fri December 31 1999 Nalin Dahyabhai <nalin@redhat.com>
- change to using ticket files created with mkstemp()

Tue December 28 1999 Nalin Dahyabhai <nalin@redhat.com>
- make setcred() return the same code as authenticate() to make sure that libpam
  walks the auth stack the same way for both functions

Wed December 22 1999 Nalin Dahyabhai <nalin@redhat.com>
- add man pages that don't mention AFS at all

Tue November 30 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- add linking with libcrypt, remove linking with libpam

Mon November 29 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Make creating the Kerberos IV ticket a non-fatal error if there are problems.
- Add man pages.

Mon November 8 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Clean up PAM_AUTHTOK_RECOVER{,Y}_ERR definition problems and Solaris LD flags.
  Problems spotted and solution proposed by Nitin Dahyabhai <nitind@pobox.com>.

Wed November 3 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Massive restructuring and cleaning out of 1.0-specific code.

Mon October 4 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Update for krb5 1.1 release

Mon July 26 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Configure should die if krb5.h or krbafs.h isn't found (bfdimmic@eos.ncsu.edu)

Thu July 15 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- Added reason to authentication failure messages (wjlyerly@eos.ncsu.edu)
- Only prompt for second password if first password fails

Fri June 18 1999 Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
- First public release.  Bwah-ha-ha-ha-ha-ha-ha!
